Director of Information Security

We are looking for a Director of Information Security to lead the development and execution of enterprise-wide security operations, policies, and risk management strategies. Reporting to the Chief Information Security Officer (CISO), this role is responsible for enhancing security measures, minimizing risks, and ensuring compliance with industry regulations across internal systems and external-facing platforms.

This position requires a balance of strategic leadership and hands-on technical execution, overseeing key security domains such as Security Operations Center (SOC) management, access control, threat response, and compliance enforcement. The ideal candidate will work closely with cross-functional teams, including IT, legal, compliance, and risk management, to safeguard sensitive data and critical infrastructure.

• Develop and implement an enterprise-wide security strategy to protect digital assets, networks, and information systems.
• Oversee the design, implementation, and continuous improvement of security controls and risk mitigation initiatives.
• Ensure compliance with regulatory frameworks and industry best practices, collaborating with internal teams to enforce policies.
• Lead the organization’s security awareness and training programs to strengthen employee cybersecurity knowledge.
• Advise executive leadership on emerging threats, security trends, and risk reduction strategies.
• Embed security principles into software development, infrastructure management, and IT operations.
• Direct internal and external security audits, vulnerability assessments, and penetration testing efforts.
• Oversee the monitoring and response to security incidents, ensuring timely investigation and resolution.
• Establish security performance metrics to evaluate operational effectiveness and identify improvement areas.
• Manage identity and access management (IAM) functions, ensuring robust authentication and authorization controls.
• Conduct risk assessments, gap analyses, and strategic security planning to enhance overall resilience.

• Minimum of 7 years of experience in cybersecurity, with at least 5 years in a leadership role.
• Strong background in managing security operations across cloud, hybrid, and on-premises environments.
• Expertise in identity and privileged access management (IAM/PAM) solutions.
• Bachelor’s degree required; a Master’s degree in Cybersecurity, IT, or a related field is a plus.
• Hands-on experience with industry security frameworks such as NIST, PCI-DSS, and SOC2.
• Preferred certifications: CISSP, CISM, CEH, CHFI.
• Strong understanding of regulatory compliance, risk management, and security governance.
• Ability to lead technical teams, develop security strategies, and drive process improvements.
• Excellent communication skills, with the ability to present complex security concepts to both technical and non-technical audiences.