Director, Information Security

Job Title:            Director, Information Security   

Reports To:        VP, Security & Infrastructure        

FLSA Status:      Exempt

Department:     Technology       

JOB SUMMARY: Responsible for defining and executing the organization’s security vision, strategy, and programs to protect the confidentiality, integrity, and availability of information assets. This role will lead a team of cybersecurity professionals in identifying, assessing, and mitigating security risks while developing and implementing policies, procedures, and controls to safeguard sensitive data. Additionally, the Director will ensure compliance with relevant regulations and industry standards, drive security awareness initiatives, and foster a culture of continuous improvement across the organization.

ESSENTIAL JOB FUNCTIONS:

• Strategic Leadership:Develop and oversee the company’s information security strategy, ensuring alignment with business objectives and regulatory requirements.
• Risk Management:Implement and oversee security monitoring, threat intelligence, and incident response capabilities.
• Policy and Compliance:Manage the GRC program, ensuring adherence to SOC 2’s five trust service principles (Security, Availability, Processing Integrity, Confidentiality, and Privacy) and PCI DSS compliance.
• Security Architecture:Lead cloud security initiatives, including security architecture, monitoring, and response strategies for cloud environments (AWS, Azure, or Google Cloud).
• Incident Response:Conduct risk assessments and implement mitigation strategies to address security vulnerabilities and regulatory gaps.
• Security Awareness:Promote a culture of security awareness and compliance across the organization through training programs, awareness campaigns, and regular communication.
• Vendor Management:Oversee third-party security risk management, ensuring vendor security aligns with organizational policies.
• Security Projects: Act as a key stakeholder in security audits and assessments, including SOC 2 Type I & II, PCI DSS, and internal/external compliance audits.
• Security Operations:Oversee the operation of security tools and technologies, including security information and event management (SIEM), intrusion detection/prevention systems (IDS/IPS), and vulnerability management systems.
• Current Threats: Stay up to date on the latest cybersecurity trends and threats, and proactively implement new security measures.
• Collaboration: Collaborate with IT, legal, and compliance teams to develop security policies, procedures, and incident response plans.
• Budget Management:Develop and manage the information security budget, ensuring optimal allocation of resources to meet security objectives effectively.
• Team Development:Develop and mentor a high-performing team of information security professionals, fostering a collaborative and innovative work environment.

MINIMUM QUALIFICATIONS: To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the minimum knowledge, skill, and/or ability required.

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field.
• 8 years of experience in information security, with at least 3 years in a leadership role.
• 8 years of experience with cloud security (AWS, Azure, GCP) and associated security frameworks.
• 8 years of experience in Governance, Risk, and Compliance (GRC), including SOC 2, PCI DSS, ISO 27001, and NIST frameworks.
  • Deep understanding of SOC 2’s five trust service principles and PCI DSS requirements.
• 5 years of experience managing security audits, risk assessments, and compliance programs.
• Extensive knowledge of security tools and technologies, such as SIEM, IDS/IPS, endpoint protection, and vulnerability management.
• Relevant certifications such as CISSP, CISM, CCSP, CISA, or PCI ISA/QSA are highly desirable.

Preferred Qualifications:

• Experience working in Banking/FinTech cloud-first environments.
• Familiarity with DevSecOps, CI/CD security, and automation.
• Hands-on experience with security frameworks like MITRE ATT&CK, NIST CSF, and HITRUST.

COMPETENCIES:

• Customer Service: Exceptional attitude and a passion for providing outstanding service to internal customers.
• Attention to Detail: Thoroughness in accomplishing a task through concern for all the areas involved, no matter how small. Monitors and checks work or information and plans and organizes time and resources efficiently
• Analytical Skills: Collects and researches data; Designs workflows and procedures; Identifies data relationships and dependencies.
• Communications: Exhibits good listening and comprehension. Expresses ideas and thoughts in verbal and written form. Keeps others adequately informed. Selects and uses appropriate communication methods. 
• Managing People: Develops subordinates’ skills and encourages growth; provides direction and guidance; reacts well under pressure; motivates others to perform well and exhibits confidence in self and others.
• Problem Solving: Ability to solve issues efficiently and quickly. 

• Relationship Management: Manages interactions to service and support to the organization; establishes credibility with all interactions.

• Teamwork: Contributes to building a positive team spirit. Exhibits objectivity and openness to others' views.

SUPERVISORY RESPONSIBILITY
Yes

PHYSICAL DEMANDS

While performing the duties of this job, the employee is regularly required to stand, walk, reach and sit for a minimum of 8 hours with or without reasonable accommodation. The employee is required to use hands to finger, handle, or feel objects and/or tools. The employee is required to talk or hear with or without reasonable accommodation and must sometimes lift and move up to 10 pounds.

WORK ENVIRONMENT
While performing the logistics duties of this job, the employee is frequently exposed to moderate noises such as computers, printers, and other light traffic noise in an office setting.

This role is in-office.  Remote work may be performed from a pre-approved location, as arranged, and scheduled by team management and approved by department leadership.

OTHER DUTIES

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change or be supplemented at any time with or without notice.