Director, Information Security

About The Position

Requirements

• Proven experience in information security, cybersecurity, and IT audit execution .
• Strong, hands-on experience with SOC 2 Type II audits.
• Practical knowledge of security frameworks and standards (e.g., NIST, ISO 27001, CIS ).
• Experience maintaining and authoring security policies and procedures .
• Experience with Microsoft 365 security tooling , including Purview or comparable DLP / information governance platforms.
• Familiarity with identity and access management platforms (e.g., JumpCloud or similar).
• Experience working closely with IT, Ops , and Engineering teams.
• Comfort operating as a senior individual contributor who owns outcomes end-to-end.
• Excellent written and verbal communication skills, especially with auditors and customers.

Nice To Haves

• Experience automating or streamlining GRC and audit workflows.
• Familiarity with AWS security services , including WAF, Security Hub, GuardDuty, Shield, ALB, EC2, S3, RDS, and VPC.
• Exposure to LLM-assisted workflows for governance, documentation, or security operations.
• IT systems or network administration background.
• Relevant certifications (CISSP, CISM, CISA, or equivalent).

Responsibilities

• Governance, Risk, and Compliance (GRC) Own the day-to-day execution of SOC 2 audits , including: Gathering evidence and screenshots Responding to auditor requests Maintaining continuity and precedence across audit cycles Partnering with the Director of Compliance on audit responses and remediation tracking
• Maintain, update, and expand Voyant’s information security policies and procedures , including annual reviews and the creation of new policies (e.g., AI usage, acceptable use, access control).
• Contribute to periodic risk assessments , identifying gaps and coordinating remediation efforts.
• Ensure policies, controls, and evidence remain continuously audit-ready rather than point-in-time.
• Customer & Sales Security Support Partner with Compliance and Sales to respond to customer and prospect security questionnaires , RFPs, and due-diligence requests.
• Provide accurate, policy-backed answers regarding Voyant’s security posture, controls, and compliance commitments.
• Help maintain scalable processes and tooling for answering security questions efficiently and consistently.
• Data Protection & Microsoft 365 Security Help design, implement, and mature data protection controls within Microsoft 365, including: Microsoft Purview configuration for Data Loss Prevention (DLP), sensitivity labels, and information governance Collaboration with IT and Compliance to align technical controls with policy requirements
• Assist in defining data handling standards for sensitive customer and corporate data.
• Identity, Endpoint & SaaS Security Help administer and maintain Voyant’s JumpCloud environment , including: User and device management SSO application integrations Access control and lifecycle processes
• Collaborate with IT on endpoint, identity, and SaaS security best practices.
• Assist IT with select operational tasks where security expertise is required (e.g., networking, firewall configuration).
• Infrastructure & Application Security Evaluate Voyant’s overall security posture across corporate IT and SaaS environments.
• Work closely with Ops and Engineering to: Review application and infrastructure security controls Participate in threat modeling exercises Review results of penetration tests and vulnerability scans Coordinate penetration testing efforts and help prioritize remediation.
• Monitor the external threat landscape and advise stakeholders on emerging risks.
• Incident Response & Security Operations Maintain and periodically test incident response plans and procedures .
• Coordinate response activities in the event of a security incident, ensuring clear communication and recovery of critical services.
• Work with Voyant’s MSP and security vendors for intrusion detection and vulnerability management, including reviewing alerts and reports.
• Security Awareness & Enablement Develop and maintain security awareness training for employees.
• Promote a pragmatic, risk-based security culture that enables the business to move quickly and safely.

Benefits

• Flex Time or Paid Time Off and Sick Time Off
• 401K – 6% Employer Match
• Medical, Dental, Vision – HDHP or PPO
• HSA – Employer contribution (HDHP only)
• Volunteer Time Off
• Career Development / Recognition
• Fitness Reimbursement
• Hybrid Work Schedule