About The Position

We're looking for a Director of Information Security to join our Technology Experience (TX) team and take ownership of the full information security lifecycle. Reporting to the SVP of Finance & Enterprise Solutions, you'll be a key member of our leadership team, setting the strategy and standards that protect our people, products, and customers. This is a true people-leadership role, giving you the opportunity to build, mentor, and inspire a talented security organization. Your remit spans five critical domains: Governance, Risk & Compliance (GRC); Product & Application Security; Security Operations & Threat Management; Cloud & Infrastructure Security; and Trust & Customer Assurance.

Requirements

  • Bachelor's in Cybersecurity, Computer Science, Information Systems, or a related field (Master's or MBA with a risk/technology focus preferred), or an equivalent mix of education and experience.
  • 10+ years in information security, including 5+ years leading and directing security teams.
  • CISSP strongly preferred; CISM, CISA, CRISC, or CCISO an asset.
  • Proven ownership of enterprise security across SaaS, cloud, on-premises, and private-cloud deployments—including products delivered to regulated utilities and critical-infrastructure customers.
  • Hands-on ownership of compliance programs (SOC 2, ISO 27001) and customer-facing security assurance.
  • Deep knowledge of international data-protection frameworks (GDPR, CCPA) applied in a SaaS environment.
  • Experience securing AI/ML products and defining AI security governance.
  • A track record of maturing a security function from operational to strategic—and using security as a commercial differentiator in enterprise deals.
  • A bias for action, strong prioritization, simple communication, and disciplined execution.

Nice To Haves

  • Master's or MBA with a risk/technology focus preferred
  • CISM, CISA, CRISC, or CCISO an asset

Responsibilities

  • Build a measurable, business-aligned security strategy across technology, networks, data, applications, cloud, and the secure use of AI.
  • Develop and maintain an enterprise security strategy aligned to business objectives and Copperleaf's Industrial-AI product context.
  • Set security standards, policies, roles, and responsibilities based on industry-leading frameworks.
  • Embed early-stage, "shift-left" security across delivery teams through a clear engagement model.
  • Drive an operating model that enables fast, focused decisions without unnecessary complexity.
  • Own enterprise security risk and the control framework.
  • Own the security risk register and the enterprise risk-assessment and treatment process, tracking mitigation to closure.
  • Run the SOC 2 and ISO 27001 programs end to end, maintaining certification and regulatory readiness (GDPR, CCPA, PIPEDA).
  • Own security and data-protection controls; partner with Legal and the DPO to embed privacy-by-design into the product lifecycle.
  • Co-develop practical AI and privacy governance with Product, IT, Legal, and the Head of AI.
  • Direct detection, response, and continuity so the organization can prevent, withstand, and recover from attacks.
  • Direct security operations across detection, monitoring, and response using SIEM, EDR, IAM, and related tooling.
  • Lead incident response end to end—from containment and eradication through recovery and post-incident improvement.
  • Oversee vulnerability management, threat intelligence, and proactive testing.
  • Own business continuity and disaster-recovery planning for security-impacting events.
  • Embed security across the product lifecycle and every deployment model.
  • Partner with R&D and Product to build security into the SDLC.
  • Maintain an effective posture across cloud, on-premises, and private-cloud deployments used by regulated utilities and critical-infrastructure customers.
  • Establish guardrails for the secure development and use of AI, in coordination with the Head of AI.
  • Turn a strong security posture into a competitive advantage in regulated and critical-infrastructure markets.
  • Own the Trust Center and external security narrative; serve as primary contact for customer security inquiries, questionnaires, and audits.
  • Partner with Legal and commercial teams on security schedules, data-protection terms, redlines, and customer assurance commitments.
  • Provide timely, credible, risk-based assurance that accelerates enterprise sales and renewals.
  • Build and develop a high-performing team with a clear "stay secure" culture across Copperleaf.
  • Own the org design and staffing model, sizing the team and its leadership to risk, demand, and business priorities.
  • Directly manage, coach, and develop the InfoSec team across all five security functions.
  • Foster a culture of speed, focus, simplicity, ownership, and clear prioritization in a high-growth environment.
  • Embed organization-wide security awareness through ongoing training and clear expectations.
  • Develop and execute annual security plans, budget, and KPIs, monitoring progress against goals and service levels.
  • Build executive- and Board-level reporting that frames security risk and posture in business terms.
  • Pursue cost-effectiveness through innovation, vendor management, and process improvement.
  • Serve as primary security advisor to the SVP and represent InfoSec in cross-functional governance.

Benefits

  • Competitive salary, based on experience
  • Bonus eligibility
  • Flexible paid time off, including sick and holiday
  • Medical, dental, & vision insurance
  • Flexible spending accounts
  • Life insurance and disability benefits
  • Tuition assistance
  • Community involvement and volunteering events
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service