CrawlJobs Logo
ZGF Architects Logo ZGF Architects · IT - Administration

Information Security Leader

United States 153000.00 - 178500.00 USD / Year · Job Posted March 04, 2026
Apply Position
Job Link Share

Job Description

ZGF is seeking an experienced Information Security Leader to continuously strengthen the firm’s security across all offices. This role is responsible for enterprise information security strategy, governance, risk management, compliance, and operational oversight. The individual will ensure that ZGF’s people, project information, client data, and intellectual property are protected in an increasingly complex and evolving threat landscape. The position reports to the Director of Information Technology and works closely with firm leadership, project teams, and external security partners.

Job Responsibility

  • Lead ZGF’s enterprise information security program
  • Integrate a security mindset into the firm’s operations
  • Protect project data, client information, and intellectual property
  • Ensure compliance with appropriate frameworks (NIST 800-171, CMMC, etc.)
  • Provide clear governance over risk while enabling innovative design and delivery
  • Develop and maintain a firmwide information security strategy aligned with ZGF’s business objectives and risk tolerance
  • Translate the strategy into clear priorities, structured initiatives, and outcomes
  • Present quarterly updates to leadership on security posture, risks, and priorities
  • Serve as the firm’s authoritative voice on information security matters
  • Develop and document an information security program
  • Lead compliance related to NIST 800-171, CMMC, and other client-driven requirements
  • Oversee governance tools and compliance platforms currently in use
  • Conduct and oversee risk assessments, penetration testing, and vulnerability management programs
  • Ensure appropriate controls are documented, tested, and maintained
  • Coordinate cyber insurance requirements and external audit preparation
  • Evaluate, rationalize, and optimize ZGF’s security stack to minimize redundancy and ensure layered, well-integrated protections aligned with business risk
  • Provide leadership and oversight of all security operations
  • Coordinate closely with external MSSPs
  • Oversee incident response, escalation, and post-incident analysis
  • Strengthen disaster recovery and business continuity plans
  • Oversee firmwide identity and access management practices across hybrid AD / Entra environments
  • Enforce least privilege and Zero Trust principles
  • Govern privileged access, role-based access control, and MFA enforcement
  • Coordinate identity lifecycle integration with HR and IT systems
  • Lead firmwide security awareness initiatives
  • Strengthen a culture of accountability and vigilance without impeding design productivity or creativity
  • Ensure communication of risks and policies in language accessible to non-technical staff
  • Collaborate closely with Director of IT, Firmwide Technology Team, Operations Committee
  • Build trusted relationships with leaders across the firm to infuse security best practices into everyday operations

Requirements

  • 8–12+ years of experience in security, IT infrastructure, or related leadership roles
  • Demonstrated experience managing enterprise security programs
  • Demonstrated expertise with NIST 800-171, CMMC, and related frameworks
  • Experience working with MDR/SOC providers and enterprise security tooling
  • Strong executive communication skills
  • Ability to balance risk mitigation with operational and design needs
  • Eligibility to maintain a T3 Secret DoD Personnel Security Clearance preferred

What we offer

  • Medical, Dental and Vision coverage with a generous employer contribution
  • HSA with employer contribution
  • 401k with employer match
  • 4 weeks of PTO and 10 paid holidays per year
  • paid parental and family leave programs
ZGF Architects - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Information Security Leader

8 matching positions

Information Security and Data Privacy Leader

Local business partner for Country Digital Technology working with Ingka Group D...
Location
Location
Netherlands , Haarlem
Salary
Salary:
4458.00 - 6755.00 EUR / Month
https://www.ikea.com Logo
IKEA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • At least 5 years of experience in IT Security with strong grasp of security controls and risk reduction
  • At least 5 years of experience leading teams and driving change in complex organizations
  • Knowledge of industry standards like ISO 27001 and NIST
  • Understanding of GDPR and compliance controls
  • Background in Information Security with IT experience preferred
  • Knowledge of Dutch laws and regulations
  • Dutch language skills are a plus
  • Great communication skills to translate complex security and privacy topics into clear messages
  • Ability to influence and inspire stakeholders
Job Responsibility
Job Responsibility
  • Bring global Information Security and Data Privacy strategy to life for the Netherlands
  • Embed Security and Privacy by Design into everyday business
  • Build culture of awareness and ensure compliance with local laws
  • Lead incident management
  • Guide teams on privacy issues
  • Manage suppliers and keep data safe
  • Stay ahead of trends and legislation
  • Be speaking partner to business for day-to-day Data Privacy issues
  • Manage local suppliers from selection through contracts and continuous measurement
What we offer
What we offer
  • 13th month payment
  • 8% holiday pay
  • Collective bonus scheme (up to 150% of gross monthly salary)
  • 100% public transport reimbursement
  • Lease bicycle option
  • Travel allowance up to 243 euros per month for car travel
  • 15% employee discount at all IKEA stores in the Netherlands
  • Meals at cost price in co-worker restaurant
  • Fitness subscription discount
  • Group discount on health insurance
  • Fulltime
Read More
Arrow Right
New

