IT Security Director

We are seeking an experienced and strategic IT Security Director to lead the organization's cybersecurity program, risk management initiatives, and information security operations. This role is responsible for developing and executing enterprise-wide security strategies that protect company systems, networks, applications, and data while supporting business growth and regulatory compliance.

The IT Security Director will partner closely with executive leadership, Legal, Compliance, Infrastructure, and Operations teams to ensure the organization maintains a strong security posture and is prepared to respond effectively to evolving cyber threats.

Key Responsibilities

Security Strategy & Leadership

• Develop and maintain the organization's information security strategy, policies, and standards
• Lead enterprise cybersecurity initiatives aligned with business objectives and regulatory requirements
• Provide leadership and oversight for security operations, incident response, vulnerability management, and threat detection
• Present cybersecurity risks, metrics, and recommendations to executive leadership and stakeholders

Risk Management & Compliance

• Conduct enterprise risk assessments and implement mitigation strategies
• Ensure compliance with applicable regulations and frameworks (NIST, ISO 27001, SOC 2, GDPR, HIPAA, PCI-DSS, etc.)
• Partner with Legal and Compliance teams on data protection, breach response, and governance initiatives
• Manage third-party/vendor security risk assessments and remediation efforts

Incident Response & Cyber Defense

• Lead incident response planning, testing, and execution
• Oversee security monitoring tools including SIEM, EDR, IDS/IPS, and cloud security platforms
• Coordinate investigations related to cybersecurity incidents and potential data breaches
• Ensure proper forensic preservation and reporting procedures

Infrastructure & Cloud Security

• Oversee security architecture for on-premise and cloud environments
• Implement identity and access management (IAM), zero-trust principles, and endpoint protection strategies
• Collaborate with IT teams to secure networks, applications, and infrastructure

Team Management

• Build, mentor, and manage security personnel and external security partners
• Foster a culture of cybersecurity awareness across the organization
• Develop training and awareness programs for employees and leadership

Qualifications

• Bachelor's degree in Information Security, Computer Science, Information Technology, or related field
• 10 + years of progressive cybersecurity experience, including leadership responsibilities
• Strong knowledge of cybersecurity frameworks, risk management, and regulatory compliance
• Experience leading incident response and security operations programs
• Knowledge of cloud security platforms (AWS, Azure, Google Cloud)
• Strong understanding of networking, firewalls, endpoint security, IAM, and vulnerability management
• Excellent communication and executive presentation skills

Preferred Certifications

• CISSP
• CISM
• CISA
• CRISC
• GIAC certifications

Desired Skills

• Strategic thinking and business alignment
• Strong analytical and problem-solving abilities
• Ability to manage high-pressure incident response situations
• Excellent collaboration and stakeholder management skills
• Experience working with legal, audit, and compliance teams