Director, Enterprise Technology & Security

Transit Technologies
Remote
Match Resume

About The Position

The role is responsible to establish and maintain standards across eight interconnected disciplines executed by respective operational teams: 1) protecting the organization’s digital assets through proactive cybersecurity planning, incident response, and forensic investigation; 2) designing and executing cloud infrastructure strategy including migration, architecture, and platform reliability; 3) administering and architecting the organization’s Microsoft 365 and Entra ecosystem; 4) driving the selection, integration, and cross-departmental adoption of revenue/marketing technology platforms; 5) ensuring compliance with regulatory and market driven frameworks through structured auditing and reporting programs; 6) managing third-party risk across the enterprise application portfolio; 7) leading the enterprise unified communications strategy across voice, video, messaging, and contact center platforms; and 8) evaluating and managing Managed Service Provider (MSP) and Managed Security Service Provider (MSSP) relationships to right-size services, optimize costs, and ensure service delivery excellence. This role requires a rare combination of deep security expertise, infrastructure engineering fluency, Microsoft platform mastery, and the business acumen to partner with Product Development, Marketing, Sales, Legal, Customer Success, and executive leadership on technology decisions that span the entire organization. Development and maintenance of Enterprise Cybersecurity, Digital, and Technology Design and Operations, and critical enabler for the same aspects of Transit business entity products and services.

Requirements

  • 10+ years of progressive experience in information technology, with at least 5 years in a leadership role spanning three or more of the following: cybersecurity, cloud infrastructure, Microsoft 365/Entra administration, enterprise systems integration, unified communications, regulatory compliance, or vendor risk management.
  • Demonstrated experience leading cybersecurity incident response and forensic investigations in a corporate or managed-services environment.
  • Hands-on expertise architecting and migrating workloads to at least one major cloud platform (AWS, Azure, or GCP), including networking, compute, storage, and identity services.
  • Deep working knowledge of the Microsoft 365 ecosystem and Entra ID, including tenant architecture, conditional access, Purview information protection, and Defender security stack administration.
  • Proven track record of evaluating, implementing, and managing marketing technology or enterprise application stacks (Salesforce, HubSpot, Marketo, Segment, or comparable platforms).
  • Hands-on experience building or leading a regulatory compliance program, including preparation for and participation in external audits (SOC 2, ISO 27001, HIPAA, PCI-DSS, or government-specific frameworks).
  • Demonstrated experience establishing or managing a formal third-party risk management program, including vendor security assessments and enterprise-level vendor selection processes.
  • Experience evaluating, selecting, and governing MSP and/or MSSP relationships, including service-level negotiation, performance management, and cost optimization.
  • Experience designing or managing enterprise unified communications platforms, including cloud telephony, contact center, and collaboration tool migrations.
  • Strong project and program management skills with experience running cross-departmental technology initiatives from scoping through post-launch optimization.
  • Excellent communication and executive-presentation skills; able to translate complex technical concepts into business-impact language for C-suite, board, and regulatory audiences.

