Director, Information Security, Infrastructure, and Data Governance

About The Position

Requirements

• Extensive experience in information security, security risk management, and security operations.
• Significant experience leading and managing enterprise information security teams and programs.
• Demonstrated ability to align security strategy with business objectives and risk tolerance.
• Experience owning or leading security governance, risk, and compliance programs.
• Proven executive communication skills and experience advising senior leadership.
• Strong executive presence with the ability to influence and advise at the highest levels of the organization.
• Deep understanding of information security risk, controls, and business enablement.
• Ability to make sound decisions in high‑impact, high‑pressure situations.
• Strong analytical, organizational, and prioritization skills.
• Ability to lead through ambiguity and change in a dynamic threat landscape.
• High level of integrity, judgment, and professionalism.

Nice To Haves

• Advanced security certifications or equivalent professional experience.
• Experience operating in complex, regulated, or high‑availability environments.
• Demonstrated success partnering closely with legal, compliance, and enterprise risk functions.

Responsibilities

• Security Strategy & Governance Define, execute, and continuously mature a comprehensive enterprise information security strategy aligned with business objectives and organizational risk tolerance.
• Establish and govern security policies, standards, control frameworks, and operating models across the enterprise.
• Provide executive‑level guidance on security posture, material risks, strategic tradeoffs, and investment priorities.
• Ensure security strategy is aligned with enterprise risk management, compliance, and business enablement initiatives.
• Enterprise Risk Management & Compliance Own the enterprise cyber risk management program, including risk identification, assessments, threat modeling, prioritization, and remediation tracking.
• Ensure compliance with applicable regulatory, contractual, and industry requirements.
• Lead internal and external security audits, coordinating evidence collection, issue management, and remediation activities.
• Maintain and evolve governance, risk, and compliance processes to ensure consistent, defensible outcomes.
• Security Operations & Incident Leadership Provide executive oversight of security monitoring, detection, and incident response capabilities.
• Act as a decision authority during high‑severity security incidents, ensuring timely containment, escalation, communication, and recovery.
• Lead post‑incident reviews to drive root cause analysis, accountability, and systemic improvement across the organization.
• Partner with incident response, infrastructure, and application teams during investigations involving anomalous activity or compromise.
• Technology & Architecture Oversight Partner with infrastructure, cloud, and application teams to ensure security‑by‑design principles are embedded into platforms, services.
• Guide the implementation of technologies and controls required to manage information security risk and achieve governance objectives.
• People Leadership & Security Culture Build, lead, and develop a high‑performing information security organization, including managers, architects, engineers, and analysts.
• Establish clear goals, performance metrics, and professional development paths that support engagement, retention, and capability growth.
• Foster a service‑oriented, collaborative culture that emphasizes accountability, learning, and continuous improvement.
• Drive enterprise‑wide security awareness and training initiatives to embed security as a shared responsibility across the organization.
• Cross‑Functional Leadership & Change Enablement Collaborate with business, technology, and security leaders to align security initiatives with enterprise priorities.
• Act as a change agent, guiding the organization through evolving threats, technologies, and regulatory requirements.
• Lead security‑related initiatives and programs from strategy through execution, ensuring measurable outcomes.
• Communicate complex technical and risk concepts clearly and effectively to audiences ranging from executives to individual contributors.

Benefits

• This role is eligible for a comprehensive total rewards package and annual incentive opportunities.