Senior Director of IT and Security

Key Responsibilities

• Own and evolve the enterprise IT roadmap, including cloud infrastructure, end-user computing, networking, and tooling. 
• Lead a high-performing IT team, fostering a culture of operational excellence and continuous improvement. 
• Oversee vendor relationships, SLAs, and technology procurement to optimize cost, reliability, and security. 
• Champion digital transformation initiatives and drive adoption of scalable, modern IT solutions. 
• Own IT systems across the enterprise including user provisioning / de-provisioning, usage management, renewal strategy, etc. 
• Identify and execute cost optimization opportunities across SaaS, licensing, vendors, and internal IT operations. 
• Lead M&A integration activities related to IT, Security, and Compliance to drive unified architecture and cost savings 

• Own and manage compliance programs including SOC 2, ISO 27001, CMMC (contemplated), and other applicable frameworks.
• Lead annual and continuous audit readiness activities, serving as the primary liaison with external auditors and regulators.
• Develop, maintain, and enforce enterprise policies, standards, and procedures in alignment with regulatory requirements.
• Monitor the evolving regulatory landscape and proactively adapt programs to address new requirements.

• Oversee identity and access management (IAM), endpoint security, data loss prevention, and vulnerability management programs.
• Ensure security by design principles are embedded across IT systems, projects, and procurement processes.

• Lead enterprise risk assessments and third-party/vendor risk management programs.
• Maintain the IT risk register and drive remediation of identified gaps and control deficiencies.
• Report on compliance and risk posture to executive leadership and the Board as required.

• Serve as a trusted advisor to executive leadership on IT strategy, risk, and regulatory matters.
• Collaborate closely with Legal, Finance, HR, and client-facing teams to ensure aligned, enterprise-wide compliance.
•  Build and mentor a diverse, high-performing team of IT and compliance professionals.

Skills, Knowledge and Expertise

• 10+ years of progressive IT leadership experience, with at least 5 years in a Senior Director or VP-level role. 
• Deep expertise in compliance frameworks including SOC 2, ISO 27001, HIPAA, PCI-DSS, and/or CMMC. 
• Proven experience managing and scaling enterprise IT infrastructure.
• Strong background in information security principles, risk management, and audit leadership. 
• Exceptional communication and executive presence, with the ability to translate technical complexity to non-technical stakeholders. 
• Experience managing and developing high-performing teams in a fast-paced, growth-oriented environment. 
• Experience leading a remote-first distributed workforce leveraging on and off-shore resources  

• Relevant certifications: CISM, CISSP, CRISC, CISA, or equivalent. 
• Prior experience at a managed security services provider (MSSP) or professional services firm. 
• Familiarity with GRC platforms (e.g., Vanta, Drata, ServiceNow GRC, OneTrust). 
• Experience with FedRAMP, NIST 800-53, or state-level data privacy laws (CCPA, CPRA, etc.). 
• MBA or advanced degree in Information Systems, Computer Science, or related field.