Responsibilities

  • Develop and maintain the enterprise cybersecurity strategy, including risk assessment frameworks, threat modeling, and annual security roadmaps aligned to business objectives.
  • Lead incident response operations: build and refine the IR playbook, conduct tabletop exercises, coordinate cross-functional response during active security events, and drive root-cause analysis through post-incident review.
  • Own digital forensics and investigation workflows for security incidents, insider threats, and data-loss events, partnering with Legal and HR as required.
  • Manage vulnerability management programs including penetration testing cadence, remediation tracking, and third-party security assessments.
  • Oversee identity and access management (IAM) strategy, including SSO, MFA, privileged access management, and zero-trust network architecture initiatives.
  • Monitor the evolving threat landscape and translate intelligence into actionable defensive improvements, brief executive leadership on risk posture and material incidents.
  • Evaluate, procure, and manage security tooling (SIEM/SOAR, EDR, DLP, email security, CSPM) and associated vendor relationships.
  • Define and execute a multi-phase cloud migration strategy (on-premises to cloud or cloud-to-cloud), including workload assessment, dependency mapping, cost modeling, and risk mitigation planning.
  • Architect scalable, secure, and cost-efficient cloud environments across AWS, Azure, GCP, or hybrid configurations, establishing reference architectures and governance guardrails.
  • Design and oversee network architecture, including VPC/VNet design, hybrid connectivity (VPN, Direct Connect, ExpressRoute), DNS strategy, and CDN/edge configurations.
  • Own capacity planning, performance engineering, and cost-optimization initiatives; implement FinOps practices to maintain visibility into cloud spend across teams and products.
  • Build and maintain disaster recovery and business continuity plans, including RTO/RPO targets, automated failover testing, and geographic redundancy strategies.
  • Evaluate emerging technologies (serverless, edge computing, container orchestration, AI/ML infrastructure) and provide strategic recommendations for adoption.
  • Serve as the senior technical owner for the organization’s Microsoft 365 tenant, including Exchange Online, SharePoint Online, OneDrive, Teams and Power Platform.
  • Design, implement, and govern the Microsoft Entra ID (Azure AD) environment: tenant architecture, directory synchronization (Entra Connect), conditional access policies, authentication methods, and B2B/B2C identity configurations.
  • Architect and maintain Entra ID Governance capabilities including access reviews, entitlement management, Privileged Identity Management (PIM), lifecycle workflows, and role-based access control (RBAC) aligned to least-privilege principles.
  • Develop and enforce M365 data governance and information protection policies using Microsoft Purview (sensitivity labels, DLP, retention policies, insider risk management, eDiscovery).
  • Plan and execute M365 migrations (tenant-to-tenant, on-premises Exchange/SharePoint to cloud, or hybrid coexistence), managing cutover scheduling, user communication, and post-migration validation.
  • Manage Microsoft licensing strategy and optimization, ensuring cost-effective allocation of E3/E5, add-on, and compliance SKUs across the organization.
  • Establish operational runbooks, monitoring dashboards (M365 Service Health, Entra sign-in logs, audit logs), and escalation procedures for platform availability and security events.
  • Stay current with Microsoft’s product roadmap and release cadence; evaluate and pilot new M365 features and Entra capabilities through staged rollout programs.
  • Serve as the primary technology partner to Marketing, Sales, and Revenue Operations for evaluating, selecting, and implementing marketing technology platforms (CRM, marketing automation, CDP, analytics, attribution, and personalization tools).
  • Lead cross-departmental integration initiatives: map data flows between MarTech, sales enablement, customer success, finance, and product systems to eliminate silos and ensure a unified view of the customer journey.
  • Own the MarTech stack architecture and roadmap, ensuring platforms are properly integrated via APIs, middleware, or iPaaS solutions (Workato, MuleSoft, Zapier Enterprise, or similar) and that data integrity is maintained across systems.
  • Manage implementation projects end-to-end: requirements gathering, vendor selection, solution design, data migration, UAT, training, and post-launch optimization.
  • Establish governance frameworks for marketing data quality, consent management, privacy compliance (CAN-SPAM, GDPR, CCPA), and list hygiene across all outbound channels.
  • Drive adoption and change management: develop training programs, create internal documentation, and build stakeholder alignment to ensure new technology investments deliver measurable ROI.
  • Define KPIs and reporting dashboards that connect marketing technology performance to business outcomes (pipeline contribution, CAC, LTV, conversion rates, engagement metrics).
  • Establish and maintain the organization’s regulatory compliance program, identifying all applicable federal, state, local, and international regulations (SOC 2 Type II, NIST CSF, ISO 27001, HIPAA, PCI-DSS, GDPR, CCPA, etc.).
  • Design and execute internal audit schedules: plan control assessments, gather and organize evidence, manage remediation tracking, and produce audit-ready documentation for external assessors and regulatory bodies.
  • Own the compliance reporting cadence, delivering clear and accurate status reports to executive leadership, the board of directors, and governmental or regulatory authorities as required.
  • Develop and maintain the organization’s policies, standards, and procedures library, ensuring alignment with evolving regulatory requirements and industry best practices.
  • Coordinate with Legal, HR, and Finance on privacy impact assessments, data-processing agreements, cross-border data transfer mechanisms, and records retention requirements.
  • Manage relationships with external audit firms, assessors, and certification bodies; prepare for and lead audit engagements through completion.
  • Implement continuous compliance monitoring through automated tooling and workflows of existing systems to reduce manual evidence-collection burden and provide real-time visibility into control effectiveness.
  • Track legislative and regulatory developments, proactively assessing their impact on the organization’s technology, data handling, and operational practices; recommend and implement required changes ahead of enforcement deadlines.
  • Build and lead the enterprise third-party risk management (TPRM) program, including vendor classification tiers, risk scoring methodologies, and lifecycle governance from onboarding through offboarding.
