Director - Information Security & IT Compliance

JOB SUMMARY Director of Information Security & IT Compliance will play a pivotal role in our cybersecurity strategy, IT governance and compliance strategies, collaborating closely with the CISO and the broader governance organization. The primary responsibility will be to support the CISO in developing and executing comprehensive security programs that protect our infrastructure, applications, data and organization s assets. This person will be instrumental in driving the implementation of industry-leading security practices and ensuring compliance with relevant regulations. MAJOR RESPONSIBILITIES People Leadership: Plan and organize Security and Governance areas in India to delivery on organizational goals. Hire, develop, coach, mentor Leaders and Individual contributors to achieve business objectives and performance standards. Leadership & Strategy: Collaborate with the CISO, Governance and Compliance leaders to lead a team of cybersecurity, governance professionals, inspiring them to achieve excellence and fostering a culture of proactive security and compliance awareness across the organization.Assist in defining and executing the companys strategy, aligning it with business goals and industry best practices. Risk Management: Conduct risk assessments, identify potential vulnerabilities and threats that could impact the organizations operations, data integrity, and reputation, and design mitigation strategies to protect critical assets effectively. Lead in identifying IT risk, developing mitigation strategies, alternative solutions, resolving issues, etc. in collaboration with project managers. Performing all work while leveraging industry recognized NIST, COBIT, HITRUST, ISO 27001 and COSO frameworks. Incident Response: Manage the incident response team (NOC) to promptly and efficiently respond to incidents, minimize impact, and initiate remediation actions. Support and enhance ITSM applications and enterprise monitoring tools to meet organizational availability goals. Compliance and Governance: Ensure compliance with relevant cybersecurity regulations, data protection laws, and internal policies. Coordinate audits and implement necessary controls. Support the IT governance strategy and roadmap implementation. Policy and Process Management: Design, implement, and maintain IT governance policies, procedures, and standards that address key areas such as risk management, compliance, data security, and technology usage. Monitor policy compliance and assess the need for updates or adjustments based on changing business and regulatory landscapes. Compliance and Audit: Ensure that IT practices and systems comply with relevant regulations, industry standards, and internal policies. Coordinate and lead internal and external audits related to IT governance, collaborating with auditors and stakeholders to address findings and implement corrective actions. Oversee and deliver multiple complex IT internal audits to facilitate HITRUST accreditation for customer and internal control assurance with the accountability for successful completion of all project deliverables to the appropriate stakeholders within established schedule, scope, and quality objectives. Awareness and Training: Collaborate with the training team to develop security awareness and IT governance programs for employees and provide regular training to enhance the organizations security posture. Foster a culture of compliance and responsible technology usage across the organization. Vendor Management: Liaise with the vendor management (VM) team to conduct security assessments of existing and prospective vendors, especially those with which the organization shares intellectual property (IP), as well as regulated or other protected data such as Software as a service (SaaS) provider, Cloud/infrastructure as a service (IaaS) provider, Managed service providers (MSPs) and other relevant vendors. Evaluate and oversee the security posture of third-party vendors and partners, ensuring they meet our security standards. Security Architecture: Review and contribute to the design of secure technical solutions, providing guidance on security best practices Threat Hunting: Lead threat hunting activities to proactively identify and respond to advanced threats. Identity and Access Management (IAM): Implement and manage IAM solutions to ensure that access to systems and data is granted only to authorized individuals. Data Privacy: Develop and implement data privacy policies and procedures to protect sensitive information. Performance Measurement and Reporting: Prepare and present regular KPIs, reports to the executive team, highlighting key performance indicators and the overall security, governance landscape. MINIMUM JOB REQUIREMENTS Education Bachelor s degree in IT related field or work experience (See below) Work Experience 15+ years general IT experience w/ 8+ years specific to IT Security/Compliance Knowledge / Skills / Abilities Proven experience in cybersecurity roles, with a minimum of 3 years in a leadership position. Industry certifications such as CISSP, CISM, CISA, or other relevant certifications are preferred. In-depth knowledge of cybersecurity best practices, standards, frameworks (NIST, etc.), and emerging trends. Solid understanding of technology risk frameworks (such as NIST, HITRUST, SOC, ISO, COBIT, PCI, FedRAMP etc. Strong understanding of risk management, incident response, and security governance. Experience in Information Technology and Information Security/Compliance with the focus on adhering to best practices and applicable regulatory standards such SOX, HIPPA, CCPA, GDPR, etc. Familiarity with ITIL (Information Technology Infrastructure Library) or similar IT service management frameworks. Excellent leadership and communication skills, with the ability to articulate complex security concepts to non-technical stake Experience with security technologies such as firewalls, intrusion detection systems, encryption, and IAM solutions. Experience in developing and delivering security training program. Demonstrated success in collaborating with cross-functional teams to achieve security goals. Demonstrated ability to manage and mentor a team of professionals. DISCLAIMER All duties and requirements are subject to possible modification to reasonably accommodate individuals with disabilities. This position description in no way states or implies that these are the only duties to be performed by an employee occupying this position. Employees will be required to follow any other job-related instructions and to perform any other job-related duties requested by their supervisor(s)/manager(s). This document does not create an employment contract, implied or otherwise, other than an "at will" employment relationship.