Senior Director, Information Security – Compliance Program

The Sr. Director, Global Information Security (GIS) Compliance Program is a key ...
Location
Location
United States , Bethesda
Salary
Salary:
151100.00 - 239100.00 USD / Year
https://www.marriott.com Logo
Marriott Bonvoy
Expiration Date
June 29, 2026
Flip Icon
Requirements
Requirements
  • Bachelor's degree in Cybersecurity, Business Administration or a related field or equivalent experience
  • 10+ years of leadership experience in Information Technology and/or Consulting including
  • 5+ years of experience managing complex, multifunctional technology or security initiatives
  • 5+ years of experience in portfolio or program management and governance reporting at executive levels
  • Prior experience with compliance programs and/or government or legal compliance requirements
  • Ability to influence others, including those at senior organizational levels
Job Responsibility
Job Responsibility
  • Information Security Compliance and Settlement Program Leadership
  • Reporting and Management of portfolio of projects or remediations linked to regulatory commitments needed to maintain compliance to the Settlement agreement
  • Manage testing of ISP controls
  • Provide results that can serve settlement purposes
  • Work with teams to standardize processes for monitoring, metrics and reporting for compliance efforts for regulatory commitments
  • Provide visibility to the settlement program and activities to leadership
  • Raise and mitigate risks to compliance to the regulatory commitments
  • Ensure compliance activities are aligned or integrated as much as possible with the Information Security Program & processes and Risk Assessments
  • Develop and lead a high functioning team that leverages program management expertise, best practices and analytics to manage portfolio
  • Review key initiatives to ensure alignment with legal agreements and cyber risk program
What we offer
What we offer
  • 401(k) plan
  • stock purchase plan
  • discounts at Marriott properties
  • commuter benefits
  • employee assistance plan
  • childcare discounts
  • medical, dental, vision
  • health care flexible spending account
  • dependent care flexible spending account
  • life insurance
  • Fulltime
Read More
Arrow Right

Business Information Security Officer

Brown & Brown is seeking a Business Information Security Officer (BISO) to join ...
Location
Location
United States , Daytona Beach
Salary
Salary:
180000.00 - 200000.00 USD / Year
bbrown.com Logo
Brown & Brown UK
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • CISSP, CISM, or equivalent certifications (preferred)
  • BA/BS in business, security, or technology
  • 8–10+ years of experience in information security, cybersecurity, risk management, governance, physical security, or regulatory compliance, with a focus on business-aligned service delivery
  • Experience working with cross-functional teams
  • Working knowledge of ISO27001, NIST, Cyber Essentials and other security standards
  • Deep experience of security architecture and the tooling required to instantiate
  • Knowledge of Property & Casualty insurance is a plus
  • Experience running a SOC and working cyber incidents
  • Experience leading teams responsible for security across mid-to-large organizations (55+ people)
  • Strong understanding of organizational environments and their connection to external business drivers
Job Responsibility
Job Responsibility
  • Support the implementation, maintenance, and continuous improvement of information and physical security programs in alignment with corporate policies, standards, and frameworks
  • Contribute as a key member in shaping both the Brown & Brown security roadmap and divisional technology roadmap
  • Serve as a subject matter expert for information and physical security, supporting strategy development and execution
  • Provide guidance on prioritizing divisional investments that impact security
  • Allocate security resources (architecture, engineering, operations, risk management) to meet divisional needs
  • Support merger and acquisition activities, including pre-deal due diligence and post-deal 90-day security integration
  • Advise divisional leaders on security-related risk and assist in meeting broader risk management and compliance objectives
  • Monitor emerging security trends and assess potential impacts to divisions or profit centers
  • Ensure risk remediation processes are followed, issues are mitigated, and exceptions are tracked according to organizational standards
  • Manage IT certification and accreditation processes in collaboration with auditors and certification bodies
What we offer
What we offer
  • Health Benefits: Medical/Rx, Dental, Vision, Life Insurance, Disability Insurance
  • Financial Benefits: ESPP
  • 401k
  • Student Loan Assistance
  • Tuition Reimbursement
  • Mental Health & Wellness: Free Mental Health & Enhanced Advocacy Services
  • Beyond Benefits: Paid Time Off, Holidays, Preferred Partner Discounts and more
  • Fulltime
Read More
Arrow Right