  • Conduct or oversee comprehensive vendor security assessments: review SOC 2 reports, penetration test results, data-processing agreements, business continuity plans, and sub-processor disclosures for all critical and high-risk vendors.
  • Develop and manage standardized vendor selection frameworks for enterprise-level applications and services, ensuring evaluation criteria encompass security posture, data privacy, financial stability, integration capabilities, SLA commitments, and regulatory compliance.
  • Lead cross-functional vendor selection committees, coordinating stakeholders from IT, Security, Legal, Procurement, Finance, and the requesting business unit to ensure thorough and objective evaluations.
  • Negotiate technology contracts and SLAs with a security and compliance lens, ensuring appropriate data-protection clauses, breach notification requirements, audit rights, and termination provisions are included.
  • Maintain a centralized vendor risk register and conduct periodic reassessments (annual or event-triggered) to ensure ongoing compliance with organizational risk thresholds and evolving regulatory requirements.
  • Establish vendor incident-response coordination protocols: define escalation paths, communication expectations, and remediation timelines for security events originating within the supply chain.
  • Monitor vendor financial health, M&A activity, and market position for strategic vendors to identify continuity risks and inform contingency planning.
  • Define and execute the enterprise unified communications (UC) strategy, encompassing voice, video conferencing, team messaging, contact center, and collaboration platforms to deliver a seamless, integrated communication experience across the organization.
  • Evaluate, select, and architect UC platforms (Microsoft Teams Phone, Zoom, RingCentral, Genesys, or comparable solutions), ensuring alignment with the organization’s Microsoft 365 ecosystem and broader infrastructure strategy.
  • Design and manage the migration from legacy PBX, on-premises telephony, and fragmented communication tools to modern cloud-based UC platforms, including number porting, SIP trunk design, call routing, and auto-attendant configurations.
  • Architect contact center solutions for customer-facing operations, integrating IVR, ACD, workforce management, quality monitoring, and CRM connectors to improve customer experience and operational efficiency.
  • Establish UC governance policies including call recording compliance, data retention, E911 requirements, international dialing policies, and acceptable use standards.
  • Own UC platform reliability and performance: define SLOs for call quality (MOS scores, jitter, latency), monitor service health dashboards, and manage escalation procedures with carriers and platform vendors.
  • Drive adoption and change management for UC platform rollouts, developing training programs, user guides, and support processes that ensure consistent adoption across distributed and remote teams.
  • Manage UC licensing optimization and cost allocation, ensuring the organization is right-sized across calling plans, operator connect agreements, and add-on features.
  • Lead the evaluation, selection, and ongoing governance of MSP and MSSP partnerships, ensuring service scope, delivery quality, and cost structures are aligned with the organization’s operational needs and growth trajectory.
  • Conduct comprehensive assessments of current managed service engagements to identify opportunities to right-size service levels, eliminate redundant coverage, consolidate providers, and drive measurable cost reductions without sacrificing security posture or operational reliability.
  • Define and enforce service-level agreements (SLAs), key performance indicators (KPIs), and operational-level agreements (OLAs) for all managed service relationships, including response times, resolution targets, availability guarantees, and reporting cadences.
  • Establish a structured MSP/MSSP evaluation framework encompassing security capabilities (SOC operations, threat detection, incident response), infrastructure management maturity, compliance support, geographic coverage, scalability, and total cost of ownership.
  • Own the transition planning and execution for MSP/MSSP onboarding, migration, or consolidation initiatives, including knowledge transfer, runbook development, escalation path definition, and parallel-run validation periods.
  • Monitor MSP/MSSP performance through regular business reviews, service credit tracking, incident trend analysis, and customer satisfaction scoring; hold providers accountable to contractual commitments.
  • Evaluate the build-vs-buy decision for managed services on an ongoing basis: determine which capabilities should be operated in-house, which should be fully outsourced, and which require a co-managed model to balance cost efficiency with organizational control.
  • Ensure all MSP/MSSP engagements comply with the organization’s third-party risk management program, including security assessments, data-handling agreements, and regulatory compliance requirements established in Section 6.
  • Build, mentor, and lead a multidisciplinary team spanning cybersecurity analysts, cloud/infrastructure engineers, M365/Entra administrators, compliance specialists, unified communications engineers, and marketing technology professionals.
  • Develop team roadmaps, set quarterly OKRs, and manage departmental budgets inclusive of personnel, tooling, licensing, managed services, and professional development.
  • Establish clear communication cadences with executive leadership, providing regular reporting on security posture, infrastructure health, compliance status, vendor risk, managed service performance, and integration project progress.
  • Champion a culture of continuous improvement, blameless post-mortems, and knowledge sharing across technical and non-technical teams.
  • Represent the technology organization in cross-functional steering committees, vendor negotiations, regulatory engagements, and strategic planning sessions.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Director

Education Level

No Education Listed

Number of Employees

11-50 employees

Job Search Resources

Similar Director, Enterprise Technology & Security job opportunities

Director Enterprise Technology
Highmark Health
Highmark Health • Pittsburgh, PA4d
Director Enterprise Technology Enablement
Newrez LLC
Newrez LLC • Coppell, TX12d • Onsite
Technology Risk Director- Enterprise Engineering
Citizens Financial Group
Citizens Financial Group • Johnston, RI12d • Hybrid
Technology Risk Director- Enterprise Engineering
Citizens
Citizens • Johnston, RI13d • Hybrid
🔥 New JobDirector, Technology Strategy & Planning
Fidelity Investments
Fidelity Investments • Smithfield, RI20h • Hybrid
Cyber Security Technology Director
Electrolux Group
Electrolux Group • Stockholm, ME10d • Onsite
Explore More Jobs

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service