Director of IT & Security

About The Position

Requirements

• A bachelor's degree in information technology or computer science
• 10 years of related work experience
• 4 or more years in an information security management or team lead role
• CISSP or CISM certification
• Experience with Microsoft, Mac, and Linux is required
• Strong analytical and organizational skills
• Excellent written and verbal communication skills
• Team-oriented approach to work
• The successful candidate should be comfortable and able to jump in when needed to help the IT team with tickets, lead Security and Compliance meetings, and review/update policy and GRC as needed.

Nice To Haves

• Proficient AI Security and Governance knowledge, and specifically understanding of Claude skills, plugins, connectors, and Claude Code usage.
• CCSP or CIPM certification
• Experience working with sales teams to assist them in closing deals through meeting with customers to discuss Omatic’s Security/Privacy posture.
• Experience working with Developers/Infrastructure teams and secure SDLC (SAST, DAST, SCA, annual pen test findings remediated).

Responsibilities

• Develop and maintain IT systems architecture and define the standards and protocols for data exchange, communications, software, and interconnections.
• Establish, coordinate, and administer a plan for IT operations, including IT training and technical support, together with necessary controls and procedures.
• Provide advice on evaluation, selection, implementation, and maintenance of information systems, ensuring appropriate investment in strategic and operational systems.
• Negotiate all IT system and SaaS acquisition contracts, soliciting involvement and participation of other management team members as appropriate.
• In conjunction with the COO, coordinate IT reviews and endorses strategic IT plans, budget proposals, and proposed changes.
• Ensure that all personnel are appropriately trained in the usage of all IT products and services to effectively carry out their responsibilities.
• Oversee the secure procurement, account provisioning, and life-cycle management of corporate AI software, including platform configurations, plugins, skills, and developer connectors (e.g., Claude, Gemini).
• Direct hardware lifecycle management, including strategic enterprise laptop refresh cycles, to optimize Total Cost of Ownership (TCO) and departmental budgeting.
• Oversee Identity and Access Management (IAM) infrastructure, driving internal Single Sign-On (SSO) adoption and advising customer-facing SSO deployments (e.g., Auth0).
• Manage IT department team members across all areas of training and support, operations, and project management.
• Assure protection for the information assets of the business through internal control, internal auditing, IT security, recovery procedures and assures proper insurance coverage.
• Develop and maintain a business IT recovery plan to ensure timely and effective restoration of IT services in the event of a disaster.
• Serve as lead to the Security and Compliance Team (a cross-departmental team).
• Establish and enforce advanced AI Security and Governance guardrails to mitigate risks such as intellectual property exposure, source code leakage, and supply-chain vulnerabilities within the development lifecycle (e.g., working with Infrastructure and Product teams to secure AI integrations).
• Administer and enforce vulnerability remediation SLAs across the secure SDLC, ensuring pen test, SAST, and DAST findings are remediated.
• Working with Infrastructure and Product Development to ensure SAST scan procedures are followed for all PRs.
• Direct the corporate Security and Privacy awareness programs, including mandatory annual training, HIPAA training, and continuous phishing simulations (e.g., KnowBe4).
• Architect, lead, and document annual Business Continuity and Disaster Recovery (BCDR), Incident Response, and Physical Office tabletop exercises.
• Evaluate and deploy advanced threat protection mechanisms.
• Collaborate with Legal and Sales to negotiate complex customer contractual nuances, including Data Protection Agreements (DPAs), Business Associate Agreements (BAAs), and strict geographical access restrictions.
• Coordinate the activities related to Omatic's annual audits (SOC 2 Type II, HIPAA, TX-RAMP, and other audits that may apply).
• Ensure that enterprise information systems operate according to internal standards, external accrediting agency standards, and legal requirements.
• Perform annual vendor management reviews and documenting evidence for other audit controls in Omatic’s GRC platform (Drata).
• Manage and update Omatic’s Trust Center as needed to provide customers with a transparent view of Omatic’s Security/Privacy posture.
• Map, track, and document AI usage, policies, and sub-processors within the GRC platform (Drata) to maintain continuous 3rd-party attestation readiness.
• Maintain and update customer-facing security/privacy/compliance information and FAQ documentation within the SafeBase Trust Center to accelerate enterprise customer risk assessments.
• Monitor emerging multi-regional data privacy laws and contractual nuances regarding data processing, machine learning, and AI workloads; follows Omatic’s Third-Party Risk Management (TPRM) Policy to review new systems and AI prior to implementation.
• Coordinate cross-departmental notifications for production sub-processor changes to maintain strict adherence to privacy law "right to be notified" obligations.
• Oversee and update the annual HECVAT full as needed when updates are required based on Omatic Cloud features/updates.

Benefits

• Competitive compensation
• benefits
• flexible work environment