Senior Director, Information Security

Job Description This role owns enterprise information security endu2011tou2011end. The hire will build and operate a scalable security program aligned to business growth, regulatory requirements, and audit rigor across a multiu2011entity, highly regulated environment. This leader is handsu2011on where needed, decisive on risk, credible with auditors and regulators, and trusted by executives. This is not an advisory or auditu2011only role We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: Skills and Requirements u2022 Has personally owned SOC 2 Type II endu2011tou2011end (planning, scoping, evidence, remediation, auditor interaction) u2003u2022 Experience operating in regulated environments (SOC 2, NYCRR, FTC, SOX, or similar) u2003u2022 Proven ability to scale audit scope (e.g., expanding revenue coverage) without degrading evidence quality u2003u2022 Has established and enforced control ownership across Engineering, IT, and Business teams u2003u2022 Demonstrated incident command leadership (Sev 1 / Sev 2): structured response, executive comms, postu2011incident CAPA u2003u2022 Has built and led an InfoSec program and team (not auditu2011only, not advisoru2011only) Comfortable blocking gou2011lives or vendors until minimum controls or documented risk acceptance is in place u2022 Previously reported into a CTO or CIO u2003u2022 Experience in federated / multiu2011entity organizations u2003u2022 Background balancing GRC rigor with security operations u2003u2022 Has managed multiple SOC 2 audits concurrently (Type I + Type II) u2003u2022 Experience scaling security from a small initial team (1u20133 people) u2003u2022 Prior exposure to boardu2011level or audit committee briefings

Created: 2026-03-25