Cyber and Information Security Risk Manager, Senior Vice President

This role is critical for safeguarding the bank's financial stability and sustai...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Significant progressive experience in Cyber & Information Security Risk Management, IT Risk, Security Compliance, or IT Audit, with significant experience in a financial services environment
  • Demonstrated expertise in identifying, assessing, measuring, monitoring, and reporting on complex cyber and information security risks
  • Proven track record of designing and leading initiatives to enhance security controls and processes
  • Extensive experience collaborating with and managing expectations of diverse stakeholders, including business unit leaders, technical teams, and 2nd and 3rd line functions
  • Strong understanding of evolving cyber threat landscapes, regulatory requirements (e.g., NIST, ISO 27001, GLBA), and industry best practices
  • Proficient in maintaining risk and control frameworks, including Manager’s Control Assessment (MCA), specifically for Cyber & Information Security risks
  • Exceptional communication and presentation skills, with the ability to articulate complex cyber risk concepts and their business impact to senior management and governance committees
  • Ability to act as a primary liaison for all audit and regulatory engagements pertaining to Cyber & Information Security
  • Strong leadership capabilities with experience in leading and mentoring risk management professionals
  • Bachelor's degree required
Job Responsibility
Job Responsibility
  • Proactively identify and assess evolving Cyber & Information Security risks across the business and technology landscape
  • Design and lead strategic initiatives to enhance cyber and information security controls and processes, ensuring alignment with risk appetite
  • Collaborate effectively with business unit leaders and diverse stakeholders to embed robust cyber risk management practices into business operations
  • Partner with 2nd line functions to interpret and apply cyber risk requirements and policies accurately
  • Engage with 3rd line functions to facilitate independent assessments, address findings, and drive resolution of cyber and information security issues
  • Maintain comprehensive oversight of cyber risk posture through continuous monitoring of metrics, activity, and corrective action plan execution
  • Prepare and present clear, concise updates on emerging cyber risks, control effectiveness, and strategic enhancements to senior management and governance committees
  • Ensure rigorous adherence to information security policies and regulatory requirements, including maintaining a robust Manager’s Control Assessment (MCA) for Cyber & Information Security
  • Serve as a primary liaison for all internal and external audit engagements related to Cyber & Information Security
  • Lead and mentor a team focused on cyber risk assessment, regulatory compliance, and efficient reporting and resolution of security-related matters
What we offer
What we offer
  • Generous holiday allowance starting at 27 days plus bank holidays
  • increasing with tenure
  • A discretional annual performance related bonus
  • Private medical insurance packages to suit your personal circumstances
  • Employee Assistance Program
  • Pension Plan
  • Paid Parental Leave
  • Special discounts for employees, family, and friends
  • Access to an array of learning and development resources
  • Fulltime
Read More
Arrow Right

