Relx Group

Chief Information Security Officer

Relx Group$180K — $220K *
Information Technology
11 - 15 years of experience
Job Overview by Ladders

Qualifications

  • 12-15+ years in information security or IT risk management, with 5+ years in senior leadership roles
  • Hands-on experience in security engineering, architecture, or incident response
  • Experience in agile environments and rapid technological adoption
  • Expertise in cloud security architectures (AWS, Azure, GCP)
  • Familiarity with AI/ML security and emerging regulations
  • Comprehensive IT security knowledge across enterprise applications, networks, and employee systems
  • Proven ability to build enterprise security programs and compliance frameworks.

Responsibilities

  • Develop and evolve a multi-year, enterprise-wide security strategy
  • Serve as the senior security voice in the executive leadership team
  • Collaborate with cross-functional teams on intelligence sharing and incident response
  • Represent the company's security position externally to customers and regulatory bodies
  • Champion security-by-design practices across all teams
  • Govern security across all employee technology used globally
  • Lead security awareness training to address the evolving threat landscape.

Benefits

  • Comprehensive health benefits including medical, dental, and vision
  • 401(k) retirement plan with matching contributions
  • Wellness programs with incentives and Headspace subscription
  • Paid family leave and adoption benefits
  • Flexible spending accounts for healthcare and commuting
  • Paid time off for volunteering and participating in Employee Resource Groups.
Full Job Description
Chief Information Security Officer

Are you a hands-on security leader who has successfully navigated organizations through rapid technological change, including AI and cloud transformation?
Are you driven to build and align enterprise-wide security strategies across complex, global organizations while partnering closely with senior technology leaders?


About the Role

The Chief Information Security Officer (CISO) is the most senior executive accountable for information and technology security across LexisNexis. This is not a role for a pure strategist or a pure technologist alone - we are looking for a proven practitioner who has worked hands-on in security and has led organizations through rapid technological change. The right candidate brings deep domain credibility, executive gravitas, and the operational instincts to protect a complex, AI-driven enterprise.

The CISO's mandate extends across the full technology estate of the company: product and platform security, enterprise IT security (including all employee-facing systems, devices, and productivity tools), cloud and data security, AI security governance, and operational technology where applicable. The CISO partners daily with LexisNexis Technology Leadership and works cross-functionally with RELX Business Unit CISOs to drive aligned, enterprise-wide security posture.

Key Responsibilities
Executive Leadership & Strategic Direction
  • Develop and continuously evolve a multi-year, enterprise-wide information and technology security strategy that aligns with LexisNexis's aggressive AI and product roadmap, business objectives, and the broader LexisNexis risk appetite.
  • Serve as the senior security voice in the executive leadership team; translate complex cyber and technology risk into clear, business-relevant terms for the CTO, CEO, and peer executives.
  • Partner regularly with key business and technology stakeholder along with other RELX Business Unit CISOs to share intelligence, align on enterprise-wide standards, coordinate incident response, and present unified security posture to RELX Group leadership and audit committees.
  • Represent LexisNexis's security position to customers, regulators, industry forums, partners, and auditors; serve as the external face of LexisNexis security credibility.
  • Champion a culture of security-by-design and responsible AI adoption across engineering, product, and business teams; balance security rigor with the speed of an agile, innovation-driven organization.


Enterprise IT & Employee Technology Security
  • Own and govern security across the complete technology footprint used by LexisNexis employees globally - including endpoint devices, SaaS productivity tools, collaboration platforms, identity systems, enterprise applications, and corporate network infrastructure.
  • Define and enforce security standards for device management, zero-trust network access, privileged access management, and SaaS application governance.
  • Partner with IT and workplace technology teams to embed security controls into procurement, onboarding, and lifecycle management of employee-facing technology.
  • Lead security awareness training that keeps pace with an evolving threat landscape, including AI-enabled phishing and social engineering.
  • Ensure robust identity and access governance across all employee systems, including federated identity, Single Sign-On, and Multi-factor authentication at enterprise scale.


