Chief Information Security Officer (CISO)

Position

Chief Information Security Officer (CISO)

The Chief Information Security Officer (CISO) is the senior executive responsible for overseeing information security operations, including the protection of information technology systems and the secure management of data for Louis Vuitton Korea (“the Company”).

Serving in a full-time, executive-level capacity, the CISO oversees the Company’s information security matters and supports compliance with applicable laws and regulations, including the Act on Promotion of Information and Communications Network Utilization and Information Protection. This role collaborates with key functional teams to promote and implement effective information security practices and associated tasks, and also supports resource management and planning.

The CISO reports directly to the Managing Director and must work closely with teams including Legal, CRM, Retail, Client Services, IT, and Regional & Global HQ regarding the aforementioned responsibilities.

Job responsibilities

Job responsibilities

Establishment, Implementation, and Improvement of Information Security Plans

• Establish, implement, and improve comprehensive management plans, including administrative, technical, and physical protective measures, to ensure the stability and reliability of information and communications networks.
• Implement information technology disaster recovery and business technology continuity planning in alignment with both local regulatory expectations and Global HQ frameworks.
• Establish and maintain a robust local security governance structure. Ensure alignment with Korea’s ISMS/ISMS-P (Personal Information & Information Security Management System) requirements while harmonizing with global enterprise security standards.
  

Regular Auditing and Improvement of Information Security Status and Practices

• Investigate the status of information security or receive reports from relevant parties.
• Serve as the primary liaison for internal/external auditors and government regulatory bodies (e.g., MSIT, KISA, PIPC etc). Guide special investigations and ensure statutory inquiries are handled with executive oversight.
• Conduct regular security assessments and audits to ensure compliance and effectiveness.
• Ensure compliance with relevant laws, regulations, and industry standards (e.g., GDPR, HIPAA, ISO 27001).
• Report investigation results and corrective measures to the CEO through regular audits.

 

Identification and Evaluation of Information Security Risks and Development of Security Measures

• Identify and evaluate weaknesses (vulnerabilities) and risks—such as hardware/software defects or system design flaws—that allow unauthorized actions, viewing, modification, or leakage of information beyond permitted authority.
• Design security measures to handle risks and establish information security countermeasures.
• Coordinate end-to-end incident response activities, ensuring rapid containment, analysis, and statutory reporting of breaches to local authorities within legally required timeframes.

 

Establishment and Implementation of Information Security Training and Mock Drills

• Develop and deliver security awareness programs to educate employees about their roles and responsibilities in maintaining security
• Conduct necessary training and cyber-attack simulation drills for information and communications service providers at least once a year to enhance information security.

 

Consultation and Communication with Regional & Global HQ and Affiliates regarding the above duties.

• Act as the strategic focal point between the Korea office, the Regional CIO, and Global HQ regarding all information security matters, ensuring local compliance does not fracture global security visibility.
• Consult with Regional and Global teams to adapt enterprise-wide security policies to fit statutory restrictions, effectively communicating the nuances of local laws to global stakeholders.
• Participate actively in global security councils, sharing localized threat intelligence

Profile

1. Strong understanding of cybersecurity principles, frameworks, and technologies, including but not limited to NIST, ISO, CIS Controls, SIEM, IDS/IPS, DLP, encryption, and cloud security.

2. Excellent leadership, communication, and interpersonal skills, with the ability to collaborate effectively across departments and influence stakeholders at all levels of the organization.

3. Strong analytical and problem-solving skills, with the ability to make risk-based decisions in a fast-paced environment.

4. Must meet at least one of the following basic requirements (work experience includes experience gained prior to obtaining the relevant degree):

• Hold a Master’s degree or higher (domestic or foreign) in information security or information technology.
• Hold a Bachelor’s degree (domestic or foreign) in information security or information technology, with at least 3 years of work experience in information security or information technology.
• Hold an Associate’s degree (domestic or foreign) in information security or information technology, with at least 5 years of work experience in information security or information technology.
• Possess at least 10 years of work experience in information security or information technology.
• Hold a qualification as an Information Security Management System (ISMS) Auditor.
  
  

5. Must meet at least one of the following additional requirements:

• At least 4 years of work experience specifically in the field of information security.
• At least 5 years of work experience in information security or information technology (of which at least 2 years must be in the field of information security).
• Holders of Bachelor’s, Master’s, or Doctoral degrees in personal information protection will be credited with 2 years, 1 year, or 6 months of professional experience, respectively.
• Holders of Industry certifications such as CISSP, CISM, CISA, or equivalent are highly desirable