Job Title: Director of Information Security / CISO
Location: New York, NY (Hybrid)
This established data management and secure communications firm provides critical information services to highly regulated industries. Operating at scale, the organization prioritizes top-tier data protection, system resiliency, and operational integrity to maintain the trust of its global enterprise clients.
As the Director of Information Security (CISO), you will report directly to the President to champion and advance the organization's information security management system (ISMS). In this high-impact role, you will evaluate security policies, drive complex certifications, and lead cross-functional risk management initiatives. You will serve as the core technical expert ensuring the network, physical security, and data infrastructure remain completely resilient against evolving threats.
Requirements
- Proven experience leading information security frameworks, data security standards, and system resiliency strategies.
- Deep technical knowledge of network platforms, software, virtualization, and modern data security architecture.
- Strong expertise with ISO 27001 and HiTrust certification requirements.
- Demonstrated capability in conducting risk assessments, vulnerability scanning, and business continuity/disaster recovery planning.
- Commitment to continuous professional development, with a track record of completing advanced security training annually.
Responsibilities
- Evaluate, design, and implement ISMS policies and procedures to eliminate security gaps and enhance the organization's security profile.
- Partner with IT and management to harden network infrastructure, access controls, and physical security measures.
- Manage the compliance calendar, ensuring all monthly, quarterly, and annual security tasks and document reviews are executed.
- Schedule and lead annual external certification audits (ISO 27001 and HiTrust), including evidence collection and submission.
- Coordinate responses to customer security assessments, requests for information (RFIs), and third-party compliance audits.
- Oversee regular penetration testing and vulnerability scanning, translating findings into actionable mitigation tasks.
The organization offers a competitive executive compensation package, comprehensive benefits, and a collaborative work culture that deeply values technical excellence and professional growth. This hybrid position provides the strategic autonomy to shape enterprise security strategy while working directly alongside supportive executive leadership.