Director of Security
Employment Information
Report this job
Job expired or something wrong with this job?
Job Description
Director of Security responsible for information security and compliance for Crete Professionals Alliance. Leading a team, managing risk, and integrating security processes across the organization.
Responsibilities:
- Own the enterprise information security, compliance & business continuity program across Crete (corporate) and all member firms.
- Build standardized, scalable security controls, governance, and operations across multiple independent control environments.
- Define the multi-year security strategy and roadmap across Crete and member firms in a federated model.
- Establish and maintain the security policy framework, standards, and minimum control baseline across all firms.
- Build security operating rhythms and executive reporting: KPIs, risk posture, incident trends, audit/compliance status, and program progress for Crete leadership and firm leaders.
- Partner with IT, data, and engineering leadership to embed security into operations, architecture decisions, and change management across the portfolio.
- Lead security diligence for M&A: current-state control assessments, key risk identification, remediation estimates.
- Drive security integration of new firms (people/process/technology) across separate environments.
- Provide security architecture oversight for cloud and hybrid environments with emphasis on Azure, Intune, and Microsoft Defender.
- Oversee day-to-day security operations: vulnerability management, patch/risk prioritization, endpoint and email security, tooling lifecycle, and event triage.
- Manage third-party MDR/SOC providers and drive continuous improvement of monitoring outcomes.
- Own the incident response program end-to-end: runbooks, tabletop exercises, ransomware preparedness.
- Implement consistent risk management across firms – periodic assessments, control testing, remediation tracking.
- Support member firms with client-driven security and compliance requirements (NIST CSF, CIS, SOC 2 Type II).
- Lead security awareness and training programs tailored to professional services workflows.
- Lead, coach, and develop the cybersecurity team.
Requirements:
- 10+ years of progressive experience in information security or cybersecurity.
- 3+ years leading and developing security teams.
- Demonstrated M&A, private equity, or roll-up experience.
- Strong understanding of cloud security principles with hands-on Azure and Microsoft security experience.
- Experience managing and governing compliance standards (NIST, CSF, CIS, and SOC2 Type II preferred)
- Experience managing business continuity programs and lifecycle
- Microsoft Azure/Intune experience
- Experience managing third-party security services (MDR/SOC, IR retainers, testing vendors).
- Proven ability to design and run a complete enterprise security control program.
- Excellent stakeholder management and executive communication skills.
- Bachelor’s degree or equivalent experience; security certifications preferred (CISSP).
- Professional services experience and/or accounting and CPA firm experience strongly preferred.
Benefits:
- Offers Bonus
Similar Jobs
Compliance/Security Officer
Compliance Officer overseeing comprehensive compliance program while ensuring adherence to federal and state laws. Leading policies, audits, and risk assessments in a healthcare context.
Security Engineer
Information Security Engineer managing endpoint defense, security awareness, and operations. Collaborating to enhance the security program within FMG's remote IT environment.
Security Tech Lead
Security Tech Lead managing information security initiatives to protect data and systems. Leading and supporting the adoption of secure practices across teams and gaining client trust.
Senior Supply Chain Security Engineer
Senior Supply Chain Security Engineer developing Docker's security-hardened images and managing Helm charts. Collaborating on upstream OSS projects and ensuring compatibility with Kubernetes and security guidelines.
Enterprise Security Engineer
Enterprise Security Engineer at Benchling focusing on building a security program and implementing zero trust strategies for sensitive data protection.
Head of Security Research
Head of Security Research leading a team of security experts at Dropzone AI. Overseeing threat intelligence, detection engineering, and building an elite security team.
Information Systems Security Manager
IT Security Manager leading security professionals to protect sensitive data and ensure compliance. Overseeing cybersecurity policies, incident response, and risk management frameworks.
IT Business Partner, Enterprise Solutions – Real Estate and Corporate Security Platforms
Business Partnering role focused on leading business analysis for Real Estate and Corporate Security technology at Fresenius Medical Care. Collaborating with business owners to define and manage digital strategy and roadmap.
Cybersecurity Engineer II
Mid-level Cybersecurity Engineer responsible for identity security and cloud platforms. Supporting compliance with CMMC and NIST across various government environments.
FP&A Director, Security
FP&A Director overseeing P&L accountability and financial analysis for Cobalt’s security business. Driving key operating decisions and contributing to M&A deals.
Senior Corporate Security Engineer
Corporate Security Engineer handling IT and cloud security for Juniper Square, focusing on threat detection, incident response, and security tooling management.
Security Engineer – Threat Detection
Security Engineer at Snowflake enhancing threat detection capabilities utilizing AI and automation, collaborating across Security and Engineering teams.
Senior AI Security Engineer, Cyber Architecture, OT and Engineering
Sr. Agentic AI Engineer designing, building, and operationalizing agentic AI systems at EY. Working on multi-agent frameworks and intelligent automation to enhance cybersecurity posture.
Senior Security Architect
Remote Sr. Security Architect at Alkami, enabling secure business practices with proactive security initiatives and collaboration across teams in a growing SaaS environment.
Information Security Officer
Information Security Officer at SmartestEnergy Limited shaping ISO 27001:2022 across a global business landscape. Driving governance, risk management, compliance, and security best practices in a collaborative environment.
Network Security Engineer
Network Security Engineer designing, implementing, and maintaining secure network infrastructures at SOFTSWISS. Strengthening corporate security and improving standards in iGaming services.
Senior Solutions Director – Security
Sr Solutions Director directing Security solutions strategy at ePlus. Leading go-to-market plans for innovative Security technology solutions.
Distinguished Engineer, Cybersecurity
Senior leader overseeing cybersecurity and data solutions at Nagarro. Driving innovation, strategy, and client engagement across various domains and industries.
Senior Security Administrator
Senior Security Administrator supporting SaaS/cloud customers with security configurations and troubleshooting. Collaborating with an expert team to ensure system security.
Freelance WordPress, Security, HIPAA Compliance Consultant
Freelance consultant auditing WordPress website for HIPAA compliance risks. Requires 4-5 years of experience in WordPress security and HIPAA compliance.