Director of Information Security

As Director of Information Security, reporting to the CTO, you will lead our security strategy, drive risk & compliance, and embed security by design across the organization’s infrastructure.

Key Responsibilities:

• Develop and implement information security strategy, policies, and controls aligned with business objectives.
• Monitor and assess security vulnerabilities, incidents, and emerging threats across the environment, including cloud and SaaS posture, and third-party risks.
• Support IT in maintaining and testing business continuity and disaster recovery plans.
• Manage risk and compliance efforts, including readiness for audits such as SOC2, ISO27001, GDPR, and others.
• Lead security awareness training for our employees
• Partner with IT, MIS, product, and engineering teams to embed “security by design” principles into all systems and processes.
• Serve as the internal security advisor, engaging with the executive team, auditors, and external stakeholders.
• Collaborate with Legal to ensure regulatory alignment and oversight of third-party security due diligence.

Requirements:

• 3 years in InfoSec leadership roles, especially in software companies or mature security functions.
• Technical certifications, including but not limited to CISSP, CISM, CISA, or CRISC, are highly preferred.
• Bachelor’s degree in Computer Science, Information Security, or related field; advanced degree preferred.
• Proven ability to operate hands-on and autonomously in a security leadership context
• Deep knowledge of information security frameworks (ISO 27001, NIST, etc.), threat modelling, incident response, and security technologies.
• Experience supporting external audits and certifications (SOC2, ISO27001, GDPR, etc.).
• Self-sufficient, excellent communication skills, with the ability to articulate risk and requirements to both technical and executive stakeholders.