Chief Information Security Officer (CISO)
Description
Location: US (West or East Coast), UK, or Europe / Hybrid, with global travel across US, UK, UAE, and
India operations
Position Overview
Brahma AI is recruiting a highly technical, forward-thinking Chief Information Security Officer (CISO) to
lead our global security, trust, and identity governance initiatives. Brahma AI operates enterprise Media
Asset Management (MAM) and AI-driven Digital Asset Management at global scale, managing over 100
million assets and 100 PB archives for some of the world’s largest organisations. This is where our
customers’ most valuable content lives, and where security is paramount. Building on that foundation,
our technology delivers high-fidelity, Hollywood-grade photorealistic digital humans (ATMAN) and multi-
language voice synthesis (VAANI) for leading enterprises in healthcare, retail, sports, and entertainment, adding further complexity around sensitive source assets and identity governance.
This executive position works closely with the Chief Technology Officer (CTO), Chief Executive Officer
(CEO), and the wider executive leadership team. Overseeing our global security posture across
engineering, product, and multi-cloud environments, the CISO will build automated, developer-enabling
security architectures in place of traditional gate-heavy enterprise controls. In this role, you will define
our MLSecOps strategy, govern zero-trust identity frameworks, guide global privacy compliance
(including HIPAA, GDPR, and India’s DPDP Act), and establish the enterprise trust certifications that
power our commercial growth.
This is a hands-on security leadership role first. Brahma AI operates some of the most sensitive
technology in the industry: highly realistic, photorealistic digital replicas of real people. Protecting our
models, our data, our infrastructure, and the likenesses entrusted to us is the job, and you will build and
lead the global security organization to execute on it. Trust, governance, and certification programs are
how that protection becomes a commercial asset.
Core Strategic Objectives
Drive Security as a Commercial Enabler: Implement automated compliance and governance pipelines
that accelerate product velocity and lower time-to-market for digital human solutions while upholding
rigorous security standards.Govern MLSecOps Strategy: Architect and oversee the secure machine learning lifecycle from ingestion
to serving, defining custom control frameworks for model registries, training data validation, and
automated deployment pipelines.
Protect Digital Identities: Own the security of Brahma AI’s digital human technologies, covering
likeness protection, misuse prevention, consent management, and content provenance.
Build Enterprise Trust: Lead Brahma AI’s trust and compliance posture across ISO/IEC 42001, SOC 2
Type 2, C2PA, and TPN, ensuring alignment with global regulatory frameworks including HIPAA, GDPR,
and India’s DPDP Act. Support customer security reviews and investor due diligence.
Harden Multi-Cloud & Enterprise Environments: Maintain continuous posture monitoring and zero-
trust perimeters across our multi-cloud footprint (AWS, GCP, and Azure) and physical facilities.
Define Identity & Access Architecture: Enforce low-friction Identity and Access Management (IAM),
Privileged Access Management (PAM), and automated secrets management across continuous delivery
pipelines.
Technical and Operational Responsibilities
1. Generative AI Security, MLSecOps, and Content Protection
- Oversee the design and maturation of the MLSecOps architecture, establishing standards for
automated gate controls, model registry signing, versioned data lineage, and pre-deployment
adversarial testing. - Establish defenses against adversarial AI threats including prompt injection, model extraction, data
and model poisoning, and misuse of generative APIs, validated through continuous AI red team
exercises. - Drive the integration of content authenticity standards (C2PA) and media protection mechanisms,
including forensic watermarking, DRM, and encryption, directly into core media pipelines. - Lead security and governance of digital human and synthetic media technologies: likeness
protection, consent-driven identity registries for ATMAN digital likenesses (in partnership with
Product and Legal), and authenticity controls. - Direct the evaluation and adoption of contemporary, AI-powered security tooling to continuously
test, detect, monitor, and recover from software vulnerabilities.2. Multi-Cloud, Infrastructure, and
Application Security. - Establish continuous, automated security posture management across GCP, AWS, and Azure,
prioritizing engineering self-remediation. - Define enterprise access governance, IAM policy, and zero-trust perimeters to prevent unauthorized
access and ensure strict multi-tenant isolation. - Ensure automated, low-latency security scanning (SAST, DAST, container checks) is seamlessly
integrated into CI/CD workflows without creating development bottlenecks. - Provide security policy oversight and governance for physical facilities, on-premise datacenters, and
GPU infrastructure to maintain compliance with TPN and ISO standards.
