IT Security Director

• Plan, design, and maintain a resilient enterprise security architecture for IT systems, applications, and cloud workloads
• Define technical requirements and manage enterprise-level cybersecurity tools and services
• Serve as security lead for projects involving data security, data classification, and DLP (Data Loss Prevention)
• Oversee day-to-day cybersecurity operations, including monitoring, detection, and incident response
• Lead root-cause analysis, and remediation activities for security incidents
• Create and maintain playbooks, plans and policies for all incident response, disaster recovery, and business continuity
• Conduct root cause analyses and provide technical remediation and mitigation strategies
• Maintain on-call availability to support major incident response efforts
• Document all actions, decisions, and outcomes related to incidents, ensuring lessons learned are applied
• Lead security operations in Azure, including identity and access management, key management, logging/monitoring, and secure networking
• Develop and implement company-wide policies for outbound web browsing, third-party integrations, and access controls to corporate resources
• Review and analyze existing data flows, collaborating with the infrastructure team to apply security best practices and remediate vulnerabilities
• Apply security policies hands-on across firewalls, SASE solutions, and other network and computer devices
• Demonstrate strong understanding of infrastructure and its relationship to security, including tasks such as Active Directory group creation and integration into multi-layered infrastructure
• Implement security for hybrid environments (on-premises systems and cloud workloads)
• Ensure secure integration with third-party vendors, partners, and SaaS providers
• Lead proactive remediation efforts following external audits, penetration tests, and vulnerability assessments
• Direct and lead internal risk assessments and routinely validate security controls
• Align technical operations with SOC 2, HIPAA, NIST 800-53, NIST CSF, and ISO/IEC 27001 frameworks
• Partner with internal and external compliance and audit teams to provide evidence and reporting
• Assess new systems, projects, and processes against compliance requirements and control objectives
• Work closely with IT infrastructure, application development, and support operations teams to integrate security best practices into system and application life cycles
• Champion cybersecurity awareness across the company, from IT staff to business leaders
• Engage with vendors, MSSPs, and third parties to ensure effective delivery of security services
• Identify areas for process improvement and drive initiatives to strengthen cybersecurity maturity
• Mentor IT staff in secure practices while managing external security partners
• Monitor the cybersecurity landscape and analyze emerging threats for impact on company systems
• Develop playbooks and proactive defenses to address evolving attack techniques
• Continuously improve detection, prevention, and response capabilities across the enterprise
• Drive technical initiatives to support SOC 2 certification, HIPAA compliance, and other regulatory requirements
• Conduct regular risk assessments, penetration testing, and vulnerability management
• Partner with compliance and audit teams to provide technical evidence and reporting

• Bachelor’s degree in Cybersecurity, Computer Science, or related field
• 10+ years of progressive cybersecurity experience with at least 5 years in a leadership role
• Hands-on experience with Azure Cloud Security, including Sentinel, Defender, Key Vault, and Security Center
• Proficiency in SIEM, EDR, IDS/IPS, IAM, and cloud-native security solutions
• Familiarity with NIST, CIS, and ISO frameworks
• Deep technical expertise in network security, endpoint protection, and cloud identity management
• Strong communicator with the ability to translate complex technical issues into business language
• Capable of strategic planning while remaining hands-on in execution
• Skilled collaborator across technical and non-technical teams

Prior experience with SOC 2 compliance and healthcare regulatory environments (HIPAA) preferred