Director, Information Security
Role details
Job location
Tech stack
Job description
Responsible for leading the development and execution of White Cap's information security strategy. Ensure the protection of systems, data, and networks from cyber threats while maintaining compliance with regulatory, contractual, and industry standards. Collaborate with IT, senior leadership, and external stakeholders to manage security risk, govern security practices, and oversee incident response, monitoring, and security operations.
Major Tasks, Responsibilities and Key Accountabilities
-
Develops and executes an enterprise information security strategy aligned with business objectives.
-
Identifies emerging threats and leads strategic security enhancements.
-
Conducts and oversees risk assessments (third-party, vulnerability, penetration testing, application).
-
Implements risk mitigation plans and maintains security policies, standards, and procedures.
-
Ensures compliance with industry frameworks and regulatory requirements.
-
Oversees security monitoring, detection, and automated response capabilities.
-
Manages core security technologies (firewalls, IDS/IPS, endpoint protection, etc.).
-
Leads incident response and recovery planning, testing, and execution.
-
Drives enterprise-wide security awareness and training programs.
-
Manages vendor relationships, contracts, and security solution procurement.
-
Leads, mentors, and develops the information security team.
-
Manages the information security budget and optimizes resource allocation.
Nature and Scope
-
Problems are typically defined by higher level leadership. Problems are difficult. Solutions require analysis and investigation.
-
Decides how to achieve planned results within an organization's plans, policies, and guidelines. May set or change plans/goals within respective department or area.
-
May manage department via multiple layers of managers OR directly supervise a staff of professional individual contributors at the senior or technical advisor level.
Requirements
- Typically requires BS/BA in a related discipline. Generally 9+ years of experience in a related field, including several years in a management/supervisory capacity.
Preferred Qualifications
-
Deep understanding of information security principles, practices, and technologies.
-
Deep knowledge of, and implementation experience with GRC functions, including SOX Compliance, PCI DSS, IT Audits, Cyber Risk Management.
-
Deep knowledge of, and implementation experience with security frameworks such as NIST (CSF, SP 800-53, etc.), ISO/IEC 27001, PCI DSS.
-
Strong leadership skills with the ability to inspire and lead a high-performing information security teams, including MSSPs.
-
Experience in managing and influencing cross-functional teams and working collaboratively with senior executives.
-
Ability to develop and execute long-term information security strategies aligned with business objectives.
-
Excellent problem-solving skills with a proactive approach to addressing security challenges.
-
Bachelor's in information security, computer science, IT, or related field (Master's/MBA preferred).
-
CISSP, CRISC or CISM preferred.
-
Proven experience leading and delivering information security programs and projects.
If you're looking to play a role in building America, consider one of our open opportunities. We can't wait to meet you.