Director Information Security Infrastructure and Governance

The Director Information Security Infrastructure and Governance provides enterprise leadership for the organizations information security program with accountability for security strategy governance infrastructure risk management and executive advisory. Reporting into senior security leadership this role defines the longterm security vision while ensuring effective execution through people process and technology.

The Director serves as a trusted advisor to executive leadership guiding riskbased decisionmaking security investments and tradeoffs that enable business objectives while protecting critical assets. This role partners broadly across technology legal compliance and business teams to embed security into platforms services and operations.

Key Responsibilities

Security Strategy & Governance

• Define execute and continuously mature a comprehensive enterprise information security strategy aligned with business objectives and organizational risk tolerance.
• Establish and govern security policies standards control frameworks and operating models across the enterprise.
• Provide executivelevel guidance on security posture material risks strategic tradeoffs and investment priorities.
• Ensure security strategy is aligned with enterprise risk management compliance and business enablement initiatives.

Enterprise Risk Management & Compliance

• Own the enterprise cyber risk management program including risk identification assessments threat modeling prioritization and remediation tracking.
• Ensure compliance with applicable regulatory contractual and industry requirements.
• Lead internal and external security audits coordinating evidence collection issue management and remediation activities.
• Maintain and evolve governance risk and compliance processes to ensure consistent defensible outcomes.

Security Operations & Incident Leadership

• Provide executive oversight of security monitoring detection and incident response capabilities.
• Act as a decision authority during highseverity security incidents ensuring timely containment escalation communication and recovery.
• Lead postincident reviews to drive root cause analysis accountability and systemic improvement across the organization.
• Partner with incident response infrastructure and application teams during investigations involving anomalous activity or compromise.

Technology & Architecture Oversight

• Partner with infrastructure cloud and application teams to ensure securitybydesign principles are embedded into platforms services.
• Guide the implementation of technologies and controls required to manage information security risk and achieve governance objectives.

People Leadership & Security Culture

• Build lead and develop a highperforming information security organization including managers architects engineers and analysts.
• Establish clear goals performance metrics and professional development paths that support engagement retention and capability growth.
• Foster a serviceoriented collaborative culture that emphasizes accountability learning and continuous improvement.
• Drive enterprisewide security awareness and training initiatives to embed security as a shared responsibility across the organization.

CrossFunctional Leadership & Change Enablement

• Collaborate with business technology and security leaders to align security initiatives with enterprise priorities.
• Act as a change agent guiding the organization through evolving threats technologies and regulatory requirements.
• Lead securityrelated initiatives and programs from strategy through execution ensuring measurable outcomes.
• Communicate complex technical and risk concepts clearly and effectively to audiences ranging from executives to individual contributors.

Knowledge Skills & Abilities

• Strong executive presence with the ability to influence and advise at the highest levels of the organization.
• Deep understanding of information security risk controls and business enablement.
• Ability to make sound decisions in highimpact highpressure situations.
• Strong analytical organizational and prioritization skills.
• Ability to lead through ambiguity and change in a dynamic threat landscape.
• High level of integrity judgment and professionalism.

Additional Information

• This role is eligible for a comprehensive total rewards package and annual incentive opportunities.

Basic Qualifications

• Extensive experience in information security security risk management and security operations.
• Significant experience leading and managing enterprise information security teams and programs.
• Demonstrated ability to align security strategy with business objectives and risk tolerance.
• Experience owning or leading security governance risk and compliance programs.
• Proven executive communication skills and experience advising senior leadership.

Preferred Qualifications

• Advanced security certifications or equivalent professional experience.
• Experience operating in complex regulated or highavailability environments.
• Demonstrated success partnering closely with legal compliance and enterprise risk functions.