Director of Security and Compliance

Role Overview

• Set the mission, vision, and strategy for technology risk management including cybersecurity, compliance and privacy organization.
• Implementing appropriate risk management and mitigation efforts while ensuring the success of business and IT initiatives, ensuring alignment with business objectives and product priorities.
• Demonstrate exceptional communication and presentation skills, effectively conveying complex technical and compliance concepts to critical stakeholders.
• Build successful stakeholder relationships with other IT , enterprise risk managers and key business stakeholders.
• Direct enterprise-wide security architecture and operations across IT and OT environments.
• Ensure compliance with all relevant cybersecurity, compliance and privacy regulations.
• Lead cross-functional Privacy Team to develop and implement a comprehensive enterprise-wide data and personnel privacy program.
• Develop and control the annual department budget to ensure that it's consistent with the overall strategic objectives of IT and the enterprise and is within plan.
• Foster an enterprise security culture by embedding compliance and risk management practices into daily business operations.
• Conduct comprehensive enterprise risk assessments and develop strategies that strengthen business continuity, disaster recovery, and incident response capabilities.
• Build and lead a high performing team.
• Lead vendor management and negotiations with security service providers.

Requirements

• Bachelor’s or Master’s degree in business administration or technology related field
• 15 or more years of experience in IT Operations, cybersecurity or business/industry
• 7 or more years of leadership responsibilities, including strategy, budgeting, and staffing
• 3 or more years of leadership responsibilities of an auditable compliance program (ex: NIST 800-171, CMMC, ISO 2700x, SOC 2, NERC-CIP, etc.)
• Exceptional leadership skills, with the ability to develop and communicate a vision that inspires and motivates staff and aligns with the IT and business strategy
• Effective influencing and negotiation skills and the ability to build consensus in complex environments where resources required for success may not be in direct control of this role
• Demonstrate collaboration skills across multiple teams including business operating groups, corporate departments and other IT teams
• Excellent analytical, strategic conceptual thinking, strategic planning, and execution skills
• Strong business acumen, including industry, domain-specific knowledge of the enterprise and its business units
• Developing staff including coaching, mentoring and performance management
• Deep understanding of current and emerging security technologies and practices, and how other enterprises are employing them
• Strong awareness of current and changing regulatory landscape
• Maintain awareness of emerging threats and incorporate appropriate mitigation measures
• Demonstrated ability to develop and execute a strategic staffing plan that ensures the right people are in the right roles at the right time, and employees are highly engaged and satisfied
• Third-party management, working closely with sourcing and vendor managers

Tech Stack

• Cyber Security

Benefits

• medical
• dental
• vision
• 401(k) with company matching
• Employee Stock Ownership Program (ESOP)
• individual stock ownership
• paid vacation
• paid sick leave
• paid holidays
• bereavement leave
• employee assistance program
• pre-tax flexible spending accounts
• basic term life insurance and AD&D
• business travel accident insurance
• short and long term disability
• financial wellness coaching
• educational assistance
• Care.com membership
• ClassPass fitness membership
• DashPass delivery membership
• additional term life insurance
• long term care insurance
• critical illness and accidental injury insurance
• pet insurance
• legal plan
• identity theft protection
• other voluntary benefit options