Director of Security (Acting CISO Head of Security)

Role Overview

We are seeking a Director of Security (Acting CISO) to serve as the company s top security leader, responsible for defining, implementing, and continuously improving our security, compliance, and risk management programs. This role blends executive-level responsibility with hands-on operational leadership, ideal for a high-calibre leader who can both set strategy and drive execution.

You will own the company s end-to-end security posture spanning SecOps, AppSec, Governance, Compliance, Privacy, and Enterprise Risk ensuring our systems, products, and operations meet the highest standards of security and trust.

Key Responsibilities:

• Strategic Security Leadership Establish and own the company-wide security vision, strategy, and multi-year roadmap.
• Engage directly with the executive leadership team to define risk tolerance, priorities, and investment needs.
• Present security posture, risks, and major initiatives to the Senior leadership and key external stakeholders.
• Develop the security organizational structure (team, roles, processes) as the company scales.

• Security Operations (SecOps)

  • Oversee detection and response programs, including SIEM, EDR, alerting pipelines, runbooks, and incident command.
  • Lead incident response for major security events, including communications, containment, root cause analysis, and long-term remediation.
  • Own vulnerability management across cloud infrastructure, endpoints, and applications.
  • Partner closely with SRECloudOps to maintain secure configurations, patching SLAs, and infrastructure hardening standards.

  • Application Security (AppSec)

    • Define and drive a secure SDLC , including code scanning, dependency management, CICD checks, and architecture reviews.
    • Build and maintain a threat modeling program.
    • Partner with Engineering leadership to integrate security automation and secure coding practices throughout the development lifecycle.
    • Oversee internal and external penetration testing efforts.

    • Governance, Risk Compliance (GRC)

      • Own all security governance and policy lifecycle management.
      • Lead the enterprise risk management program, including risk assessments, mitigation plans, and risk acceptance workflows.
      • Manage compliance programs such as SOC 2, ISO 27001, HIPAA, PCI , and customer security assessments.
      • Collaborate with Legal and Privacy teams to ensure alignment on data protection obligations and regulatory requirements.

      • Business Enablement External Leadership

        • Serve as the company s primary security spokesperson for customers, partners, and prospects.
        • Participate in large customer security reviews, RFPs, and enterprise onboarding processes.
        • Support commercial teams by articulating security posture, controls, and trust initiatives.
        • Maintain relationships with auditors, assessors, and relevant security communities.

        • Team Leadership Execution

          • Build and lead a growing team across SecOps, AppSec, and GRC.
          • Mentor and develop talent, fostering a culture of accountability, continuous improvement, and technical excellence.
          • Establish KPIs and metrics to measure maturity, performance, and risk reduction.
          • Manage the security budget, vendor portfolio, and technology selection.
          • requirements
            Qualifications:
            • 10 15+ years of progressive experience in cybersecurity, with at least 5+ years in a security leadership role.
            • Proven experience owning both operational and strategic security functions in a cloudSaaS environment.
            • Strong technical background across cloud security, application security, threat detection, and modern security tooling.
            • Demonstrated experience achieving and maintaining compliance frameworks (SOC 2, ISO, PCI, HIPAA, etc.).
            • Exceptional communication skills with the ability to influence executives, collaborate across departments, and articulate complex security topics clearly.
            • Experience presenting security posture and risk to senior leadership andor a board.
            • Industry certifications (e.g., CISSP, CISM, CCSP) are advantageous but not required.