Information Security Director

About The Position

Requirements

• Deep technical background in information security, with strong knowledge of networks, infrastructure, and cloud platforms.
• Expertise with security tools, monitoring platforms, and incident response processes.
• Leadership and people management skills with demonstrated ability to inspire and develop teams.
• Exceptional project management skills, with the ability to define, drive, and deliver complex initiatives.
• Ability to interpret, draft, and enforce complex information security policies, procedures, and standards.
• Strong communication skills, with the ability to simplify and present complex topics to broad audiences.
• Experience working directly with clients on security topics (Questionnaires, audits, presentations, etc.).
• Must have experience supporting SOC 2 and ISO 27001 audits, with knowledge of HIPAA and NIST-CSF frameworks.

Nice To Haves

• Bachelor’s degree in Information Security, Computer Science, Information Technology, or a related field; equivalent experience considered.
• 8+ years of progressive experience in information security, including 3+ years in a leadership role.
• Documented experience supporting SOC 2 and ISO 27001 audits, with knowledge of HIPAA and NIST-CSF frameworks.
• Hands-on experience with AWS or other major cloud providers highly desired.
• Relevant certifications (e.g., CISSP, CISM, CISA, CCSP) strongly preferred.

Responsibilities

• Define and drive Empyrean’s information security strategy in alignment with business objectives, roadmap task sets, and project initiatives, which includes collaboration with other stakeholders.
• Lead and mentor information security team, ensuring accountability, collaboration, & professional growth.
• Act as the 'ringleader' of information security operations, harmonizing tools, resources, and personnel toward desired outcomes in conjunction with the VP and leadership team.
• Oversee day-to-day operation of security tools, technologies, and processes.
• Lead the response to cyber incidents, including triage, investigation, remediation, and communication.
• Identify, assess, and mitigate potential security risks across infrastructure, networks, & cloud environments.
• Ensure ongoing compliance with SOC 2, ISO 27001, HIPAA, and NIST-CSF standards.
• Represent Empyrean’s security posture and program to auditors.
• Draft, refine, and enforce security-centric policies, procedures, and standards.
• Represent and/or support Empyrean via client security reviews, and questionnaires, as well as in client-facing meetings.
• Support and secure both on-premises and AWS cloud environments in partnership with infrastructure and engineering teams.
• Drive improvements in network and infrastructure security architecture in collaboration with stakeholders.
• Clearly articulate complex security topics to technical and non-technical audiences, including executive leadership and clients.
• Deliver impactful security presentations to internal teams and external stakeholders.
• Support the VP in various ways to forward strategic and business outcomes, and roadmap execution.
• Participate in audits and compliance activities as needed.
• Provide training and awareness to internal stakeholders.
• Contribute to process improvement initiatives outside of the direct scope where relevant technical expertise applies.

Benefits

• Ability to work on-site, in a hybrid capacity, or remote as required by the role.
• Availability for after-hours support as needed.
• Must be authorized to work in the United States without sponsorship.