Director, Information Security and Technology

Revalize

10h•$150,000 - $190,000

About The Position

The Director of Information Security and IT Operations will serve as a strategic leader responsible for safeguarding the organization’s digital assets while ensuring the reliability, scalability, and efficiency of its IT infrastructure. This role combines oversight of enterprise-wide information security programs with the management of core IT operations, including networks, servers, cloud environments, and end-user devices. The Director will design and implement security frameworks, risk management strategies, and compliance initiatives while driving modernization of IT systems to support a global SaaS business model. Key responsibilities include embedding security into the software development lifecycle, managing incident response, and ensuring business continuity, while also optimizing IT service delivery, network performance, and device lifecycle management. The role requires close collaboration with engineering, product, and business teams to align technology initiatives with organizational goals. Additionally, the Director will champion the secure and responsible adoption of AI and emerging technologies, balancing innovation with risk mitigation. Success in this position demands a blend of visionary leadership, technical expertise, and the ability to influence stakeholders at all levels to achieve operational excellence and robust security posture.

Requirements

Education: Bachelor’s degree in Information Security, Computer Science, Information Technology, or a related field.
Experience: Minimum of 8–10 years in information security roles, with at least 3 years in a leadership or management capacity.
Strong knowledge of cybersecurity frameworks (e.g., ISO 27001, SOC 2) and familiarity with NIST CSF or equivalent.
Proven experience developing and implementing security policies, standards, and procedures in a SaaS or software-driven environment.
Hands-on experience with application and product security, including secure SDLC and DevSecOps practices.
Solid understanding of cloud security principles and SaaS operations (identity and access management, encryption, monitoring).
Demonstrated ability to manage incident response and vulnerability management programs effectively.
Excellent communication and interpersonal skills, with the ability to convey security concepts to technical and non-technical audiences.
High level of integrity, sound judgment, and ability to handle confidential information appropriately.

Nice To Haves

Master’s degree in Information Security, Cybersecurity, or a related field.
Professional certifications such as CISSP, CISM, or CISA.
Proficiency with German language
Experience in a global SaaS organization or software company serving the manufacturing technology industry.
Familiarity with AI security risks and governance for AI-enabled products and services.
Experience implementing DevSecOps practices and security automation in CI/CD pipelines.
Knowledge of third-party risk management and supplier security assurance processes.
Strong background in cloud-native security architectures (AWS, Azure, or GCP).
Experience with regulatory compliance in multiple jurisdictions (e.g., GDPR, SOC 2, ISO 27001).
Understanding of global IT function including asset management, network management, and associated support and refresh processes

Responsibilities

Manage and influence both physical and cyber security risk to protect the company, its customers, and stakeholders from operational, financial, and reputational harm.
Support the development and execution of the company’s information security strategy, ensuring alignment with business objectives and risk appetite.
Implement and maintain security governance processes, policies, and standards across the organization, ensuring compliance with applicable regulations and frameworks.
Contribute to the secure and responsible adoption of AI technologies within the organization and in AI-enabled products.
Oversee day-to-day security operations, including monitoring, incident response, and vulnerability management, to minimize risk and impact.
Partner with IT, Engineering, and Product teams to embed security into the software development lifecycle (secure-by-design, testing, and vulnerability remediation).
Assist in defining and improving cloud and SaaS security practices, including identity and access management, encryption, and monitoring.
Manage third-party security risk assessments and ensure appropriate controls are in place for vendors and partners.
Drive security awareness and training programs to promote a culture of security across the organization.
Provide regular reporting on security posture, incidents, and risk metrics to senior leadership.
Manage global technology device onboarding, refresh, and return processes; determine hardware needs for employee base; ensure assets are tracked and maintained
Ensure internal IT networks are stable and functioning properly; address office issues when they arise, keep technology up to date and make recommendations for upgrades as technology and needs change
Lead global IT Support function to ensure hardware and software problems are addressed timely and comprehensively. Maintain service level agreements for response and resolution timeframes.