Director of Information Security

About The Position

Requirements

• 3-5+ years of progressive experience in information security, IT infrastructure, or related field.
• 3+ years in a leadership or management role.
• Strong understanding of endpoint security tools, SIEM/SOC operations, and datacenter/virtualization security.
• Experience with compliance frameworks such as SOC 2, NIST CSF, CIS, ISO 27001, or similar.
• Deep knowledge of identity and access management, network security, vulnerability management, and incident response.
• Experience completing or overseeing cyber insurance assessments.
• Ability to manage multiple security initiatives in a high-growth MSP environment.

Nice To Haves

• Experience in a Managed Service Provider (MSP) or consulting firm.
• Relevant certifications such as CISSP, CISM, CISA, CCSP, or similar.
• Experience leading SOC audit readiness and evidence management.
• Strong communication skills with both technical and executive audiences.

Responsibilities

• Security Leadership & Governance Develop, maintain, and oversee the company’s information security strategy and roadmap.
• Establish a security governance framework, policies, standards, and procedures.
• Provide regular security reporting and risk analysis to the executive team.
• Serve as the primary security authority for the organization and a trusted advisor to leadership.
• Endpoint, Network & Datacenter Security Oversee security of all corporate and client-managed endpoints (servers, workstations, mobile devices).
• Ensure robust datacenter security controls over compute, storage, networking, and virtual environments.
• Collaborate with Infrastructure leadership on hardening standards, segmentation, access control, and change management.
• Direct vulnerability management efforts—identification, prioritization, remediation tracking.
• Compliance, Audits & Risk Management Lead SOC 2/SOC 1, cyber insurance assessments, and other compliance-related audits.
• Own and maintain risk assessment processes, including internal and external SRA’s for clients.
• Ensure evidence collection, documentation accuracy, and policy alignment for all audits and certifications.
• Maintain incident response plans, disaster recovery planning contributions, and security playbooks.
• Cyber Insurance & Regulatory Requirements Maintain compliance with cyber insurance requirements; ensure mandated controls are documented and implemented.
• Act as the primary point of contact for insurance renewals, questionnaires, and security posture validation.
• Security Operations & Incident Response Oversee security monitoring, alert response, and escalation processes (partnering with SOC providers as needed).
• Lead and coordinate investigations for security incidents, breaches, and vulnerabilities.
• Drive root cause analysis and implement corrective actions and preventative controls.
• Cross-Functional Collaboration Partner with Infrastructure, Service Desk, Applications, and Client Success teams to ensure security integration across operations.
• Provide security guidance and support for client-facing solutions and managed services.
• Support pre-sales and client engagement by participating in security discussions, questionnaires, and SRA responses.
• Team Leadership Lead, mentor, and develop the internal security team (or build one if in early stages).
• Manage relationships with third-party SOC, SIEM, and security vendors.
• Cultivate a security-aware culture across the organization through training and communication.

Benefits

• 2 weeks paid PTO
• Hybrid work option
• Personal Office at MCA