Director of Security

Director of Security (Acting CISO / Head of Security)

Department:

Reports to:

Role Overview

Director of Security (Acting CISO)

You will own the company’s end-to-end security posture—spanning SecOps, AppSec, Governance, Compliance, Privacy, and Enterprise Risk—ensuring our systems, products, and operations meet the highest standards of security and trust.

Key Responsibilities

Strategic Security Leadership

• Establish and own the

  company-wide security vision, strategy, and multi-year roadmap

  .
• Engage directly with the executive leadership team to define risk tolerance, priorities, and investment needs.
• Present security posture, risks, and major initiatives to the

  Senior leadership and key external stakeholders

  .
• Develop the security organizational structure (team, roles, processes) as the company scales.

Security Operations (SecOps)

• Oversee detection and response programs, including SIEM, EDR, alerting pipelines, runbooks, and incident command.
• Lead incident response for major security events, including communications, containment, root cause analysis, and long-term remediation.
• Own vulnerability management across cloud infrastructure, endpoints, and applications.
• Partner closely with SRE/CloudOps to maintain secure configurations, patching SLAs, and infrastructure hardening standards.

Application Security (AppSec)

• Define and drive a

  secure SDLC

  , including code scanning, dependency management, CI/CD checks, and architecture reviews.

• Build and maintain a threat modeling program.

• Partner with Engineering leadership to integrate security automation and secure coding practices throughout the development lifecycle.

• Oversee internal and external penetration testing efforts.

Governance, Risk & Compliance (GRC)

• Own all security governance and policy lifecycle management.
• Lead the enterprise risk management program, including risk assessments, mitigation plans, and risk acceptance workflows.
• Manage compliance programs such as

  SOC 2, ISO 27001, HIPAA, PCI

  , and customer security assessments.
• Collaborate with Legal and Privacy teams to ensure alignment on data protection obligations and regulatory requirements.

Business Enablement & External Leadership

• Serve as the company’s primary

  security spokesperson

  for customers, partners, and prospects.

• Participate in large customer security reviews, RFPs, and enterprise onboarding processes.

• Support commercial teams by articulating security posture, controls, and trust initiatives.

• Maintain relationships with auditors, assessors, and relevant security communities.

Team Leadership & Execution

• Build and lead a growing team across SecOps, AppSec, and GRC.
• Mentor and develop talent, fostering a culture of accountability, continuous improvement, and technical excellence.
• Establish KPIs and metrics to measure maturity, performance, and risk reduction.
• Manage the security budget, vendor portfolio, and technology selection.

Qualifications

• 10–15+ years of progressive experience in cybersecurity, with at least 5+ years in a security leadership role.
• Proven experience owning both operational and strategic security functions in a cloud/SaaS environment.
• Strong technical background across cloud security, application security, threat detection, and modern security tooling.
• Demonstrated experience achieving and maintaining compliance frameworks (SOC 2, ISO, PCI, HIPAA, etc.).
• Exceptional communication skills with the ability to influence executives, collaborate across departments, and articulate complex security topics clearly.
• Experience presenting security posture and risk to senior leadership and/or a board.
• Industry certifications (e.g., CISSP, CISM, CCSP) are advantageous but not required.

Interested candidates, please send their resumes to iqbal.kaur@birdeye.com

Regards

Iqbal Kaur