Cyber Security Director | Head of Security | CSO Roles

Reolink Technology is seeking ahighly experienced and hands-onChief Security Officer (CSO) to lead the company's global security, privacy, and risk management strategy.

The CSO will oversee cybersecurity, information security, data privacy, cloud security, physical security, and enterprise risk management across the organization. This executive leader will work closely with the CEO, legal counsel, engineering teams, and regional business leaders to ensure the company's products, systems, infrastructure, and operations remain secure, compliant, and resilient in a rapidly evolving global regulatory landscape.

This role requires a strong technical security background, practical operational experience, and the ability to navigate international laws, privacy regulations, and cross-functional stakeholder management.

Required Qualifications

1. Strong hands-on technical experience in cybersecurity operations, cloud security, and incident response.

2. Proven experience managing local team, with the ability to work closely with internal and external legal counsel on regulatory compliance, data privacy, cybersecurity laws, and jurisdiction-specific security requirements.

3. Bachelor's Degree or above in Computer Science, Information Security, Cybersecurity, or related field.

4. 10+ years of progressive experience in cybersecurity, information security, or privacy-related roles.

5. Minimum 5+ years in senior security leadership positions such as Security Director, Head of Security, or equivalent.

6. Proven experience building and scaling security programs in fast-growing technology companies.

Technical Expertise

• Strong expertise in:

  1. AWS cloud security architecture and operations

  2. Enterprise security frameworks (NIST, ISO 27001, CIS)

  3. Security operations and incident response

  4. Security/privacy governance and risk management

  5. Application and infrastructure security

• Hands-on experience with:

  1. AWS security services

  2. Docker and Kubernetes security

  3. SIEM and monitoring platforms (e.g., Splunk)

  4. Vulnerability management tools (e.g., Nessus)

  5. EDR, WAF, IDS/IPS technologies

Key Responsibilities

1. Security Strategy & Executive Leadership

• Develop and execute the company's global security and privacy strategy, roadmap, governance framework, and annual security budget.

• Serve as the primary advisor to the CEO and executive leadership team on cybersecurity risks, privacy matters, regulatory exposure, and emerging threats.

• Build and promote a security-first and privacy-by-design culture across all business functions.

• Lead, mentor, and scale high-performing global security teams with strong operational and technical capabilities.

• Establish measurable security KPIs, risk metrics, and executive reporting mechanisms.

2. Cybersecurity, Information Security & Privacy

• Lead the design, implementation, and continuous improvement of the company's cybersecurity architecture and defense ecosystem.

• Maintain hands-on oversight of:

  • Security Operations Center (SOC)

  • Incident response and crisis management

  • Vulnerability management

  • Threat intelligence

  • Red/Blue team exercises

  • Endpoint, network, application, and cloud security

• Drive enterprise-wide data privacy and protection initiatives aligned with global privacy regulations and security best practices.

• Lead major security incident investigations, ensuring timely containment, remediation, stakeholder communication, and post-incident review.

• Partner closely with product and engineering teams to embed secure development lifecycle (SDLC) and privacy-by-design principles into products and platforms.

3. Cloud & Technical Security Leadership

• Provide strong technical leadership in cloud security architecture, particularly within AWS environments.

• Establish and maintain secure cloud infrastructure practices, including:

  • IAM and access governance

  • Container and Kubernetes security

  • Network segmentation

  • Security monitoring and logging

  • Cloud-native threat detection

  • DevSecOps integration

• Conduct security reviews and risk assessments for cloud deployments, applications, APIs, and infrastructure changes.

• Maintain familiarity with modern security tools and platforms such as SIEM, EDR, IDS/IPS, WAF, Nessus, Splunk, and cloud security monitoring solutions.

4. Compliance, Legal & Risk Management

• Ensure ongoing compliance with applicable international laws, regulations, and security standards, including:

  • GDPR

  • ISO 27001

  • SOC 2

  • PCI DSS

  • Regional cybersecurity and data privacy regulations

• Work closely with internal legal counsel and external legal advisors to address local regulatory requirements, compliance obligations, investigations, and security/privacy matters across different regions.

• Lead internal and external security audits and drive remediation programs to closure.

• Establish and maintain an enterprise-wide risk management framework to identify, assess, mitigate, and monitor security and operational risks.

5. Business Continuity, Physical Security & Operational Resilience

• Oversee physical security strategies for offices, warehouses, data centers, and other critical facilities.

• Develop and maintain Business Continuity Plans (BCP) and Disaster Recovery Plans (DRP), including regular tabletop exercises and incident simulations.

• Ensure organizational readiness for operational disruptions, cyber incidents, and crisis scenarios.

6. Third-Party & Supply Chain Security

• Build and enforce a comprehensive third-party and supplier security assessment framework.

• Evaluate security posture and compliance risks across vendors, partners, cloud providers, and outsourced service providers.

• Collaborate with procurement, legal, and business teams to ensure appropriate security controls and contractual protections are implemented.