Rodeo
ResourcesPartnersSign in

BRAHMA

Chief Information Security Officer (CISO)

Posted about 22 hours ago
Sign up to applySee more jobs like this

How your CV stacks up

1Upload CV
2Analyse CV
3Improve CV

Upload your CV to see how well it fits this job role

?%

Location: US (West or East Coast), UK, or Europe / Hybrid, with global travel across US, UK, UAE, and India operations

Position Overview

Brahma AI is recruiting a highly technical, forward-thinking Chief Information Security Officer (CISO) to lead our global security, trust, and identity governance initiatives. Brahma AI operates enterprise Media Asset Management (MAM) and AI-driven Digital Asset Management at global scale, managing over 100 million assets and 100 PB archives for some of the world’s largest organisations. This is where our customers’ most valuable content lives, and where security is paramount. Building on that foundation, our technology delivers high-fidelity, Hollywood-grade photorealistic digital humans (ATMAN) and multi-language voice synthesis (VAANI) for leading enterprises in healthcare, retail, sports, and entertainment, adding further complexity around sensitive source assets and identity governance.

This executive position works closely with the Chief Technology Officer (CTO), Chief Executive Officer (CEO), and the wider executive leadership team. Overseeing our global security posture across engineering, product, and multi-cloud environments, the CISO will build automated, developer-enabling security architectures in place of traditional gate-heavy enterprise controls. In this role, you will define our MLSecOps strategy, govern zero-trust identity frameworks, guide global privacy compliance (including HIPAA, GDPR, and India’s DPDP Act), and establish the enterprise trust certifications that power our commercial growth.

This is a hands-on security leadership role first. Brahma AI operates some of the most sensitive technology in the industry: highly realistic, photorealistic digital replicas of real people. Protecting our models, our data, our infrastructure, and the likenesses entrusted to us is the job, and you will build and lead the global security organization to execute on it. Trust, governance, and certification programs are how that protection becomes a commercial asset.

Core Strategic Objectives

  • Drive Security as a Commercial Enabler: Implement automated compliance and governance pipelines that accelerate product velocity and lower time-to-market for digital human solutions while upholding rigorous security standards.
  • Govern MLSecOps Strategy: Architect and oversee the secure machine learning lifecycle from ingestion to serving, defining custom control frameworks for model registries, training data validation, and automated deployment pipelines.
  • Protect Digital Identities: Own the security of Brahma AI’s digital human technologies, covering likeness protection, misuse prevention, consent management, and content provenance.
  • Build Enterprise Trust: Lead Brahma AI’s trust and compliance posture across ISO/IEC 42001, SOC 2 Type 2, C2PA, and TPN, ensuring alignment with global regulatory frameworks including HIPAA, GDPR, and India’s DPDP Act. Support customer security reviews and investor due diligence.
  • Harden Multi-Cloud & Enterprise Environments: Maintain continuous posture monitoring and zero-trust perimeters across our multi-cloud footprint (AWS, GCP, and Azure) and physical facilities.
  • Define Identity & Access Architecture: Enforce low-friction Identity and Access Management (IAM), Privileged Access Management (PAM), and automated secrets management across continuous delivery pipelines.

Reasons to use Rodeo

I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?

Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.

Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.

Start with a chat, not a search bar

Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.

P

Graduate Consultant — 2026 Scheme

PwC·London, UK
£35,000/yr

Why you're a good match

Strong

Your economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.

See breakdown
Save jobNot relevant
View details

It searches the market for you

Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.

Why you're a good match

You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.

See breakdown
Strong

Experience fit

Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.

See breakdown
Strong

Only hits

No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.

Technical and Operational Responsibilities

1. Generative AI Security, MLSecOps, and Content Protection

  • Oversee the design and maturation of the MLSecOps architecture, establishing standards for automated gate controls, model registry signing, versioned data lineage, and pre-deployment adversarial testing.
  • Establish defenses against adversarial AI threats including prompt injection, model extraction, data and model poisoning, and misuse of generative APIs, validated through continuous AI red team exercises.
  • Drive the integration of content authenticity standards (C2PA) and media protection mechanisms, including forensic watermarking, DRM, and encryption, directly into core media pipelines.
  • Lead security and governance of digital human and synthetic media technologies: likeness protection, consent-driven identity registries for ATMAN digital likenesses (in partnership with Product and Legal), and authenticity controls.
  • Direct the evaluation and adoption of contemporary, AI-powered security tooling to continuously test, detect, monitor, and recover from software vulnerabilities.

