Director of Security

Looking for Security Leads for a Director of Security role with a B2B SAAS STARTUP, Series D funded

Key Responsibilities:

Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program.

Work directly with the business units to facilitate risk assessment and management processes and collaborate with stakeholders throughout the enterprise to identify acceptable levels of residual risk.

Manage the company's information security organization, including hiring, training, and guiding staff in their daily responsibilities.

Develop and enhance an information security management framework based on SOC2, GDPR, and other relevant standards.

Oversee the management of the security aspects of the relationship with all third-party vendors, ensuring that company data and infrastructure are not compromised.

Create and manage information security and risk management awareness training programs for all employees, contractors, and approved system users.

Work alongside related functions and coordinate with corporate compliance, audit, legal, and HR management teams as required.

Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data, and the company's reputation.

Monitor the external environment for emerging threats and advise relevant stakeholders on appropriate action.

Develop and oversee effective disaster recovery policies and standards to align with company business continuity management program goals.

Coordinate external resources in the information security program, including auditors, consultants, and other outside resources.

Qualifications:

Proven track record and experience in developing information security policies and procedures and successfully executing programs that meet the objectives of excellence in a dynamic business environment.

Knowledge of common information security management frameworks, such as ISO/IEC 27001 and NIST, and familiarity with regulatory compliance requirements that impact financial and data security (e.g., GDPR, SOC2).

Experience with contract and vendor negotiations and management, including managed services.

Strong understanding of the business impact of security tools, technologies, and policies.

Excellent verbal and written communication skills, including the ability to explain technical concepts and technologies to business leaders and business concepts to the IT workforce. Education and Experience:

Bachelor's or Master's degree in Information Technology, Computer Science, or related field.

Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or similar credentials.

Minimum of 12 years of experience in risk management, information security, and IT jobs.

At least five years in a senior leadership role in information security management