Chief Information Security Officer
Are you a hands-on security leader who has successfully navigated organizations through rapid technological change, including AI and cloud transformation?
Are you driven to build and align enterprise-wide security strategies across complex, global organizations while partnering closely with senior technology leaders?
About Our Team
LexisNexis Legal & Professional serves customers in more than 150 countries with over 11,800 employees worldwide and is part of RELX, a global provider of information-based analytics and decision tools for professional and business customers. A long-time leader in deploying AI and advanced technologies to the legal market, LexisNexis is pioneering ethical, powerful generative AI solutions at the intersection of law, data, and technology. As the company accelerates into an AI-first future, securing our platforms, data, and people has never been more critical.
About the Role
The Chief Information Security Officer (CISO) is the most senior executive accountable for information and technology security across LexisNexis. This is not a role for a pure strategist or a pure technologist alone – we are looking for a proven practitioner who has worked hands-on in security and has led organizations through rapid technological change. The right candidate brings deep domain credibility, executive gravitas, and the operational instincts to protect a complex, AI-driven enterprise.
The CISO’s mandate extends across the full technology estate of the company: product and platform security, enterprise IT security (including all employee-facing systems, devices, and productivity tools), cloud and data security, AI security governance, and operational technology where applicable. The CISO partners daily with LexisNexis Technology Leadership and works cross-functionally with RELX Business Unit CISOs to drive aligned, enterprise-wide security posture.
Key Responsibilities
Executive Leadership & Strategic Direction
- Develop and continuously evolve a multi-year, enterprise-wide information and technology security strategy that aligns with LexisNexis’s aggressive AI and product roadmap, business objectives, and the broader LexisNexis risk appetite.
- Serve as the senior security voice in the executive leadership team; translate complex cyber and technology risk into clear, business-relevant terms for the CTO, CEO, and peer executives.
- Partner regularly with key business and technology stakeholder along with other RELX Business Unit CISOs to share intelligence, align on enterprise-wide standards, coordinate incident response, and present unified security posture to RELX Group leadership and audit committees.
- Represent LexisNexis’s security position to customers, regulators, industry forums, partners, and auditors; serve as the external face of LexisNexis security credibility.
- Champion a culture of security-by-design and responsible AI adoption across engineering, product, and business teams; balance security rigor with the speed of an agile, innovation-driven organization.
Enterprise IT & Employee Technology Security
- Own and govern security across the complete technology footprint used by LexisNexis employees globally – including endpoint devices, SaaS productivity tools, collaboration platforms, identity systems, enterprise applications, and corporate network infrastructure.
- Define and enforce security standards for device management, zero-trust network access, privileged access management, and SaaS application governance.
- Partner with IT and workplace technology teams to embed security controls into procurement, onboarding, and lifecycle management of employee-facing technology.
- Lead security awareness training that keeps pace with an evolving threat landscape, including AI-enabled phishing and social engineering.
- Ensure robust identity and access governance across all employee systems, including federated identity, Single Sign-On, and Multi-factor authentication at enterprise scale.
Product, Platform, Cloud & AI Security
- Define and govern the security of LexisNexis’s cloud-native platforms and AI-driven products across AWS, Azure, and GCP, including multi-cloud architecture, workload isolation, data protection, and secure API design.
- Embed security throughout Agile and DevSecOps delivery pipelines; integrate automated security testing, vulnerability management as first-class engineering practices.
- Lead AI security governance: define standards for securing AI/ML systems and generative AI products, including secure data flows, prompt injection defense, and responsible AI risk management in alignment with EU AI Act, NIST AI RMF, and emerging regulatory frameworks.
- Maintain and enhance data protection standards for customer content, legal data, and intellectual property: classification, encryption, key management, tokenization, and data-loss prevention across structured and unstructured environments.
- Oversee API security, third-party integration risk, and open-source software governance across all product lines.
Enterprise Risk, Governance & Compliance
- Own an enterprise-wide information and technology risk management program covering products, infrastructure, employee systems, suppliers, and third parties; maintain continuous risk assessment with clear risk appetite alignment.
- Ensure compliance posture across all applicable regulatory and certification frameworks including SOC 2, ISO 27001, FedRAMP, SOX, GDPR, HIPAA, PCI DSS, and emerging AI-specific regulations.
- Collaborate with Legal, Privacy, and Compliance leadership to maintain clear governance, accountability, and decision rights across all security domains.
- Lead third-party and vendor risk management, including managed security service providers, cloud vendors, and AI model providers; oversee security contract terms and SLA enforcement.
- Direct cyber due diligence and integration planning for mergers, acquisitions, and divestitures, including target risk assessment, control harmonization, and Day-1 security readiness.
Cyber Defense, Incident Response & Resilience
- Own enterprise threat intelligence, detection, monitoring, and security operations across all environments – product platforms, cloud infrastructure, and corporate IT.
- Operate a mature, well-practiced incident response capability: investigation, containment, eradication, recovery, and coordinated internal/external communications, including regulatory notification obligations.
- Lead cyber-resilience programs including red team exercises, tabletop simulations, ransomware preparedness, and integration with business continuity and disaster recovery.
- Continuously track and respond to the evolving threat landscape including AI-enabled attacks, supply-chain compromise, identity-based threats, and nation-state activity targeting the legal and information services sector.
- Partner with HR, Legal, and Privacy to ensure consistent management of insider risk, data-privacy incidents, and employee-related security events.
