Director-Information Security Compliance

The Director of Information Security Compliance is a senior leader responsible for setting the strategic direction and execution of the organization's global information security compliance program. This role ensures that the company's security policies, controls, and practices align with regulatory requirements, industry standards, and business objectives. The Director will lead enterprise-wide compliance initiatives, oversee internal and external audits, and serve as a key advisor to executive leadership on risk and regulatory matters.

• Define and lead the enterprise-wide information security compliance strategy, ensuring alignment with business goals and regulatory requirements.
• Oversee compliance with global standards and regulations (e.g., HITRUST, GDPR, HIPAA, ISO 27001, SOC 2 Type 2, NIST, PCI-DSS).
• Lead internal and external audits, including SOC 2 Type 2, customer audits, and regulatory assessments.
• Develop and maintain governance frameworks, risk registers, and compliance roadmaps to support continuous improvement.
• Serve as the primary liaison to executive leadership, legal, risk, and IT teams on all matters related to information security compliance.
• Monitor and interpret changes in the regulatory landscape and proactively adjust compliance strategies to mitigate emerging risks.
• Lead third-party risk management, including vendor due diligence, contract reviews, and ongoing monitoring.
• Oversee the development and delivery of security awareness and compliance training programs across the organization.
• Build and lead a high-performing compliance team, providing mentorship, performance management, and career development.
• Represent the organization in external audits, regulatory inquiries, and customer due diligence processes.

Requirements:

• Bachelor's degree in Information Security, Computer Science, Risk Management, or a related field (Master's degree preferred).
• 10+ years of progressive experience in information security compliance, risk management, or audit, with at least 3 years in a leadership role.
• Deep expertise in regulatory frameworks and standards (e.g., NIST CSF, ISO 27001, SOC 2, HIPAA, GDPR, PCI-DSS).
• Proven track record of leading enterprise compliance programs and managing complex audits.
• Strong executive presence with the ability to influence and communicate effectively across all levels of the organization.
• Experience managing and developing high-performing teams.
• Professional certifications such as CISM, CISSP, CRISC, or CISA strongly preferred.

Working Conditions

• This position may require occasional travel and flexible hours to support global operations, meet audit deadlines, and engage with international stakeholders.