Director of Information Security

About The Position

Requirements

• 10+ years in IT/Security, with a proven track record of managing multi-million-dollar strategic projects. Requires hands-on experience with EDR/XDR, SIEM, Firewall and Cloud security systems.
• Extensive experience managing MSSP, MDR, or specialized security consulting firms that may be disparately located across the globe.
• Ability to translate complex security risks into business-impact language for the C-Suite and Board of Directors.
• Bachelor’s degree in a relevant technology field; CISSP or CISM is highly preferred

Responsibilities

• Security Roadmap Development: Design and execute a multi-year enterprise cyber security strategy that supports organizational scaling, digital transformation, and investment readiness.
• Technology Investment Governance: Evaluate and prioritize security projects based on ROI, risk reduction, and business enablement.
• Cross-Functional Alignment: Collaborate with Finance, Operations, Risk, and Legal to ensure security initiatives (such as AI frameworks or cloud migrations) are integrated into the company’s core DNA.
• Managed Services Oversight: Direct the focus and daily work of the MSSP to ensure they are meeting SLAs and addressing the most critical threats to the environment. Perform process audits to confirm SOC is working effectively for our organization.
• Continuous Improvement: Act as the primary point of contact for the MSSP, conducting regular business reviews (QBRs) to tune detection rules and response playbooks.
• Vulnerability Management: Oversee the company’s vulnerability exposure and work with engineering teams to ensure devices are patched appropriately on schedule.
• Security Incident Playbooks: Ensure the company’s various incident response plans are regularly assessed and kept up to date, and that our teams can execute them precisely when needed during a potential security event.
• Frameworks: Lead the implementation of frameworks (e.g., NIST, SOC2, or ISO) to ensure the organization remains compliant and audit ready.
• Threat Intelligence: Convert high-level threat landscape data into actionable internal projects that harden our infrastructure against emerging risks.
• External Resource Management: Modernize and manage the lifecycle of third-party risk management, from vendor selection and contract negotiation to ongoing performance auditing.

Benefits

• comprehensive benefits package that includes competitive pay with early access to earned wages, flexible scheduling, health, dental, vision, life, and disability insurance, paid time off and holidays, a 401(k) with employer match, paid training and growth opportunities, uniforms (where applicable), and additional perks such as an Employee Assistance Program (EAP), volunteer time off, and wellness-related benefits