Information Security Lead

We’re hiring a Lead of Information Security, reporting to the VP of Technical Op...
Location
Location
United States , Philadelphia
Salary
Salary:
Not provided
Proscia
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in information security, including direct experience improving, and contributing to GRC programs
  • Proven expertise in regulatory frameworks such as ISO 27001, SOC 2, GDPR, HIPAA, FedRAMP, TX-RAMP, StateRAMP or similar
  • Hands-on experience with vulnerability management tools, incident response, and security audits
  • Experience embedding security into software development lifecycles—DevSecOps principles applied in practice
  • Experience selecting, implementing, and managing security tooling (e.g., XDR, SIEM, endpoint, code scanning, etc.)
  • Exceptional communication and influencing skills across technical and non-technical teams
  • A high degree of autonomy and ownership—comfortable leading cross-functional efforts and prioritizing in a dynamic environment
  • You already use AI tools in your security work—for policy drafting, threat analysis, log review, control validation, or however it fits your practice
  • Experience with cloud-native environments (AWS preferred)
  • Experience building with or on top of LLMs, AI agents, or agentic pipelines
Job Responsibility
Job Responsibility
  • Manage and evolve vulnerability management— tooling, reporting, and remediation governance
  • Serve as a consultative security leader for Engineering, Product, and Customer teams—governing system designs, architecture, and implementation through a security-first lens
  • Implement AI native tooling to improve detection and response capabilities without incurring an increased demand on resources
  • Partner with Engineering to implement developer-friendly security tools that improve security posture and reduce compliance burdens without slowing velocity
  • Oversee incident response preparation, processes, and execution—ensuring coordinated action, effective communication, and the kind of thorough post-incident analysis that prevents the same problem twice
  • Under the direction VP, TechOps, improve the Proscia Information Security Program, with a focus on governance, risk, and compliance (GRC) across the Concentriq suite of applications and Proscia’s business applications
  • Contribute to security policy development across regulated and non-regulated markets—implementing agentic workflows where it accelerates your research and stress-testing, iterating with stakeholders, and maintaining the rigor and compliance standards our customers expect
  • Influence and execute on the company’s regulatory roadmap—seeking new certifications and frameworks (e.g., ISO 27001, SOC 2, HITRUST) in response to customer and market demands
  • Enable other teams to answer security-related questions from customers, prospects, and partners providing expert information security guidance
  • Anticipate and adapt to industry and regulatory trends, including how AI is reshaping both the threat landscape and the defender’s toolkit—and surface emerging requirements before they become urgent
What we offer
What we offer
  • Competitive pay
  • Savings options
  • Schedule options
  • Insurance options that promote long-term health and personal growth
  • Office environment designed for creativity and agility with walls as notepads and couches for collaboration
  • Located in the heart of Philadelphia with views of the city
  • Fulltime
Read More
Arrow Right

Principal, Systems and Infrastructure Engineer, Information Security

Are you driven to design durable, scalable, and well-governed cloud platforms th...
Location
Location
United States of America , Denver
Salary
Salary:
121000.00 - 242000.00 USD / Year
walmart.com Logo
Walmart
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Option 1: Bachelor's degree in computer science, information technology, engineering, information systems, cybersecurity, or related area and 5years' experience in systems and infrastructure engineering or related area at a technology, retail, or data-driven company.
  • Option 2: 7 years' experience in systems and infrastructure engineering or related area at a technology, retail, or data-driven company.
Job Responsibility
Job Responsibility
  • Lead the migration and modernization of a large portfolio of applications and databases from AWS to GCP and Azure, ensuring reliability, security, and minimal disruption.
  • Design target-state architectures and migration patterns that balance scalability, resilience, cost, and operational simplicity.
  • Evaluate cloud-native services and guide architectural tradeoffs across AWS, GCP, and Azure.
  • Establish reference architectures, landing zone standards, and platform patterns used across the organization.
  • Architect, build, and maintain complex, reusable Infrastructure-as-Code solutions using Terraform and Terragrunt.
  • Develop Python and Bash automation to support infrastructure lifecycle management, migrations, governance, and operational workflows.
  • Drive consistency and quality through shared modules, versioning strategies, and code review standards.
  • Integrate IaC and automation into CI/CD pipelines using GitHub Actions and related tooling.
  • Drive containerization and platform adoption using Docker and Kubernetes, enabling scalable and resilient application deployments.
  • Design and maintain robust CI/CD pipelines that support fast, safe, and repeatable infrastructure and application delivery.
What we offer
What we offer
  • Health benefits include medical, vision and dental coverage.
  • Financial benefits include 401(k), stock purchase and company-paid life insurance.
  • Paid time off benefits include PTO (including sick leave), parental leave, family care leave, bereavement, jury duty, and voting.
  • Other benefits include short-term and long-term disability, company discounts, Military Leave Pay, adoption and surrogacy expense reimbursement.
  • Live Better U education benefit program
  • Annual or quarterly performance bonuses
  • Stock
  • Fulltime
Read More
Arrow Right