Team, Culture & Operational Leadership
- Provide inspirational leadership to a global security organization spanning cyber defense, GRC, product security, identity and access management, and security engineering.
- Build a high-performing, diverse team; foster a coaching culture with clear career pathways, succession planning, and a psychologically safe environment for raising security concerns.
- Own financial forecasting and multi-million-dollar budget management for the security function; prioritize investments by risk reduction, business enablement, and operational efficiency.
- Drive a bias toward action and urgency; act as a trusted advisor who enables the business rather than a gatekeeper who slows it down.
- Build and sustain a strong security culture across the full LexisNexis enterprise, including third-party relationships, extending security awareness beyond the technology function.
Experience and Qualifications
Required Experience
- 12–15+ years of progressive experience in information security, cyber risk, or IT risk management, with at least 5 years in a senior security leadership role (CISO, Deputy CISO, or equivalent) at a large, complex global organization (20,000+ employees strongly preferred).
- Demonstrated hands-on practitioner background: the ideal candidate has worked in security engineering, architecture, incident response, or penetration testing earlier in their career and brings credibility to lead deeply technical teams.
- Proven experience working in or leading security at agile, fast-moving organizations that rapidly adopt emerging technologies; comfort with ambiguity and speed-of-change.
- Deep expertise in cloud security architecture (AWS, Azure, GCP) and securing complex multi-cloud, SaaS, and hybrid environments at enterprise scale.
- Meaningful exposure to AI/ML and generative AI security, including securing AI systems, managing model risk, and navigating emerging AI regulations.
- Full-scope IT security experience: not limited to product or application security, but encompassing employee endpoint, identity, enterprise applications, corporate networks, and workplace technology.
- Proven track record building and executing enterprise security programs including risk management, compliance, vendor management, and incident response.
- Experience in financial services, legal, information services, or similarly regulated, data-sensitive industries strongly preferred.
Leadership & Executive Competencies
- Exceptional executive presence: ability to communicate complex risk clearly and credibly to C-suite peers, BU leaders, regulators, and sophisticated customers without losing technical precision.
- Demonstrated ability to build trust and influence without direct authority across a matrixed, multi-business-unit environment.
- Strong business acumen: understands how security investments translate to business value, customer trust, and competitive advantage.
- Collaborative leadership style: actively partners across engineering, product, legal, compliance, and business units rather than operating as a silo.
- Data-driven decision maker: uses metrics, risk indicators, and threat intelligence to prioritize and defend resource allocation.
Technical Knowledge
- Deep working knowledge of cloud-native security architectures, DevSecOps, zero-trust models, identity and access management and endpoint protection.
- Familiarity with AI security frameworks (NIST AI RMF, OWASP LLM Top 10, EU AI Act implications) and experience securing AI/ML systems.
- Strong grounding in regulatory and compliance frameworks: SOC 2, ISO 27001, NIST CSF, GDPR, CCPA, SOX, PCI DSS, and emerging AI regulations.
- Awareness of supply-chain security, open-source risk management, and software bill of materials (SBOM) practices.
Preferred Credentials
- CISSP, CISM, or equivalent advanced security certification.
- Advanced degree in Computer Science, Information Security, or a related field; undergraduate degree required.
- Industry leadership participation (ISAC membership, RSA, Black Hat speaking experience, or similar) viewed favorably.
Working for You
We know that your wellbeing and happiness are key to a long and successful career. These are some of the benefits we are delighted to offer:
Health Benefits: Comprehensive, multi-carrier program for medical, dental and vision benefits
Retirement Benefits: 401(k) with match and an Employee Share Purchase Plan
Wellbeing: Wellness platform with incentives, Headspace app subscription, Employee Assistance and Time-off Programs
Short-and-Long Term Disability, Life and Accidental Death Insurance, Critical Illness, and Hospital Indemnity
Family Benefits, including bonding and family care leaves, adoption and surrogacy benefits
Health Savings, Health Care, Dependent Care and Commuter Spending Accounts
In addition to annual Paid Time Off, we offer up to two days of paid leave each to participate in Employee Resource Groups and to volunteer with your charity of choice
About the Business
LexisNexis Legal & Professional® provides legal, regulatory, and business information and analytics that help customers increase their productivity, improve decision-making, achieve better outcomes, and advance the rule of law around the world. As a digital pioneer, the company was the first to bring legal and business information online with its Lexis® and Nexis® services.
We know your well-being and happiness are key to a long and successful career. We are delighted to offer country specific benefits. Click here to access benefits specific to your location.




This job is eligible for an annual incentive bonus.





We know your well-being and happiness are key to a long and successful career. We are delighted to offer country specific benefits. Click here to access benefits specific to your location.
We are committed to providing a fair and accessible hiring process. If you have a disability or other need that requires accommodation or adjustment, please let us know by completing our Applicant Request Support Form or please contact 1-855-833-5120.
Criminals may pose as recruiters asking for money or personal information. We never request money or banking details from job applicants. Learn more about spotting and avoiding scams here.
Please read our Candidate Privacy Policy.
We are an equal opportunity employer: qualified applicants are considered for and treated during employment without regard to race, color, creed, religion, sex, national origin, citizenship status, disability status, protected veteran status, age, marital status, sexual orientation, gender identity, genetic information, or any other characteristic protected by law.
USA Job Seekers: