Director of Cyber Security

About The Position

Requirements

• 8–12+ years of progressive experience in information security, with at least 3–5 years ina seniorleadership ordirector'slevelrole.
• Strongexpertiseacross information security, application security, cloud security, and governance, risk, and compliance (GRC).
• Proven experience implementing and maturing security programs within SaaS orhigh growthtechnologyenvironments.
• Solid knowledge of regulatory and compliance frameworks including SOC 2, ISO 27001, PCI‑DSS, GDPR, CCPA, and similar standards.
• Experience supporting audits, certifications, and regulatory inquiries.
• Excellent communication skills with the ability to translate technical risk into business impact.

Nice To Haves

• Professional certifications such as CISSP, CISM, CISA, CCSP, or equivalentare stronglypreferred.

Responsibilities

• Lead the execution and continuous improvement ofCarltonOne’sinformation security and cyber risk programs.
• Act as the primary security advisor to senior technology leadership.
• Implement andmaintainsecurity governance frameworks aligned with global regulations and industry best practices.
• Promote a strong security culture through awareness programs, training, and practical guidance across teams.
• Lead secure software development lifecycle (SSDLC) practices, ensuring security is embedded throughout design, development, testing, and deployment.
• Partner with Engineering and Product teams on threat modeling, vulnerability management, secure code practices, and tooling.
• Own data protection programs including data classification, access controls, encryption standards, and incident response processes.
• Coordinate application security testing, penetration testing, and vulnerability remediation efforts.
• Implement cloud security controls and standards supportingCarltonOne’scloud infrastructure and services.
• Ensure secure architecture, identity and access management, and configuration best practices across cloud environments.
• Work closely with engineering teams to embed security into cloud design and deployment workflows.
• Manage enterprise cyber risk programs, including risk identification, assessment, prioritization, and mitigation.
• Maintain risk registers, metrics, and dashboards to support leadershipdecision-making.
• Ensure compliance with security and privacy frameworks including SOC 2, ISO 27001, PCI‑DSS, GDPR, and other applicable global regulations.
• Support and coordinate security audits, certifications, and customer assurance activities.
• Maintain and continuously improve incident response, security monitoring, and business continuity processes.
• Oversee security operations, including vulnerability management, threat detection, and incident response. Review and continuously improve incident managementprocedures andown theend‑to‑endincident response and Security Operations (SecOps) lifecycle.
• Act as incident lead during security events, coordinating investigation, response, communication, andpost incidentreviews.
• Lead and develop ahigh performingsecurity team across information security, application security, and risk functions.
• Set clear priorities, performance metrics, and development plans.
• Drive operational maturity through KPIs, process improvement, and regular reporting.

Benefits

• Competitive salary and benefits package.
• Health, dental, and vision coverage.
• 3 weeks’ vacation plus personal days.
• Access to our employee benefits portal for exclusive discounts.
• Monthly company-wide events, celebrations, and team activities.
• Bravo reward points program for recognition and appreciation
• Convenient office location close to public transit.