Director Information Security

About The Position

Requirements

• Bachelor’s degree in Computer Science/MIS (or equivalent experience).
• 5+ years’ experience in information security governance/technology risk, controls, audit/compliance, or related roles (regulated environment preferred).
• End-to-end audit readiness/response and exam support experience, including managing evidence, deliverables, and stakeholders (Internal Audit/regulators).
• NIST CSF-aligned controls and testing expertise (controls inventory/library, mapping, evidence standards, and design/operating effectiveness testing), including SOX/ITGC exposure as applicable.
• Proven issue management through remediation and closure for audit/exam and security testing findings (action plans, validation, and closure evidence).
• GRC/audit management tooling experience (AuditBoard preferred).
• Experience supporting penetration testing and vulnerability remediation governance (prioritization, communication, retesting, and closure).
• Technical experience with Microsoft security/identity platforms (M365 security, Entra ID/Azure AD, Intune) plus Active Directory and Group Policy.
• Strong written and verbal communication skills; able to brief technical teams and executives and produce audit-ready documentation.
• Industry certification (e.g., CISSP, CASP+, GSEC) or equivalent.

Responsibilities

• Partner with IT and the Information Security Officer to implement and continuously improve security strategy, controls, monitoring, vulnerability management, and reporting.
• Lead threat intelligence, including recurring review of internal/external intelligence and proactive risk mitigation.
• Own the NIST CSF-aligned technology controls program (framework/library, evidence standards, and design/operating effectiveness testing) and drive remediation of gaps.
• Own end-to-end audit/exam and SOX technology support, including planning/walkthroughs, evidence quality review, and timely responses; manage workflow/evidence in AuditBoard (or equivalent).
• Manage findings through closure (audits, exams, control testing, pen tests, and vulnerabilities): risk rating, action plans, milestone tracking, validation, and closure evidence.
• Assess third-party technology/service risk and partner with leaders to implement appropriate security controls.
• Provide security engineering guidance across identity/access, data protection, monitoring/response, and cloud/network/endpoint security (including Microsoft security capabilities).
• Maintain governance documentation and audit-ready artifacts (policies, standards, procedures, control narratives, and evidence requirements).
• Drive security tool and process enhancements; coordinate vendors; and develop training/materials for technology staff and employees.
• Deliver concise risk, controls, and audit status reporting to executive and governance stakeholders; escalate emerging risks with recommendations.

Benefits

• Healthcare (medical, dental, vision)
• Basic term and optional term life insurance
• Short-term and long-term disability
• Parental leave
• 401(k) with employer match
• Paid vacation & paid holidays