Information Security Assurance Analyst

Information Security Assurance Analyst
Location
Location
United Kingdom , Portsmouth
Salary
Salary:
Not provided
talenthawk.com Logo
TalentHawk
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • CISM/CISSP/CCSP/TOGAF/CRISC/AWS Solution Architect or equivalent certified or willing to undergo certification on the job
  • Must have Security Clearance or be eligible for security cleared
  • Must have experience in Cloud (IaaS, Paas, SaaS)
  • Must have proven expertise in three of the following security areas: identity and access management, network security, end user security, threat modelling, Security Risk and Compliance, penetration testing
  • Must have at least 3 years’ cyber security experience
  • Good understanding and practical experience of Cyber Security Frameworks and standards such as NCSC CAF, NIST Framework, ISO 27001, ISO27005, IEC62443 etc.
  • Good understanding of Cyber Assurance Framework and experience with working with Regulators and providing compliance updates
  • The individual should be educated to degree level in a relevant discipline
Job Responsibility
Job Responsibility
  • Perform a threat modelling exercise of all projects and provide mitigating cyber security requirements to help ensure the secure delivery of compliant systems, applications and business processes
  • Review both high/low level architecture definition documents for compliance against security policies, standards and regulatory requirements, defining Cyber non-functional requirements
  • Attend Technical Design Authority (TDA meeting to provide security signoffs
  • Work within the Security Assurance team consisting of security assurance analyst / consultants providing thought leadership across several assurance functions, and helping smooth engagements with project delivery teams
  • Perform cyber security risk assessments, compliance checks, audits and reviews to ensure that appropriate security controls are in place and highlight any deficiencies and gaps for management consideration
  • Provide support in scoping and overseeing pen tests and re-tests
  • Review recommendations and collaborate with the relevant teams to support remediation efforts
  • Provide cyber security assurance activities by ensuring implemented solutions are a replica of agreed and approved architecture definition documents, helping to facilitate penetration testing, whilst providing security advice and guidance
  • Support to management, BAU and projects to comply with legal and regulatory requirements
  • Where required, propose solutions and coordinate delivery of mitigating actions to ensure risk levels are aligned with risk appetite
  • Fulltime
Read More
Arrow Right

Cyber and Information Security Risk Manager, Senior Vice President

This role is critical for safeguarding the bank's financial stability and sustai...
Location
Location
United Kingdom , Belfast
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of progressive experience in Cyber & Information Security Risk Management, IT Risk, Security Compliance, or IT Audit, with significant experience in a financial services environment
  • Demonstrated expertise in identifying, assessing, measuring, monitoring, and reporting on complex cyber and information security risks
  • Proven track record of designing and leading initiatives to enhance security controls and processes
  • Extensive experience collaborating with and managing expectations of diverse stakeholders, including business unit leaders, technical teams, and 2nd and 3rd line functions (e.g., Information Security Compliance, Operational Risk, Internal Audit, Regulators)
  • Strong understanding of evolving cyber threat landscapes, regulatory requirements (e.g., NIST, ISO 27001, GLBA), and industry best practices
  • Proficient in maintaining risk and control frameworks, including Manager’s Control Assessment (MCA), specifically for Cyber & Information Security risks
  • Exceptional communication and presentation skills, with the ability to articulate complex cyber risk concepts and their business impact to senior management and governance committees
  • Ability to act as a primary liaison for all audit and regulatory engagements pertaining to Cyber & Information Security
  • Strong leadership capabilities with experience in leading and mentoring risk management professionals
  • Bachelor's degree required
Job Responsibility
Job Responsibility
  • Proactively identify and assess evolving Cyber & Information Security risks across the business and technology landscape
  • Design and lead strategic initiatives to enhance cyber and information security controls and processes, ensuring alignment with risk appetite
  • Collaborate effectively with business unit leaders and diverse stakeholders to embed robust cyber risk management practices into business operations
  • Partner with 2nd line functions (e.g., Information Security Compliance, Operational Risk Management) to interpret and apply cyber risk requirements and policies accurately
  • Engage with 3rd line functions (e.g., Internal Audit, Compliance Assurance) to facilitate independent assessments, address findings, and drive resolution of cyber and information security issues
  • Maintain comprehensive oversight of cyber risk posture through continuous monitoring of metrics, activity, and corrective action plan execution
  • Prepare and present clear, concise updates on emerging cyber risks, control effectiveness, and strategic enhancements to senior management and governance committees
  • Ensure rigorous adherence to information security policies and regulatory requirements, including maintaining a robust Manager’s Control Assessment (MCA) for Cyber & Information Security
  • Serve as a primary liaison for all internal and external audit engagements related to Cyber & Information Security
  • Lead and mentor a team focused on cyber risk assessment, regulatory compliance, and efficient reporting and resolution of security-related matters
What we offer
What we offer
  • Generous holiday allowance starting at 27 days plus bank holidays
  • increasing with tenure
  • A discretional annual performance related bonus
  • Private medical insurance packages to suit your personal circumstances
  • Employee Assistance Program
  • Pension Plan
  • Paid Parental Leave
  • Special discounts for employees, family, and friends
  • Access to an array of learning and development resources
  • Fulltime
Read More
Arrow Right