2. Multi-Cloud, Infrastructure, and Application Security

  • Establish continuous, automated security posture management across GCP, AWS, and Azure, prioritizing engineering self-remediation.
  • Define enterprise access governance, IAM policy, and zero-trust perimeters to prevent unauthorized access and ensure strict multi-tenant isolation.
  • Ensure automated, low-latency security scanning (SAST, DAST, container checks) is seamlessly integrated into CI/CD workflows without creating development bottlenecks.
  • Provide security policy oversight and governance for physical facilities, on-premise datacenters, and GPU infrastructure to maintain compliance with TPN and ISO standards.

3. AI Governance, Risk Delegation, and Compliance

  • Lead the strategy to achieve and maintain primary certifications, specifically ISO/IEC 42001 and SOC 2 Type 2, while maintaining secondary certifications (TPN Gold Shield, ISO 27001).
  • In partnership with Legal and Product teams, guide organizational compliance for regulated client verticals, ensuring adherence to HIPAA, GDPR, India’s DPDP Act, and emerging global AI frameworks.
  • Operationalize a delegated risk management framework that enables business units to evaluate and accept operational risks within clear, automated governance guardrails.
  • Lead security due diligence for mergers, acquisitions, and strategic partnerships, and support investor and customer due diligence processes.

Get help with your application

Your very own career expert that helps elevate your application to the next level.

Get help applying for this job

4. Threat Operations, Incident Response, and Resilience

  • Oversee enterprise Incident Response (IR) playbooks covering data breaches, unauthorized access, identity spoofing, and synthetic media misuse.
  • Sponsor threat modelling and red team exercises targeting cloud perimeters, generative APIs, IAM, and biometric validation systems.
  • Maintain threat intelligence capabilities to proactively guard against external attacks and unauthorized misuse of Brahma AI models or digital identities.
  • Own business continuity and crisis management planning across cloud, on-premise, and production environments.

5. Executive and Board Governance

  • Present cybersecurity and AI risk posture to the Board, executive leadership, investors, and enterprise customers.
  • Maintain enterprise cyber and AI risk registers, risk dashboards, and security scorecards that give leadership a clear, quantified view of posture and progress.

Experience and Qualifications

Professional Background

  • Minimum of 12 years of progressive experience in information security, including at least 4 years as a CISO or Head of Security within a fast-paced SaaS, AI-native, or advanced media technology organization.
  • Demonstrated experience building, scaling, and leading global security teams across regions and time zones, spanning security engineering, operations, and compliance functions.
  • Proven track record of building and executing automated security programs that support rapid code release cycles without introducing organizational friction.
  • Demonstrated experience achieving and maintaining SOC 2 Type 2, ISO/IEC 27001, and TPN certifications; experience leading an ISO/IEC 42001 implementation is a strong plus.
  • Proven experience governing security across hybrid, multi-cloud environments (AWS and GCP experience required; Azure and physical datacenter experience is beneficial).
  • Experience presenting security and risk posture to boards, investors, and enterprise customers.

Technical Skills and Knowledge

  • Deep expertise in identity governance, zero-trust architectures, IAM/PAM frameworks, and enterprise key management.
  • Strong understanding of media security technologies, including DRM, forensic watermarking, AES encryption, and digital signatures.
  • Strategic understanding of machine learning development pipelines, container orchestration, model registries, C2PA specifications, adversarial ML threats, and AI-driven security automation tools.
  • Comprehensive knowledge of global data privacy and security frameworks, including HIPAA, GDPR, India’s DPDP Act, and MPA Content Security Best Practices.
Trusted by 25,000+ job seekers

“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”

Jessica, London

Get help applying for this job

Skills

MLSecOps
Zero-Trust Architecture
Identity & Access Management
Cloud Security
AI Governance
Compliance Management
Incident Response
Risk Management
Digital Identity Protection
C2PA
SOC 2 Type 2
ISO/IEC 42001
GDPR
HIPAA
DPDP Act
Threat Modeling

Location

United Kingdom

Sign up to applySee more jobs like this