VP, Information Security, Risk and Compliance

Direct Travel

About The Position

Direct Travel is a global travel management and services company operating at the intersection of travel, technology, finance, and customer experience. The company is modernizing its technology stack, building data-driven products, and making significant investments in security, compliance, and governance. Its future focuses on AI innovation to reduce operational costs and deliver personalized, intelligent experiences globally. The Vice President of Information Security & Compliance is a strategic executive leader responsible for overseeing global information security, data protection, governance, and compliance programs. This role ensures that products, infrastructure, and operations meet international standards, specifically targeting ISO 42001 (AI Management System) certification and PCI-QSA compliance within 18 months. The position requires a forward-looking leader with deep technical expertise, regulatory insight, and operational pragmatism to protect customer trust while enabling innovation.

Requirements

12+ years of experience in information security or compliance, with at least 5 years in senior leadership driving enterprise-wide programs.
Proven track record leading PCI-DSS, ISO, or SOC 2 compliance initiatives in a SaaS or financial/merchant-of-record context.
Deep understanding of cloud architectures (AWS, Azure, or GCP), security platforms, secure software development, and modern DevSecOps tools and practices.
Strong familiarity with data privacy regulations across EU, US, and APAC jurisdictions.
Exceptional communication, leadership, and change management skills.

Nice To Haves

Experience establishing AI governance, risk management, or model assurance frameworks preferred.
Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or equivalent credentials highly desirable.

Responsibilities

Develop and execute a global security and compliance roadmap aligned with corporate goals, focusing on ISO 27001 and SOC2, and expanding to ISO 42001, PCI-DSS, GDPR, CCPA, and other emerging data privacy frameworks.
Establish robust policies and risk models for secure and ethical AI adoption across products and platforms, ensuring adherence to future AI regulatory standards.
Lead initiatives to design privacy-first architectures supporting international data residency, cross-border transfer compliance, and encryption standards.
Partner with engineering and DevOps teams to build security into the product development lifecycle—deploy secure pipelines, automate compliance checks, and continuously monitor infrastructure health.
Maintain enterprise risk management processes, lead internal audits, coordinate external assessments, and oversee incident response and recovery workflows.
Build, mentor, and scale a global security & compliance organization with capabilities spanning application security, cloud security, GRC, and data protection.
Work cross-functionally with Sales, Product, Legal, Finance, and IT to align organizational practices and ensure security and compliance enable business growth—not constrain it.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume