Director of Information Security
Position Overview
The Director of Information Security is a senior leadership role responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure that information assets and technologies are adequately protected. This individual will lead a team of security professionals, work cross-functionally with business and technology stakeholders, and drive a culture of security awareness throughout the organization. The Director will oversee risk assessments, incident response, compliance, and the continuous improvement of security operations.
Key Responsibilities
Strategic Leadership
Develop and execute a comprehensive information security strategy aligned with business objectives, risk tolerance, and regulatory requirements.
Present security posture, risks, and strategic recommendations to executive leadership and the board of directors on a regular cadence.
Establish security metrics, KPIs, and reporting frameworks to measure the effectiveness of the security program.
Manage the information security budget, ensuring cost-effective allocation of resources to high-impact initiatives.
Security Operations & Architecture
Oversee the design, implementation, and management of enterprise-wide security infrastructure, including firewalls, SIEM, endpoint detection, identity and access management, and cloud security.
Direct the Security Operations Center (SOC) and ensure 24/7 monitoring, threat detection, and incident response capabilities.
Lead the evaluation and deployment of emerging security technologies and tools to stay ahead of evolving threats.
Ensure secure architecture practices are integrated into all technology initiatives, including cloud migrations, application development, and third-party integrations.
Risk Management & Compliance
Conduct enterprise-wide risk assessments and develop mitigation strategies to reduce exposure to cyber threats.
Ensure organizational compliance with applicable regulations and frameworks such as SOC 2, ISO 27001, NIST CSF, HIPAA, GDPR, PCI-DSS, and CCPA.
Manage internal and external security audits, penetration testing programs, and vulnerability management processes.
Develop and maintain the business continuity and disaster recovery plans in partnership with IT and business leadership.
Team Leadership & Culture
Build, mentor, and lead a high-performing information security team, fostering professional development and succession planning.
Design and deliver organization-wide security awareness training programs, phishing simulations, and education initiatives.
Cultivate a security-first culture across all departments by partnering with HR, Legal, Engineering, and Operations.
Serve as the primary point of contact for security incidents, coordinating response efforts and communicating with stakeholders.
Vendor & Third-Party Management
Oversee third-party risk management, including vendor security assessments, contract reviews, and ongoing monitoring.
Manage relationships with managed security service providers (MSSPs), consultants, and technology vendors.
Negotiate and oversee cyber insurance policies in coordination with legal and finance teams.
Required Qualifications
Bachelor s degree in Information Security, Computer Science, Information Technology, or a related field.
10+ years of progressive experience in information security, with at least 5 years in a leadership or management role.
Deep expertise in security frameworks and standards (NIST, ISO 27001, CIS Controls, MITRE ATT&CK).
Demonstrated experience managing incident response, vulnerability management, and security operations at scale.
Strong understanding of cloud security (AWS, Azure, Google Cloud Platform), network security, application security, and identity management.
Proven ability to communicate complex security concepts to non-technical audiences, including C-suite executives and board members.
Experience managing security budgets of $1M+ and leading teams of 5 or more direct reports.
Preferred Qualifications
Master s degree in Cybersecurity, Business Administration, or a related discipline.
Industry certifications such as CISSP, CISM, CISA, CRISC, or GSLC.
Experience in highly regulated industries (financial services, healthcare, government, or critical infrastructure).
Familiarity with zero-trust architecture principles, DevSecOps practices, and AI/ML security considerations.
Track record of building security programs from the ground up or leading significant security transformation initiatives.
Experience with privacy regulations and data protection laws across multiple jurisdictions.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
- Dice Id: cxbcsi
- Position Id: Job44227
- Posted 6 hours ago
Never miss an opportunity! Create an alert based on the job you applied for.
