Director of Information Security

About The Position

Requirements

• Bachelor’s degree in Information Technology, Cybersecurity, or a related field; advanced degree (e.g., MBA, MS in Cybersecurity) preferred.
• Formal training or certification in Data Forensics, Information Security, or Ethical Hacking.
• Professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Fraud Examiner (CFE), Certified Information Security Manager (CISM), or Certified Cloud Security Professional (CCSP).
• 10+ years of progressive experience in Information Security, Risk Management, or Fraud Detection, with at least 3–5 years in a leadership or strategic role.
• Proven ability to develop and implement enterprise-wide security strategies, policies, and governance frameworks.
• Experience leading incident response, threat intelligence, and vulnerability management programs.
• Strong background in security architecture, network security, and application security across hybrid environments (on-prem, cloud, SaaS).
• Demonstrated success in building and mentoring high-performing security teams.
• Ability to communicate complex security concepts to executive leadership and non-technical stakeholders.
• Experience managing cross-functional collaboration with IT, legal, compliance, and business units.
• Skilled in budget planning, vendor management, and contract negotiation for security technologies and services.
• Deep understanding of fraud detection methodologies, data analytics, and pattern recognition in large datasets.
• Familiarity with security technologies including SIEM, firewalls, IDS/IPS, endpoint protection, and access control systems.
• Knowledge of regulatory frameworks such as ISO/SAE, HIPAA, SOX, GDPR, PCI-DSS, and NIST.
• Experience conducting risk assessments, audits, and compliance reviews in financial services, healthcare, or e-commerce environments.

Responsibilities

• Provide strategic leadership and oversight of the organization’s Information Security and Cybersecurity programs.
• Lead cross-functional security and fraud prevention initiatives, ensuring alignment with business objectives and regulatory requirements.
• Prepare and present clear, data-driven reports and presentations on security and fraud trends to executive leadership and stakeholders.
• Stay current with emerging security technologies, fraud prevention practices, and industry trends, and make strategic recommendations for adoption.
• Ensure the confidentiality, integrity, and availability of sensitive information in alignment with organizational trust and compliance standards.
• Lead and mentor a small, high-performing Information Security team, fostering professional growth and accountability.
• Direct and oversee security awareness and training programs to promote a culture of security across the organization.
• Ensure effective auditing processes are in place for system logs and user access privileges to identify and mitigate potential risks.
• Lead the organization’s response to cybersecurity incidents, coordinating cross-functional efforts and ensuring timely resolution.
• Lead threat modeling and security design reviews for new systems and infrastructure changes.
• Own the security response process for Sales RFPs, ensuring timely and accurate completion of security-related questionnaires.
• Serve as the primary liaison between Technology and business units, ensuring fraud prevention and InfoSec initiatives are effectively integrated across the organization.
• Oversee ITEL (Information Technology and Enterprise Logging) functions, ensuring systems are optimized for fraud detection and security monitoring.
• Monitor and investigate transactions, accounts, and affiliate networks using internal and external tools to detect and document fraudulent activity and trends.
• Conduct enterprise-level risk assessments and develop fraud prevention strategies tailored to evolving threats and business needs.
• Maintain and enhance fraud analysis models to improve detection efficiency and system effectiveness.
• Collaborate with Operations and other departments to develop strategies for identifying anomalies and integrating fraud prevention into business processes.
• Design and implement secure architecture for networks, systems, and applications to prevent vulnerabilities and ensure scalability.
• Collaborate with IT and DevOps to embed security into CI/CD pipelines and cloud infrastructure.
• Evaluate and recommend security technologies (e.g., zero trust, micro segmentation, identity federation) to strengthen enterprise posture.
• Develop and maintain security policies, standards, and procedures aligned with regulatory requirements and industry best practices.
• Own and manage the execution of annual security assessments, including SOC audits, penetration testing, and vendor security reviews.
• Ensure compliance with HIPAA, HITECH, and other privacy regulations, including breach notification protocols and data handling standards.
• Oversee privacy impact assessments (PIAs) and data protection strategies for systems processing PII.
• Serve as a security lead for audits and regulatory inquiries related to protected health information (PHI) and sensitive personal data.
• Implement and monitor safeguards for electronic PHI (ePHI), including encryption, access controls, and secure transmission protocols.

Benefits

• Competitive Salary Range: $120,000.00 - $160,000.00 Annually
• Generous health benefits
• Company sponsored wellness benefits
• Complimentary Life Insurance and Long-Term Disability Insurance
• Paid time off
• 6 Paid Holidays & 2 Paid Floating Holidays
• Work from home and hybrid schedules available!