Director of Cybersecurity and Compliance #ESF5104

ExpertHiring•Dallas, TX

About The Position

What you will be doing: Develop and lead the security and compliance program, embedding security throughout the company’s processes. Cultivate a culture of security awareness, providing training and guidance to foster secure practices across all teams. Advise executive leadership on cybersecurity risks, trends, and compliance obligations. Develop and maintain security policies, standards, and controls, ensuring they align with regulatory requirements and best practices. Conduct regular risk assessments, compliance audits, and manage remediation efforts. Integrate security practices into the software development lifecycle, applying DevSecOps principles. Lead the company’s first SOC 2 Type 2 audit, overseeing readiness and remediation for certification. Act as a hands-on leader during security incidents and be directly involved in technical tasks as needed. Configure and manage cybersecurity tools (e.g., SIEM, IAM, EDR) and oversee incident response and monitoring. Lead penetration testing and vulnerability remediation efforts. Partner with cross-functional teams to build and secure data, products, and systems. Manage customer communications on security and compliance matters, ensuring transparency and trust. Brief executive leadership on any changes in relevant regulations or frameworks (e.g., SOC 2, ISO 27001, HIPAA, GDPR, CCPA). Experience you will need: 6+ years of experience in cybersecurity and compliance roles with progressive responsibilities. CISSP, CISM, CISA, or similar certifications. Proven experience with SOC 2 audits and managing other common compliance frameworks (ISO 27001, HIPAA, CCPA, GLBA, etc.). Background in developing, implementing, and managing a comprehensive security program. Strong understanding of cybersecurity technologies, tools, and DevSecOps principles. Hands-on experience managing risk assessments, incident response, and tool configuration. Skilled at balancing strategic planning with hands-on execution; able to mentor and guide a team while engaging directly in technical solutions. Strong communicator with the ability to engage technical and non-technical stakeholders.

Requirements

6+ years of experience in cybersecurity and compliance roles with progressive responsibilities.
CISSP, CISM, CISA, or similar certifications.
Proven experience with SOC 2 audits and managing other common compliance frameworks (ISO 27001, HIPAA, CCPA, GLBA, etc.).
Background in developing, implementing, and managing a comprehensive security program.
Strong understanding of cybersecurity technologies, tools, and DevSecOps principles.
Hands-on experience managing risk assessments, incident response, and tool configuration.
Skilled at balancing strategic planning with hands-on execution; able to mentor and guide a team while engaging directly in technical solutions.
Strong communicator with the ability to engage technical and non-technical stakeholders.

Responsibilities

Develop and lead the security and compliance program, embedding security throughout the company’s processes.
Cultivate a culture of security awareness, providing training and guidance to foster secure practices across all teams.
Advise executive leadership on cybersecurity risks, trends, and compliance obligations.
Develop and maintain security policies, standards, and controls, ensuring they align with regulatory requirements and best practices.
Conduct regular risk assessments, compliance audits, and manage remediation efforts.
Integrate security practices into the software development lifecycle, applying DevSecOps principles.
Lead the company’s first SOC 2 Type 2 audit, overseeing readiness and remediation for certification.
Act as a hands-on leader during security incidents and be directly involved in technical tasks as needed.
Configure and manage cybersecurity tools (e.g., SIEM, IAM, EDR) and oversee incident response and monitoring.
Lead penetration testing and vulnerability remediation efforts.
Partner with cross-functional teams to build and secure data, products, and systems.
Manage customer communications on security and compliance matters, ensuring transparency and trust.
Brief executive leadership on any changes in relevant regulations or frameworks (e.g., SOC 2, ISO 27001, HIPAA, GDPR, CCPA).

Benefits

Competitive compensation package, including immediate PTO!
Comprehensive health and dental insurance!
401(k) with company match!
Wellness benefits, including monthly gym, wellness, and reading allowances!
Professional development through a company-wide Udemy subscription!
Catered breakfast Thursdays, Employee of the Month rewards, quarterly company events, weekly happy hours!
A Collaborative and growth-oriented environment!

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume