Director of Information Security
Indexed description
Position Overview
We are seeking a Director of Information Security to lead and evolve an enterprise-wide cybersecurity program within a complex, multi-channel organization.
This role is responsible for protecting enterprise systems, customer data, digital commerce platforms, payment environments, and partner integrations. The position blends strategic leadership with operational execution, ensuring that cybersecurity enables business growth while maintaining a strong risk posture.
The ideal candidate will lead the development of a modern security roadmap aligned to industry frameworks such as NIST and CIS, implement zero-trust architecture, and partner across the organization to ensure security is embedded into all technology and business initiatives. This leader must be comfortable operating in a lean environment, balancing strategic leadership with hands-on execution across security operations, infrastructure, compliance, and enterprise applications.
Key Responsibilities
Enterprise Cybersecurity Program Leadership
- Develop and mature a comprehensive cybersecurity program aligned to NIST CSF and/or CIS Controls
- Lead enterprise risk assessments and implement risk-based mitigation strategies
- Establish and report on KPIs including MTTD, MTTR, uptime, and vulnerability reduction
- Oversee threat detection, incident response, vulnerability management, and security operations (SIEM/SOC)
- Ensure audit readiness and lead security incident reviews and tabletop exercises
Secure & Resilient Infrastructure Architecture
- Design and maintain secure network architecture across corporate locations, distribution environments, cloud platforms (Azure/AWS), and remote workforce
- Implement zero-trust models and identity-centric access controls
- Lead system hardening, patch management, and infrastructure modernization initiatives
- Improve monitoring and response through automation and advanced threat detection capabilities
Enterprise Application & Data Security
- Embed security across enterprise platforms including CRM, ERP, WMS, eCommerce, payment processing, and analytics systems
- Ensure strong data governance, encryption, segmentation, and access controls
- Protect digital platforms from threats including fraud, bot activity, and DDoS attacks
- Secure data pipelines supporting business intelligence and analytics
Secure Architecture & Integrations
- Enforce secure-by-design principles across all new systems and integrations
- Implement secure API frameworks and partner integration standards
- Ensure security validation prior to production deployment
- Support secure configuration of enterprise platforms and external marketplace integrations
Governance, Compliance & Risk Management
- Ensure compliance with applicable regulatory frameworks including PCI-DSS, GDPR, CCPA, and other relevant security and privacy standards
- Lead PCI-DSS compliance initiatives, assessments, remediation efforts, and ongoing control validation
- Lead third-party risk management and vendor security assessments
- Maintain enterprise risk register and incident response plans
- Present cybersecurity posture and risk to executive leadership
Leadership & Team Development
- Lead and develop network and security team members
- Promote a culture of security awareness across the organization
- Manage security tools, vendors, and budget
- Drive continuous improvement and adoption of best practices
- Operate effectively as a hands-on leader, personally contributing to technical initiatives when needed
Qualifications
Required Experience
- 8–12+ years of progressive IT experience, including 5+ years in cybersecurity and/or network security leadership
- Experience leading enterprise security programs aligned to NIST or CIS frameworks
- Proven experience securing cloud environments, enterprise applications, ERP platforms, and integrated systems
- Experience leading or supporting PCI-DSS compliance programs and payment card security environments
- Experience supporting multi-site environments preferred
Technical Expertise
- Enterprise network and security architecture
- Zero Trust and Identity & Access Management (IAM)
- SIEM/SOC, EDR, and vulnerability management tools
- Cloud security (Azure and/or AWS)
- API security and integration controls
- Data protection, encryption, and segmentation
- ERP security and enterprise application controls
- PCI-DSS controls, assessments, and remediation
Education & Certifications
- Bachelor’s degree in IT, Cybersecurity, Computer Science, or related field (or equivalent experience)
- Preferred: CISSP, CISM, CISA, CCNP/CCIE Security, PCI Professional (PCIP), or cloud security certifications
Leadership Competencies
- Strategic thinker with strong business acumen
- Ability to translate technical risk into business impact
- Proactive and prevention-focused mindset
- Strong decision-making during incidents
- Collaborative, cross-functional leadership style
- Comfortable operating in a lean, highly accountable environment
- Data-driven and results-oriented
Equal Opportunity Employer
Our organization is an Equal Opportunity Employer and is committed to fostering an inclusive and diverse workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity or expression, national origin, age, disability, protected veteran status, genetic information, or any other characteristic protected by applicable federal, state, or local law.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search