Head of IT Security
Role details
Job location
Tech stack
Job description
We are seeking a visionary Security Leader to architect and lead a comprehensive security strategy for a privately held organization. This is a pivotal role during a period of massive modernization as we transition legacy financial systems to advanced cloud ERP, centralize 150+ internal applications, and build a world-class Data & AI ecosystem.
The ideal candidate will move beyond "gatekeeping" to act as a business enabler, implementing a modern security fabric that spans multi-cloud environments (AWS, Azure, Google, etc.) and ensure our Technology, Data, and AI initiatives are secure by design., Enterprise Security Architecture: Hybrid Cloud & AI-Ready
-
Zero Trust Framework: Design and implement a unified identity and access model that treats all users and devices as untrusted until verified, regardless of location.
-
AI Security & Governance: Establish a security posture for the AI lifecycle, including model risk management, data privacy for LLMs, and protection against emerging AI-specific threats.
-
Data-Centric Defense: Architect a model focused on protecting the data itself-utilizing automated classification, persistent encryption, and masking-to ensure sensitive information remains secure as it moves through modern analytics pipelines.
-
Unified Identity Fabric: Build a seamless identity strategy across multi-cloud and on-premise environments to provide a single, secure point of control for the entire workforce.
Security Operations & Integration
-
Operational Modernization: Oversee the security integration of our move from legacy systems to modern platforms, ensuring financial data integrity and auditability in the cloud and across the value chain.
-
ITSM & SecOps Alignment: Integrate security incident response and vulnerability management directly into service platforms to automate workflows and reduce mean-time-to-resolution (MTTR).
-
Application & API Security: Secure a portfolio of 150+ internal applications by implementing automated security testing within CI/CD pipelines and enforcing standardized API security protocols.
-
Managed Services Oversight: Evaluate and manage 3rd-party security offerings (MDR/MSSP) to ensure 24/7 monitoring and response capabilities.
GRC (Governance, Risk, & Compliance)
-
Continuous Compliance: Shift from periodic audits to a continuous monitoring model that provides real-time visibility into our compliance posture.
-
Third-Party Risk Management (TPRM): Build a robust program to vet and monitor the security health of our growing ecosystem of SaaS and technology partners.
-
AI Ethics & Policy: Lead the development of internal policies regarding the ethical and secure use of Generative AI and automated decision-making systems.
-
Business Resilience: Develop and test enterprise-wide disaster recovery and business continuity plans that account for the interdependencies of cloud-based ERP and data platforms.
Requirements
-
Experience: 5+ years in IT/Security, with at least 5 years in a leadership role within a $1B+ organization.
-
Cloud Mastery: Proven track record of securing complex, hybrid environments across AWS, Azure, and Google.
-
Business Transformation: Direct experience securing large-scale ERP migrations and data modernization projects.
-
Education/Certs: Bachelor's or Master's in a related field. CISSP, CISM, or CCSP preferred.
-
Leadership Style: A "Business-First" mindset-someone who can communicate complex cyber risks to ownership and executive stakeholders in terms of business impact.
Benefits & conditions
- A family culture and atmosphere
- Competitive compensation
- Health, dental, vision, and life insurance for full-time team members
- 401(k) with generous company match
- Paid vacations and holidays
- Immense training and growth opportunities