Director of Information Security and IT

About the role We're hiring a Director of Information Security and IT to own our information security function and IT operations end-to-end. This is a working leadership role that consolidates responsibilities historically split across multiple roles under a single accountable leader. You'll partner directly with the VP of Technology & Professional Services and the Corporate Leadership Team on our IT and security strategy. What you'll own Information security — strategy, governance, risk, compliance, and incident response across corporate IT, product infrastructure, and customer-facing solutions IT operations — software portfolio, vendor relationships, contracted support, hardware lifecycle, business continuity, and disaster recovery Our IT automation infrastructure (agents, skills, operational scripts) that keeps a lean team moving The security relationship with our customers — questionnaires, audits, and escalations — and our representation to prospects, partners, and regulators What we're looking for 8+ years of progressive experience across information security and IT operations, with at least 3 years carrying significant security responsibilities Hands-on technical depth in Linux server administration, scripting, and modern infrastructure tooling Working knowledge of containerization (Docker, Kubernetes), virtualization, and cloud infrastructure security Experience implementing and operating security frameworks such as SOC 2, ISO 27001, or NIST CSF, and managing external audits Demonstrated experience leading incident response end-to-end Familiarity with DevSecOps practices and with building or operating automated / agentic operational workflows Strong communication skills across executive, customer, and regulator audiences Bachelor's or higher in CS, Information Security, IT, Engineering, or equivalent experience CISSP, CISM, CCSP, OSCP, or equivalent certifications preferred Why this role You'll be the single accountable leader for security and IT at a company where you can shape the operating model, and serious enough that the work matters to customers, regulators, and the leadership team. We're looking for a player-coach who builds for automation first.