Chief Information Security Officer (CISO)

Introduction to Demandbase:

Demandbase is the only pipeline AI platform that empowers GTM teams to automate growth at scale. With a unified view of data, insights, actions, and outcomes, B2B enterprises can seamlessly align and execute their account-based GTM strategies with confidence. Thousands of businesses trust Demandbase to maximize revenue, minimize waste, and consolidate their data and tech stacks – all in one platform.

As a company, we’re as committed to growing careers as we are to building world-class technology. We invest heavily in people, our culture, and the community around us. We have also continuously been recognized as One of The Best Places To Work in the San Francisco Bay Area by Fortune, and One of The 60 Best Companies To Sell For by Selling Power. Our offices are located in San Francisco, New York, Austin, Seattle, India, and the United Kingdom.

About the Role:

Demandbase is seeking a forward-thinking Chief Information Security Officer to join our senior leadership team. Reporting to the CFO, this role serves as the strategic and operational leader of our global security program—driving enterprise-wide security initiatives, leading world-class talent, and safeguarding the integrity of our products, infrastructure, and data. You will be responsible for leading enterprise-wide security, including product security, as well as IT.

You will shape and execute a modern security vision in alignment with our position as a category-defining B2B marketing and advertising technology company. We’re looking for an executive with deep expertise in cloud-native environments, SaaS security at scale, and a sharp eye for emerging threats and compliance challenges in 2025 and beyond.

This is a highly cross-functional and visible role—collaborating with engineering, legal, privacy, product, and infrastructure teams while serving as the public face of security to our customers and the broader community.

Responsibilities:

• AI Productivity StrategyDrive Demandbase’s AI productivity strategy by enabling responsible, high-impact adoption of AI-powered tools and platforms across the organization. Partner with cross-functional leaders to ensure AI usage enhances efficiency, supports innovation, and aligns with security, privacy, and compliance standards.

• AI/ML Security ReadinessAnticipate and mitigate emerging risks related to AI and machine learning, including generative models, LLM usage, and automation platforms. Establish governance and technical controls to ensure safe AI adoption, protect model inputs and outputs, and maintain compliance with evolving AI-related regulations and frameworks.

• Strategy & ExecutionDevelop and evolve a long-term, risk-based information security strategy that protects Demandbase’s digital assets, customer data, and IP across products and internal systems.

• Lead & ScaleBuild, lead, and mentor a global, high-performing team of security experts across disciplines (engineering, operations, and risk). Foster a culture of innovation, accountability, and continuous improvement.

• Governance & RiskOwn the global information security governance framework and IT risk management programs. Establish and report on controls, policies, KPIs, and risk indicators for executive leadership and the Board.

• Cloud & Product SecurityPartner with engineering and DevOps to embed security into the software development lifecycle (SDLC), CI/CD pipelines, and infrastructure. Ensure secure-by-design practices for all cloud-native and customer-facing products.

• Compliance & CertificationsPartner with compliance on successful execution of global security and privacy frameworks, including SOC 2, ISO 27001, SOX, GDPR, CCPA, and AI-specific regulatory requirements such as the EU AI Act and NIST AI RMF.

• Privacy CollaborationWork closely with Legal, Engineering, and Infrastructure teams to operationalize data privacy and security-by-design principles across product and platform development.

• Executive & Customer EngagementAct as a trusted advisor to executive leadership and a credible voice to customers, prospects, and external partners on all matters related to security, trust, and risk posture.

• Centralized Data ManagementLead centralized data management initiatives to ensure secure, compliant, and scalable handling of enterprise data across systems. Collaborate across teams to enable unified governance, improve data quality, and reduce risk exposure.

• Business Systems / Internal ToolingEnsure strategic oversight of business systems and internal tooling, including securing critical platforms, managing third-party SaaS risk, and aligning internal tools with broader security and compliance goals.

Qualifications:

• Leadership Experience: 12+ years in information security roles, with 5+ years at the VP/CISO level in SaaS or technology-forward companies. Proven success in leading security functions during phases of high growth and scaling.

• SaaS Security Expertise: Strong experience in securing multi-tenant SaaS applications running in public cloud environments (AWS, GCP, Azure), including demonstrated technical depth in public cloud architecture & best practices.

• Compliance Leadership: Track record of managing global compliance initiatives—SOC 2, ISO 27001, SOX, GDPR, and emerging AI regulatory standards.

• Talent Builder: Demonstrated success in attracting, retaining, and developing top security talent in competitive markets.

• Product & Infrastructure Acumen: Deep understanding of secure software development practices, service ownership models, DevSecOps, and modern infrastructure security models (e.g., zero trust, SASE, identity-first security).

• Vision+ Execution: Ability to set strategy, define metrics, and lead day-to-day execution with pragmatism and urgency.

• Champion for Excellence: Develop data, mechanisms, and relationships to drive individual accountability for engineering excellence and prudent risk management, in close collaboration with R&D leaders.

• Strong Communicator: Exceptional executive presence and public speaking skills; able to represent Demandbase with customers, partners, regulators, and at industry events.

• Preferred Certifications: CISSP, CCISO, or equivalent; additional certifications in risk, privacy (e.g., CIPP/US, CRISC), or cloud architecture & security (e.g., CCSK, CCSP) are a plus.

Benefits

Our benefits include options for up to 100% paid Medical and Vision premiums for employees, a flexible PTO policy, paid holidays, and access to mental health and wellness resources. We also provide a 401(k) with pre-tax, after tax, and roth options, as well as short-term/long-term disability, life insurance, and other great benefits.

Our Commitment to Diversity, Equity, and Inclusion at Demandbase

At Demandbase, we believe in creating a workplace culture that values and celebrates diversity in all its forms. We recognize that everyone brings unique experiences, perspectives, and identities to the table, and we are committed to building a community where everyone feels valued, respected, and supported. Discrimination of any kind is not tolerated, and we strive to ensure that every individual has an equal opportunity to succeed and grow, regardless of their gender identity, sexual orientation, disability, race, ethnicity, background, marital status, genetic information, education level, veteran status, national origin, or any other protected status. We do not automatically disqualify applicants with criminal records and will consider each applicant on a case-by-case basis.

We recognize that not all candidates will have every skill or qualification listed in this job description. If you feel you have the level of experience to be successful in the role, we encourage you to apply!

We acknowledge that true diversity and inclusion requires ongoing effort, and we are committed to doing the work required to make our workplace a safe and equitable space for all. Join us in building a community where we can learn from each other, celebrate our differences, and work together.

Unsolicited Submissions

At Demandbase, we value thoughtful partnerships and direct connections with candidates. We’re not accepting unsolicited resumes or outreach from third-party recruiting agencies. Any unsolicited submissions will not be reviewed, and no fees will be paid.