Product, Platform, Cloud & AI Security
  • Define and govern the security of LexisNexis's cloud-native platforms and AI-driven products across AWS, Azure, and GCP, including multi-cloud architecture, workload isolation, data protection, and secure API design.
  • Embed security throughout Agile and DevSecOps delivery pipelines; integrate automated security testing, vulnerability management as first-class engineering practices.
  • Lead AI security governance: define standards for securing AI/ML systems and generative AI products, including secure data flows, prompt injection defense, and responsible AI risk management in alignment with EU AI Act, NIST AI RMF, and emerging regulatory frameworks.
  • Maintain and enhance data protection standards for customer content, legal data, and intellectual property: classification, encryption, key management, tokenization, and data-loss prevention across structured and unstructured environments.
  • Oversee API security, third-party integration risk, and open-source software governance across all product lines.


Enterprise Risk, Governance & Compliance
  • Own an enterprise-wide information and technology risk management program covering products, infrastructure, employee systems, suppliers, and third parties; maintain continuous risk assessment with clear risk appetite alignment.
  • Ensure compliance posture across all applicable regulatory and certification frameworks including SOC 2, ISO 27001, FedRAMP, SOX, GDPR, HIPAA, PCI DSS, and emerging AI-specific regulations.
  • Collaborate with Legal, Privacy, and Compliance leadership to maintain clear governance, accountability, and decision rights across all security domains.
  • Lead third-party and vendor risk management, including managed security service providers, cloud vendors, and AI model providers; oversee security contract terms and SLA enforcement.
  • Direct cyber due diligence and integration planning for mergers, acquisitions, and divestitures, including target risk assessment, control harmonization, and Day-1 security readiness.

Cyber Defense, Incident Response & Resilience
  • Own enterprise threat intelligence, detection, monitoring, and security operations across all environments - product platforms, cloud infrastructure, and corporate IT.
  • Operate a mature, well-practiced incident response capability: investigation, containment, eradication, recovery, and coordinated internal/external communications, including regulatory notification obligations.
  • Lead cyber-resilience programs including red team exercises, tabletop simulations, ransomware preparedness, and integration with business continuity and disaster recovery.
  • Continuously track and respond to the evolving threat landscape including AI-enabled attacks, supply-chain compromise, identity-based threats, and nation-state activity targeting the legal and information services sector.
  • Partner with HR, Legal, and Privacy to ensure consistent management of insider risk, data-privacy incidents, and employee-related security events.


Team, Culture & Operational Leadership
  • Provide inspirational leadership to a global security organization spanning cyber defense, GRC, product security, identity and access management, and security engineering.
  • Build a high-performing, diverse team; foster a coaching culture with clear career pathways, succession planning, and a psychologically safe environment for raising security concerns.
  • Own financial forecasting and multi-million-dollar budget management for the security function; prioritize investments by risk reduction, business enablement, and operational efficiency.
  • Drive a bias toward action and urgency; act as a trusted advisor who enables the business rather than a gatekeeper who slows it down.
  • Build and sustain a strong security culture across the full LexisNexis enterprise, including third-party relationships, extending security awareness beyond the technology function.


Experience and Qualifications
Required Experience
  • 12-15+ years of progressive experience in information security, cyber risk, or IT risk management, with at least 5 years in a senior security leadership role (CISO, Deputy CISO, or equivalent) at a large, complex global organization (20,000+ employees strongly preferred).
  • Demonstrated hands-on practitioner background: the ideal candidate has worked in security engineering, architecture, incident response, or penetration testing earlier in their career and brings credibility to lead deeply technical teams.
  • Proven experience working in or leading security at agile, fast-moving organizations that rapidly adopt emerging technologies; comfort with ambiguity and speed-of-change.
  • Deep expertise in cloud security architecture (AWS, Azure, GCP) and securing complex multi-cloud, SaaS, and hybrid environments at enterprise scale.
  • Meaningful exposure to AI/ML and generative AI security, including securing AI systems, managing model risk, and navigating emerging AI regulations.
  • Full-scope IT security experience: not limited to product or application security, but encompassing employee endpoint, identity, enterprise applications, corporate networks, and workplace technology.
  • Proven track record building and executing enterprise security programs including risk management, compliance, vendor management, and incident response.
  • Experience in financial services, legal, information services, or similarly regulated, data-sensitive industries strongly preferred.

