Director, Information Security, Infrastructure, and Data Governance

Quality Technology Services•Suwanee, GA

About The Position

Director, Information Security, Infrastructure, and Governance The Director, Information Security, Infrastructure, and Governance provides enterprise leadership for the organization’s information security program, with accountability for security strategy, governance, infrastructure, risk management, and executive advisory . Reporting into senior security leadership, this role defines the long‑term security vision while ensuring effective execution through people, process, and technology. The Director serves as a trusted advisor to executive leadership , guiding risk‑based decision‑making, security investments, and tradeoffs that enable business objectives while protecting critical assets. This role partners broadly across technology, legal, compliance, and business teams to embed security into platforms, services, and operations. Key Responsibilities Security Strategy & Governance Define, execute, and continuously mature a comprehensive enterprise information security strategy aligned with business objectives and organizational risk tolerance. Establish and govern security policies, standards, control frameworks, and operating models across the enterprise. Provide executive‑level guidance on security posture, material risks, strategic tradeoffs, and investment priorities. Ensure security strategy is aligned with enterprise risk management, compliance, and business enablement initiatives. Enterprise Risk Management & Compliance Own the enterprise cyber risk management program, including risk identification, assessments, threat modeling, prioritization, and remediation tracking. Ensure compliance with applicable regulatory, contractual, and industry requirements. Lead internal and external security audits, coordinating evidence collection, issue management, and remediation activities. Maintain and evolve governance, risk, and compliance processes to ensure consistent, defensible outcomes. Security Operations & Incident Leadership Provide executive oversight of security monitoring, detection, and incident response capabilities. Act as a decision authority during high‑severity security incidents, ensuring timely containment, escalation, communication, and recovery. Lead post‑incident reviews to drive root cause analysis, accountability, and systemic improvement across the organization. Partner with incident response, infrastructure, and application teams during investigations involving anomalous activity or compromise. Technology & Architecture Oversight Partner with infrastructure, cloud, and application teams to ensure security‑by‑design principles are embedded into platforms, services. Guide the implementation of technologies and controls required to manage information security risk and achieve governance objectives. People Leadership & Security Culture Build, lead, and develop a high‑performing information security organization, including managers, architects, engineers, and analysts. Establish clear goals, performance metrics, and professional development paths that support engagement, retention, and capability growth. Foster a service‑oriented, collaborative culture that emphasizes accountability, learning, and continuous improvement. Drive enterprise‑wide security awareness and training initiatives to embed security as a shared responsibility across the organization. Cross‑Functional Leadership & Change Enablement Collaborate with business, technology, and security leaders to align security initiatives with enterprise priorities. Act as a change agent, guiding the organization through evolving threats, technologies, and regulatory requirements. Lead security‑related initiatives and programs from strategy through execution, ensuring measurable outcomes. Communicate complex technical and risk concepts clearly and effectively to audiences ranging from executives to individual contributors.

Requirements

Extensive experience in information security, security risk management, and security operations.
Significant experience leading and managing enterprise information security teams and programs.
Demonstrated ability to align security strategy with business objectives and risk tolerance.
Experience owning or leading security governance, risk, and compliance programs.
Proven executive communication skills and experience advising senior leadership.
Strong executive presence with the ability to influence and advise at the highest levels of the organization.
Deep understanding of information security risk, controls, and business enablement.
Ability to make sound decisions in high‑impact, high‑pressure situations.
Strong analytical, organizational, and prioritization skills.
Ability to lead through ambiguity and change in a dynamic threat landscape.
High level of integrity, judgment, and professionalism.

Nice To Haves

Advanced security certifications or equivalent professional experience.
Experience operating in complex, regulated, or high‑availability environments.
Demonstrated success partnering closely with legal, compliance, and enterprise risk functions.

Responsibilities

Define, execute, and continuously mature a comprehensive enterprise information security strategy aligned with business objectives and organizational risk tolerance.
Establish and govern security policies, standards, control frameworks, and operating models across the enterprise.
Provide executive‑level guidance on security posture, material risks, strategic tradeoffs, and investment priorities.
Ensure security strategy is aligned with enterprise risk management, compliance, and business enablement initiatives.
Own the enterprise cyber risk management program, including risk identification, assessments, threat modeling, prioritization, and remediation tracking.
Ensure compliance with applicable regulatory, contractual, and industry requirements.
Lead internal and external security audits, coordinating evidence collection, issue management, and remediation activities.
Maintain and evolve governance, risk, and compliance processes to ensure consistent, defensible outcomes.
Provide executive oversight of security monitoring, detection, and incident response capabilities.
Act as a decision authority during high‑severity security incidents, ensuring timely containment, escalation, communication, and recovery.
Lead post‑incident reviews to drive root cause analysis, accountability, and systemic improvement across the organization.
Partner with incident response, infrastructure, and application teams during investigations involving anomalous activity or compromise.
Partner with infrastructure, cloud, and application teams to ensure security‑by‑design principles are embedded into platforms, services.
Guide the implementation of technologies and controls required to manage information security risk and achieve governance objectives.
Build, lead, and develop a high‑performing information security organization, including managers, architects, engineers, and analysts.
Establish clear goals, performance metrics, and professional development paths that support engagement, retention, and capability growth.
Foster a service‑oriented, collaborative culture that emphasizes accountability, learning, and continuous improvement.
Drive enterprise‑wide security awareness and training initiatives to embed security as a shared responsibility across the organization.
Collaborate with business, technology, and security leaders to align security initiatives with enterprise priorities.
Act as a change agent, guiding the organization through evolving threats, technologies, and regulatory requirements.
Lead security‑related initiatives and programs from strategy through execution, ensuring measurable outcomes.
Communicate complex technical and risk concepts clearly and effectively to audiences ranging from executives to individual contributors.