Sr. Director - Information Security

The Ideal Candidate The Director of Information Security is responsible for building and leading our global information security program across cloud, on-premises, and hybrid environments. Reporting to the VP of Technology Operations, this leader will manage the Security Analyst, Senior Security Cloud Network Engineer, and Senior Security System & Network Engineer roles.
This role offers significant influence in shaping our security strategy and close partnership with the VP of Technology Operations and executive team. It requires a hands-on executive technical leader who can both set strategic direction and dive deep into incident response, cloud security, and network defense. The Director will mature our monitoring, threat response, and compliance posture while partnering closely with Technology, Product, and Engineering teams. Key Responsibilities Security Strategy & Leadership

• Develop and execute enterprise information security strategy, aligned with business goals and regulatory requirements.

• Develop and execute information security roadmap, aligned with Tech Ops goals and enterprise strategy.
• Lead the design and enforcement of security standards across AWS, Azure integrations, and on-premises systems within the US and abroad
• Provide security risk reporting and metrics to VP Tech Ops and executive leadership
• Manage and mentor the security team (Analyst, Sr. Cloud Security Engineer, Sr. Network Security Engineer).
• Represent security within the Technology Operations leadership team.

• Establish KPIs and metrics for security maturity, resilience, and incident response performance.

Cloud & Network Security Oversight

• Oversee cloud security architecture for AWS-native services (VPCs, Transit Gateway, Direct Connect, GuardDuty, WAF, Network Firewall).
• Direct firewall and VPN management across Palo Alto (Panorama), Cisco Meraki, and hybrid environments.
• Ensure secure hybrid connectivity across AWS, Azure, and global office sites.
• Champion zero-trust principles across endpoints, applications, and networks.

Security Operations & Incident Response

• Lead the monitoring and incident response program, integrating AWS CloudWatch, CloudTrail, Security Hub with Rapid7, LogRhythm, and log monitoring pipelines.
• Define incident response playbooks and coordinate Tier 2/3 escalations.
• Oversee forensic investigations, root cause analysis, and lessons learned after security events.
• Partner with IT Ops and DevOps to ensure timely remediation of vulnerabilities.

Governance, Risk & Compliance

• Ensure compliance with NIST, PCI DSS, CIS Benchmarks, SOC2, and insurer-driven security baselines (e.g., MFA enforcement).
• Drive risk assessments, security audits, and penetration testing.
• Own responses to customer/vendor security reviews, insurer security questionnaires, and regulatory audits.
• Maintain documentation for policies, controls, and audit reporting.
• Define and measure security KPIs, including Mean Time to Respond (MTTR) for incidents, percentage of assets onboarded into SIEM monitoring, and SLA compliance for vulnerability patching.

Automation & Continuous Improvement

• Lead automation of security operations using Terraform, Ansible, and CloudFormation.
• Implement CI/CD security integrations to support DevSecOps practices.
• Track KPIs for detection coverage, incident response times, and vulnerability remediation.

• Partner with DevOps and engineering to embed DevSecOps practices in the software lifecycle.
• Optimize SIEM and log ingestion pipelines to achieve full visibility across servers, endpoints, and laptops.

Qualifications

• 8+ years in IT and security, including senior leadership in cloud and network security.
• Proven expertise in AWS security services, SIEM platforms (Rapid7/LogRhythm), Palo Alto/Meraki firewalls, and hybrid connectivity.

• Proven experience securing AWS-first environments (VPCs, Security Hub, GuardDuty, WAF, Network Firewall) and hybrid global networks.

• Strong background in incident response, log analysis, and forensic investigation.
• Deep understanding of security frameworks and compliance standards (NIST, PCI DSS, SOC2, CIS).
• Hands-on automation/scripting experience with Terraform, Ansible, Python, or PowerShell.
• Certifications are strongly preferred: CISSP, CISM, AWS Security Specialty, PCNSE, CCNP Security.