Director, Information Security

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Information Technology, or equivalent professional experience
• 5+ years of experience in technical security leadership roles
• Demonstrated expertise in regulated compliance frameworks, including FedRAMP, GovRAMP, and NIST 800-53
• Experience securing cloud-native environments, particularly Microsoft Azure
• Strong ability to translate technical risk into business-aligned decisions and executive communication

Nice To Haves

• Professional certifications such as CISSP, CISM, CRISC, CISA, CCSP, CAP, or equivalent
• Experience leading authorization efforts for SaaS platforms in government-regulated markets
• Proven success building scalable security governance programs across multiple business units

Responsibilities

• Develop and execute KBS’s enterprise information security strategy across corporate and product environments
• Serve as the senior operational authority for security decision-making, risk prioritization, and program execution
• Provide executive-level reporting and guidance on cybersecurity posture, investments, and emerging risks
• Direct the protection of corporate IT infrastructure, including networks, endpoints, identity systems, and cloud services
• Lead security incident response, investigation, escalation, and remediation activities
• Oversee physical security technologies, disaster recovery coordination, and business continuity planning
• Ensure consistent enforcement of security policies, standards, and operational controls
• Maintain FedRAMP and GovRAMP readiness for KBS SaaS applications and regulated service offerings
• Lead efforts to achieve and sustain authorization status through continuous monitoring and control implementation
• Coordinate internal teams and external stakeholders to support audits, assessments, and authorization milestones
• Ensure product security aligns with NIST 800-53 requirements and applicable government frameworks
• Own and manage the enterprise Governance, Risk, and Compliance (GRC) program and supporting systems
• Build and maintain a scalable security control framework supporting FedRAMP, HIPAA, SOC 2, MARS-E 2.0, and other standards as required
• Oversee internal and third-party security audits, risk assessments, and compliance reporting
• Establish repeatable processes for risk management, control validation, and corrective action tracking
• Lead, mentor, and grow the Information Security team across corporate security and product compliance functions
• Support hiring, onboarding, training, and professional development pathways for security personnel
• Foster a culture of accountability, collaboration, innovation, and continuous improvement
• Direct enterprise-wide security awareness programs and role-based training initiatives
• Ensure security education supports both corporate operations and regulated product responsibilities
• Promote secure-by-design practices across technical and non-technical teams

Benefits

• Medical coverage, including employer match program for Health Savings Accounts (HSAs)
• Generous 401k retirement plan with employer match
• Dependent Care Flexible Spending Account (DCFSA)
• Employee Assistance Program (EAP) with unlimited usage and visits and wellness program
• Dental and Vision insurance
• Company-sponsored life insurance, with options for additional coverage
• Short- and Long-Term Disability (STD and LTD) benefits
• Pet insurance
• Maternity, Paternity, and Military benefits
• Baby on Board program
• Paid Time Off package
• Company Anniversary Bonus program
• Professional Development opportunities, including Young Professional Series, Manager Focus series, Cyber Security panels and briefs, and more
• A+ rated HQ office full of amenities including fitness center, rec room, coffee bars, bike room, café, auditorium, private Mother’s room, and more