Senior Director of IT and Security

DeepSeas • San Diego, CA, US • 11h geleden

Department: Infastructure Operations

Location: Remote - United States

Description

The Senior Director of IT & Security is a strategic, hands-on leader responsible for overseeing and modernizing DeepSeas’ internal IT infrastructure, strengthening enterprise security posture, and owning compliance programs. This executive role bridges technology operations and regulatory governance, ensuring that our systems, processes, and client-facing commitments meet the highest standards of security, availability, and compliance.

This is a high-impact, high-visibility role for a seasoned leader who thrives at the intersection of technology leadership and risk management, and who can translate complex regulatory requirements into actionable programs across the organization.

Key Responsibilities

IT Strategy & Infrastructure

Own and evolve the enterprise IT roadmap, including cloud infrastructure, end-user computing, networking, and tooling.
Lead a high-performing IT team, fostering a culture of operational excellence and continuous improvement.
Oversee vendor relationships, SLAs, and technology procurement to optimize cost, reliability, and security.
Champion digital transformation initiatives and drive adoption of scalable, modern IT solutions.
Own IT systems across the enterprise including user provisioning / de-provisioning, usage management, renewal strategy, etc.
Identify and execute cost optimization opportunities across SaaS, licensing, vendors, and internal IT operations.
Lead M&A integration activities related to IT, Security, and Compliance to drive unified architecture and cost savings

Compliance & Regulatory Governance

Own and manage compliance programs including SOC 2, ISO 27001, CMMC (contemplated), and other applicable frameworks.
Lead annual and continuous audit readiness activities, serving as the primary liaison with external auditors and regulators.
Develop, maintain, and enforce enterprise policies, standards, and procedures in alignment with regulatory requirements.
Monitor the evolving regulatory landscape and proactively adapt programs to address new requirements.

Information Security

Oversee identity and access management (IAM), endpoint security, data loss prevention, and vulnerability management programs.
Ensure security by design principles are embedded across IT systems, projects, and procurement processes.

Risk Management

Lead enterprise risk assessments and third-party/vendor risk management programs.
Maintain the IT risk register and drive remediation of identified gaps and control deficiencies.
Report on compliance and risk posture to executive leadership and the Board as required.

Leadership & Cross-Functional Collaboration

Serve as a trusted advisor to executive leadership on IT strategy, risk, and regulatory matters.
Collaborate closely with Legal, Finance, HR, and client-facing teams to ensure aligned, enterprise-wide compliance.
Build and mentor a diverse, high-performing team of IT and compliance professionals.

Skills, Knowledge and Expertise

10+ years of progressive IT leadership experience, with at least 5 years in a Senior Director or VP-level role.
Deep expertise in compliance frameworks including SOC 2, ISO 27001, HIPAA, PCI-DSS, and/or CMMC.
Proven experience managing and scaling enterprise IT infrastructure.
Strong background in information security principles, risk management, and audit leadership.
Exceptional communication and executive presence, with the ability to translate technical complexity to non-technical stakeholders.
Experience managing and developing high-performing teams in a fast-paced, growth-oriented environment.
Experience leading a remote-first distributed workforce leveraging on and off-shore resources

Preferred

Relevant certifications: CISM, CISSP, CRISC, CISA, or equivalent.
Prior experience at a managed security services provider (MSSP) or professional services firm.
Familiarity with GRC platforms (e.g., Vanta, Drata, ServiceNow GRC, OneTrust).
Experience with FedRAMP, NIST 800-53, or state-level data privacy laws (CCPA, CPRA, etc.).
MBA or advanced degree in Information Systems, Computer Science, or related field.

Why Deep Seas?

At DeepSeas, we like to say that heart rates go down, careers take off, and security programs mature. Our values provide the ultimate guide for our daily behavior and decisions. Without these values, we aren’t DeepSeas. They preserve the essence of our organization, reflect the personalities of our Deeps (how we affectionately refer to our teammates), and enable us to exceed expectations. Our values are:

We are client obsessed.
We stand in solidarity with our teammates.
We prioritize personal health and well-being.
We believe in the power of diversity.
We solve hard problems at the speed of cyber.

This is your chance to join a supportive crew of teammates and an industry-leading organization that values opportunities for growth. If DeepSeas sounds like a good fit for you, send us your resume and let’s talk!

Information security is everyone’s responsibility:

Understanding and following DeepSeas’s information security policies and procedures.
Remaining vigilant and reporting any suspicious activity or possible weaknesses in DeepSeas’s information security.
Actively participating in DeepSeas’s efforts to maintain and improve information security.
DeepSeas considers this position is as Moderate Risk with a potential to view/access/download restricted/private client/internal data.
This information must be treated with sensitivity and in the most secure manner.
HR reserves the right to perform random background/drug screens to ensure the safety of client/DeepSeas data.