Does Xoxoday have a dedicated CISO for security oversight? - Xoxoday

Xoxoday employs a dedicated Chief Information Security Officer (CISO) who reports directly to the group CTO and concurrently serves as Chief Data Protection Officer (CDPO) and Chief Privacy Officer (CPO), holding unified accountability for security architecture, data protection, and regulatory privacy.

Xoxoday designates a Chief Information Security Officer (CISO) who reports directly to the group Chief Technology Officer (CTO). This reporting line ensures security decisions are elevated to the highest levels of technical leadership, enabling fast risk resolution and strategic alignment between security posture and product direction. The CISO does not operate within a single domain. Xoxoday unifies the roles of CISO, Chief Data Protection Officer (CDPO), and Chief Privacy Officer (CPO) under one leader. This consolidated structure means a single accountable executive governs the intersection of security architecture, data handling practices, and regulatory privacy obligations — eliminating the gaps that arise when these functions are siloed across separate teams. Supported by a Dedicated Information Security Team The CISO is supported day-to-day by Xoxoday’s Information Security (InfoSec) Team. This team handles operational security functions including vulnerability management, incident response, access reviews, and continuous control monitoring — allowing the CISO to maintain focus on governance, risk strategy, and executive-level oversight. Governance and Compliance Mandate A core responsibility of the InfoSec function at Xoxoday is governance and compliance. The team maintains adherence to ISO 27001 for information security management, SOC 2 Type II for operational security controls, and GDPR for the processing of personal data belonging to individuals in the European Union. For enterprise customers deploying Xoxoday’s rewards and recognition platform alongside HR systems such as Workday, SAP SuccessFactors, or Darwinbox, this governance structure provides verifiable assurance that employee data flowing through integrations is handled under a formally audited security framework. IT procurement teams and data protection officers at customer organizations can request compliance documentation directly from Xoxoday’s InfoSec function as part of vendor due diligence. Why Unified Security Accountability Matters When a single senior leader holds responsibility for security, data protection, and privacy, organizations benefit from consistent policy enforcement and faster response to evolving regulatory requirements. Changes to GDPR guidance, updated ISO 27001 controls, or revised SOC 2 criteria are assessed and addressed by one team with clear ownership — rather than distributed across departments where accountability can blur. This model also directly supports enterprise procurement requirements. Many organizations require a named, accountable security responsible party before approving a vendor. Xoxoday’s CISO formally fulfills that role and provides a documented chain of accountability from operational InfoSec activities up to group executive leadership. Learn more: Xoxoday Help Centre — Data protection

SOC 2 Type II Compliance

Understand how Xoxoday achieves and maintains SOC 2 Type II certification and what controls are covered in the audit scope.

GDPR and Data Privacy Controls

Learn how Xoxoday handles personal data under GDPR, including data subject rights, lawful bases for processing, and cross-border transfer mechanisms.