Leadership & Executive Competencies
  • Exceptional executive presence: ability to communicate complex risk clearly and credibly to C-suite peers, BU leaders, regulators, and sophisticated customers without losing technical precision.
  • Demonstrated ability to build trust and influence without direct authority across a matrixed, multi-business-unit environment.
  • Strong business acumen: understands how security investments translate to business value, customer trust, and competitive advantage.
  • Collaborative leadership style: actively partners across engineering, product, legal, compliance, and business units rather than operating as a silo.
  • Data-driven decision maker: uses metrics, risk indicators, and threat intelligence to prioritize and defend resource allocation.


Technical Knowledge
  • Deep working knowledge of cloud-native security architectures, DevSecOps, zero-trust models, identity and access management and endpoint protection.
  • Familiarity with AI security frameworks (NIST AI RMF, OWASP LLM Top 10, EU AI Act implications) and experience securing AI/ML systems.
  • Strong grounding in regulatory and compliance frameworks: SOC 2, ISO 27001, NIST CSF, GDPR, CCPA, SOX, PCI DSS, and emerging AI regulations.
  • Awareness of supply-chain security, open-source risk management, and software bill of materials (SBOM) practices.


Preferred Credentials
  • CISSP, CISM, or equivalent advanced security certification.
  • Advanced degree in Computer Science, Information Security, or a related field; undergraduate degree required.
  • Industry leadership participation (ISAC membership, RSA, Black Hat speaking experience, or similar) viewed favorably.

Working for You

We know that your wellbeing and happiness are key to a long and successful career. These are some of the benefits we are delighted to offer:

Health Benefits: Comprehensive, multi-carrier program for medical, dental and vision benefits
Retirement Benefits: 401(k) with match and an Employee Share Purchase Plan
Wellbeing: Wellness platform with incentives, Headspace app subscription, Employee Assistance and Time-off Programs
Short-and-Long Term Disability, Life and Accidental Death Insurance, Critical Illness, and Hospital Indemnity
Family Benefits, including bonding and family care leaves, adoption and surrogacy benefits
Health Savings, Health Care, Dependent Care and Commuter Spending Accounts
In addition to annual Paid Time Off, we offer up to two days of paid leave each to participate in Employee Resource Groups and to volunteer with your charity of choice

About the Business

LexisNexis Legal & Professional® provides legal, regulatory, and business information and analytics that help customers increase their productivity, improve decision-making, achieve better outcomes, and advance the rule of law around the world. As a digital pioneer, the company was the first to bring legal and business information online with its Lexis® and Nexis® services.

This job is eligible for an annual incentive bonus.

About Relx Group

RELX Group is a global provider of information-based analytics and decision tools for professional and business customers. The company operates in four market segments: scientific, technical and medical; risk and business analytics; legal; and exhibitions. RELX's products and services include electronic databases, online information services, workflow tools, and print and digital books. The company was founded in 1993 and is headquartered in London, England.
Learn more about Relx Group
Size
33,500 employees
Market Cap
$53.1 billion
Industry
Net Income
$1.2 billion
Founded
2018
5 Year Trend
+1%
Revenue
$7.1 billion
NASDAQ

Similar Jobs

More Jobs at Relx Group

More Information Technology Jobs

Find similar Chief Information Security Officer jobs: