Director of Information Security


The Director of Information Security will be responsible for development, oversight and execution of the company’s information security strategy including key processes, practices, and standards necessary to mitigate and/or reduce compliance, operational, strategic, financial and reputational security risks. This position will ensure that security controls and considerations are consistent and remain relevant throughout the organization to protect the company, its people, intellectual assets and property.  This position will strive to achieve regulatory compliance with PCI DSS, HIPPA, and FedRAMP as needed.

Primary Responsibilities

  • Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program with the COO to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the Company;
  • Provide overall information security management direction to the company.  Manage all due diligence for the security function;
  • Direct and manage Protection and Payment Card Industry (PCI)/Data Security Standard (DSS) compliance efforts in partnership with Voci's CFO and COO;
  • Create a process to periodically update policies and procedures to ensure they accurately reflect business requirements and align to industry leading security practices;
  • Develop and implement the security governance model by following industry best practices such as ISO 27002, NIST Cyber Security Framework, or NIST 800-53 to achieve desired security maturity model;
  • Maintain current knowledge of Cyber threat actors, attack methodologies and mitigation/remediation methods;
  • Develop, maintain and publish up-to-date security policies, standards and guidelines, and oversee training and dissemination of security policies and practices;
  • Develop and establish executive dashboard reporting on Cyber Security events and trends and publish to senior management and key stakeholders;
  • Strengthen the processes and procedures to aggregate logs, correlate events, and detect incidents;
  • Perform access reviews across all applications to help better understand where unauthorized access is granted and can be removed;
  • Manage IT Support to oversee the internal office systems;
  • Conduct periodic vulnerability scanning process and penetration tests;
  • Execute key tasks and projects, ensuring that they stay on track with goals and timelines.

Education & Experience

  • Bachelor’s degree in computer science or related field;
  • 10+ years of experience in information security;
  • 5+ years of management experience;
  • CISSP or CISM certification preferred;
  • Experience with developing security framework such as PCI, ISO, and NIST;
  • Experience with data classification, access control, and security models;
  • Significant knowledge of information security technologies, networking and network architecture required;
  • Experience with implementing and managing DLP, Privileged access and identity management;
  • Experience with various authentication protocols and encryption algorithms;
  • Significant knowledge of cyber threat vectors and their attack methodologies are required;
  • Experience with implementation and operations are a plus;
  • Start-up company experience in a fast-paced dynamic environment.

Required Behaviors

  • A team player able to interact well with others at all levels, and to develop ideas and opinions clearly and persuasively;
  • High intellectual capacity, good strategic thinker, a creative person with high energy, broad vision and a strong results orientation, able to develop ideas and data into concrete plans and actions;
  • Highly organized with excellent time management skills;
  • Ability to take a task and execute with minimal supervision;
  • Ability to identify, recommend and implement improvements to processes;
  • Highly competitive and goals oriented;
  • Strong leadership skills, able to motivate and excite others to achieve the highest standards of performance;
  • Practical, “can-do” approach to problem solving.

Required Skills

  • Must have a diverse security background with knowledge in several areas including: developing and implementing layered security architecture; internet protocols; firewalls; VPN technologies, anti-virus and spam technologies; risk and vulnerability assessments, compliance to implement information security related standards and initiatives;
  • Knowledge and understanding of relevant legal, regulatory and privacy requirements, such as Personally Identifiable Information (PII), PCI DSS;
  • Excellent written and verbal communication skills;
  • Proficient with Microsoft Office, Visio and Google Apps Suite required.

Company Offerings

  • Base salary, bonus based on company achieving goals;
  • Equity in the form of stock options;
  • Benefits (medical and dental);
  • Paid vacation along with 10 annual company paid holidays;
  • Office snacks;
  • Company gatherings and outings;
  • Dynamic small company environment with the excitement of a later stage CMU start-up.

Additional Information

  • All information will be kept confidential according to Equal Employment Opportunity guidelines.