A high-growth, venture-backed technology company is hiring a Director of Cybersecurity to build and mature an enterprise security program for a modern, cloud-based product and operational technology ecosystem. This is a senior, high-impact individual contributor role for someone who can set strategy and execute hands-on—operating as a lean security function while partnering closely with Engineering, IT, Legal, and business leaders.
You’ll establish a scalable, repeatable, and auditable security operating model aligned to the NIST Cybersecurity Framework, driving security maturity across Identify, Protect, Detect, Respond, and Recover over a 3–5 year horizon. You’ll own outcomes across risk management, audit readiness, data protection, and incident preparedness—enabling growth while maintaining predictability and trust.
Security program leadership & governance
Build and drive a multi-year security roadmap aligned to company growth and potential global expansion.
Create and maintain security policies, standards, and operating procedures across cloud infrastructure, applications, data, and emerging technologies (including AI-enabled workflows).
Own the security risk management framework (risk register, scoring, acceptance/deferment, trend reporting, executive visibility) and define program KPIs.
Audit, compliance & assurance
Lead SOC 2 readiness and ongoing operations (Type I and progression to Type II), ensuring controls are implemented and evidence collection is low-friction and repeatable.
Own customer security questionnaires and assurance requests in partnership with internal stakeholders.
Support privacy/regulatory obligations (e.g., GDPR-related program artifacts, data inventories, and regional requirements as applicable).
Cloud, application & platform security
Define and enforce security requirements for AWS using native guardrails and security services.
Establish application security standards (secure SDLC, penetration testing, vulnerability remediation accountability).
Conduct security reviews for new systems, architectures, vendors, and major platform changes.
Identity, access & data protection
Lead IAM strategy (SSO, RBAC, provisioning/deprovisioning, periodic access reviews).
Implement data classification and data handling standards, ensuring controls scale with growth.
Detection, response & resilience
Own incident response strategy (playbooks, third-party coordination, post-incident reviews, monitoring/alerting, continuous improvement).
Partner on disaster recovery and business continuity planning, including tabletop exercises.
Security tooling, automation & remediation
Own security tooling (endpoint, vulnerability management, monitoring, awareness) and vendor selection/management.
Drive remediation to closure—hands-on when necessary; otherwise through Engineering/IT/Infrastructure.
Leverage automation and AI-assisted workflows to operate efficiently as a lean function.
Third-party & business risk
Perform vendor security reviews and ongoing third-party risk monitoring/remediation tracking.
Support security due diligence for partnerships, integrations, and potential M&A as needed.
8+ years in information security, security engineering, and/or security program leadership.
Direct ownership of SOC 2 (or comparable assurance framework): implementation, remediation, and steady-state operations.
Strong working knowledge of AWS security, IAM, application security, and incident response.
Comfortable operating with high autonomy and limited resources; strong accountability and bias for action.
Proven ability to set strategy while also rolling up sleeves to implement controls and close gaps.
Excellent judgment prioritizing risk and communicating tradeoffs to technical and non-technical leadership.
Experience building security programs that scale without a traditional, fully staffed security org.