3. AI Governance, Risk Delegation, and Compliance
- Lead the strategy to achieve and maintain primary certifications, specifically ISO/IEC 42001 and SOC 2 Type 2, while maintaining secondary certifications (TPN Gold Shield, ISO 27001).
- In partnership with Legal and Product teams, guide organizational compliance for regulated client
verticals, ensuring adherence to HIPAA, GDPR, India’s DPDP Act, and emerging global AI frameworks. - Operationalize a delegated risk management framework that enables business units to evaluate and
accept operational risks within clear, automated governance guardrails. - Lead security due diligence for mergers, acquisitions, and strategic partnerships, and support
investor and customer due diligence processes.
4. Threat Operations, IncidentResponse, and Resilience
- Oversee enterprise Incident Response (IR) playbooks covering data breaches, unauthorized access,
identity spoofing, and synthetic media misuse. - Sponsor threat modelling and red team exercises targeting cloud perimeters, generative APIs, IAM,
and biometric validation systems. - Maintain threat intelligence capabilities to proactively guard against external attacks and
unauthorized misuse of Brahma AI models or digital identities. - Own business continuity and crisis management planning across cloud, on-premise, and production
environments.
5. Executive and Board Governance
- Present cybersecurity and AI risk posture to the Board, executive leadership, investors, and
enterprise customers. - Maintain enterprise cyber and AI risk registers, risk dashboards, and security scorecards that give
leadership a clear, quantified view of posture and progress.
Experience and Qualifications
Professional Background
- Minimum of 12 years of progressive experience in information security, including at least 4 years as a
CISO or Head of Security within a fast-paced SaaS, AI-native, or advanced media technology
organization. - Demonstrated experience building, scaling, and leading global security teams across regions and
time zones, spanning security engineering, operations, and compliance functions. - Proven track record of building and executing automated security programs that support rapid code
release cycles without introducing organizational friction. - Demonstrated experience achieving and maintaining SOC 2 Type 2, ISO/IEC 27001, and TPN
certifications; experience leading an ISO/IEC 42001 implementation is a strong plus. - Proven experience governing security across hybrid, multi-cloud environments (AWS and GCP
experience required; Azure and physical datacenter experience is beneficial). - Experience presenting security and risk posture to boards, investors, and enterprise customers.
Technical Skills and Knowledge
- Deep expertise in identity governance, zero-trust architectures, IAM/PAM frameworks, and
enterprise key management. - Strong understanding of media security technologies, including DRM, forensic watermarking, AES encryption, and digital signatures.
- Strategic understanding of machine learning development pipelines, container orchestration, model registries, C2PA specifications, adversarial ML threats, and AI-driven security automation tools.
- Comprehensive knowledge of global data privacy and security frameworks, including HIPAA, GDPR, India’s DPDP Act, and MPA Content Security Best Practices.
About BRAHMA AI:
BRAHMA AI is the next generation of enterprise media technology formed through the integration of Prime Focus Technologies and Metaphysic. By combining CLEAR®, CLEAR® AI, ATMAN, and VAANI into one ecosystem, BRAHMA AI enables enterprises to manage, create, and distribute content with intelligence, security, and efficiency.
Proven, scalable, and enterprise-tested, BRAHMA AI is helping global organizations accelerate growth, efficiency, and creative impact in the AI-powered era.