Director of Information and Data Security

About The Position

Requirements

• 10+ years of experience in cybersecurity, information security, security engineering, or related roles, including leadership responsibility.
• Experience in a SaaS environment with responsibility across multiple security domains such as security operations, cloud security, IT security, identity and access management, or product security.
• Strong hands-on experience with incident response, vulnerability management, endpoint security, identity and access controls, and centralized logging and monitoring.
• Experience partnering with Engineering and DevOps teams to strengthen cloud and application security.
• Experience establishing or improving secure development practices, including secure SDLC, threat modeling, code scanning, and release security reviews.
• Experience coordinating remediation of security findings, including penetration test findings and vulnerability management activities.
• Demonstrated ability to lead cross-functionally and influence technical, operational, and compliance stakeholders.
• Strong written and verbal communication skills, including the ability to clearly communicate risks, priorities, and recommendations to senior leadership.

Nice To Haves

• Experience in fintech, regulated SaaS, or environments serving financial institutions.
• Experience working in organizations with SOC 2 or similar security and compliance frameworks.
• Experience with business continuity and disaster recovery planning and testing.
• Experience with AI security, AI governance, or security review of AI-enabled product capabilities.
• Familiarity with data protection and privacy considerations in customer-facing SaaS environments.
• Experience building or scaling security programs in a high-growth company.

Responsibilities

• Define and enhance Eltropy’s security architecture across cloud infrastructure, identity and access, endpoint security, logging, monitoring, and data protection.
• Lead the operational security program, including incident response processes, security runbooks, monitoring, and escalation frameworks.
• Strengthen identity and access governance, including role-based access controls, privileged access management, joiner/mover/leaver processes, and periodic access reviews.
• Oversee endpoint security, asset inventory, and IT security governance across the organization.
• Lead business continuity and disaster recovery planning, readiness, and testing.
• Partner with SRE / DevOps, Engineering, and Product teams to govern product security for the SaaS platform.
• Establish and maintain a secure development framework, including secure SDLC practices, secure coding standards, threat modeling, code scanning, security reviews before release, and developer security training.
• Oversee the vulnerability management program across applications, cloud infrastructure, endpoints, and third-party dependencies.
• Manage remediation tracking for annual penetration tests and coordinate with Engineering and relevant teams on remediation efforts.
• Define and strengthen security and governance controls for internal AI tool usage and AI-enabled product capabilities.
• Develop practical guardrails for AI security, customer data privacy, and responsible use of AI technologies across internal and customer-facing environments.
• Partner cross-functionally to provide visibility to leadership on security risks, remediation priorities, and program maturity.