Chief Information Security Officer (CISO)

We are seeking an experienced and forward-thinking Chief Information Security Officer (CISO) to lead our global security strategy.  The CISO will define, implement, and continuously evolve Couchbase’s enterprise and product security posture to protect our people, data, infrastructure, and customers across a hybrid SaaS and on-prem environment.

The ideal candidate is both a strategic thinker and hands-on leader who thrives in a high-growth, engineering-driven organization and understands the unique challenges of securing distributed database and cloud services at scale.  They work collaboratively across the company to champion a “security is everyone’s job” mindset and ensure that security solutions are robust, adaptable, and enable business growth.

Key Responsibilities

Enterprise strategic leader responsible for defining and executing Couchbase’s global information and cybersecurity strategy—building trust as the foundation for a database company powering mission-critical applications worldwide. Lead all aspects of security governance, architecture, operations, and incident response to safeguard our data platform, products, and cloud infrastructure.

Champion a “secure-by-design” culture across engineering, cloud, and GTM functions—ensuring that security accelerates, rather than constrains, innovation. Partner with product and R&D teams to embed advanced security capabilities into Couchbase’s database, Capella cloud platform, and AI-driven initiatives. Modernize and simplify our security posture through automation, threat intelligence, and proactive risk management to support Couchbase’s ongoing digital and AI transformation.

Collaborate with technology and business leaders to balance speed, trust, and compliance—integrating security into everything from software development lifecycles and infrastructure provisioning to data governance and vendor ecosystems. The CISO will position Couchbase as one of the most secure, trusted, and innovation-ready data platforms in the world.

Governance, Risk & Compliance

• Develop, implement, and maintain an enterprise-wide information security strategy and governance framework aligned with organizational goals.
• Establish and maintain information security policies, standards, and procedures that support business continuity and risk management.  This includes continuing to build and enhance governance, privacy, and security frameworks to encompass AI/ML workloads and data pipelines, ensuring responsible, compliant, and secure adoption of AI technologies across the enterprise.
• Oversee enterprise-wide security risk management, including assessments, and mitigation plans.
• Ensure compliance with relevant information security frameworks and standards including but not limited to SOC 2, HIPAA, PCI DSS, ISO.
• Collaborate with Legal and Compliance on evolving data privacy regulations (GDPR, CCPA, etc.) and integrate privacy by design across systems and products.

Security Operations

• Direct day-to-day security operations, including monitoring, detection, and response to threats.
• Lead security incident response planning and execution, acting as the senior point of escalation during security incidents.
• Serve as the primary advisor to the executive team and Board on cybersecurity strategy, risk posture, and incident readiness.
• Drive the identification and remediation of security vulnerabilities within defined SLAs.
• Manage key performance metrics for security maturity,  leveraging automation, analytics, and AI to drive continuous improvement across detection, response, and compliance.
• Review, refine and mature existing security processes and tools, including but not limited to SIEM, DLP, vulnerability management, email security, end point security, penetration testing, threat hunting, threat analysis, security monitoring, and security incident response.
• Oversee business continuity and disaster recovery planning, ensuring resilience across cloud and data center operations.

Product Security

• Perform security software architecture review and integrate threat modeling and abuse cases into the SDLC; Advise and implement secure software architecture patterns.
• Assess and architect security for SaaS/Cloud applications across AWS, GCP and Azure.
• Drive the development and implementation of standard security review processes across the company that result in effective methods for reducing security risks before product releases.
• Integrate application security tools within existing development, build, and deployment processes.
• Oversee the execution of dynamic & static code scan reviews and run-time tests.
• Own and manage the bug bounty program.
• Assist with the planning and execution of application penetration tests.
• Interface and collaborate with Engineering, Cloud, and SOC teams during security incidents.
• Work with customers as needed, to explain or enhance any security policies or product related engineering.
• Drive the remediation of security vulnerabilities in the products within defined SLAs.
• Assist in completing RFP security questionnaires

Qualifications:

• 15+ years of progressive experience in information security, risk management, or IT leadership, including at least 5 years in a senior security leadership role.
• Proven track record leading enterprise-wide cybersecurity strategy and operations in a global, cloud-first technology company.
• Solid understanding of secure coding principles (e.g., OWASP Top10, OWASP SAMM) and Agile software development practices.
• Demonstrated experience with security in public cloud platforms (AWS, Azure, GCP), CNAPP (Sysdig, Wiz, etc), SAST, DAST, SCA, Networking (Firewalls, Switches, Access Points, etc.), Operating Systems (Linux, Mac, Windows), Secure Software Development, IAM, Key Management, Encryption, SIEM (Splunk, Rapid 7, Alienvault, etc.), DLP (Netskope, Checkpoint, Proofpoint, Symantec, etc), Email Security (Abnormal Security, Mimecast, etc.), and Endpoint Security (SentinelOne, CrowdStrike, etc.)
• Strong background in application and product security, including secure software design, code analysis, penetration testing, and bug bounty management.
• Must have strong collaborative skills, a growth mindset, and a willingness to make tomorrow better than today.
• Industry Certifications such as CISSP, CISM, CCISO are preferred
• Bachelor’s or Master’s degree in Computer Science, Information Security, or related field.