Director of Infrastructure – Security

This is a fully remote position, open to applicants in Colombia.

📋 Description

• Take ownership of the design, roadmap, and execution of the client's infrastructure and cybersecurity initiatives, ensuring alignment with HIPAA, NIST, SOC 2, PCI, and internal InfoSec standards.

• Supervise secure-by-default architectural designs across all platforms.

• Oversee the infrastructure budget, team resources, and allocation of resources.

• Act as a strategic collaborator with product, legal, and engineering leadership.

• Lead, mentor, and manage the Infrastructure and Security team utilizing sprint-based delivery practices and measurable performance metrics.

• Facilitate a transition from reactive to proactive operations by enhancing organizational visibility into workload, capacity, and priorities.

• Manage the InfraSec support request intake and triage process.

• Establish a regular cross-functional prioritization schedule with Engineering, Product, Data, and Leadership.

• Serve as a hands-on technical leader, directly contributing to the design, review, and implementation of security and infrastructure.

• Function as the senior escalation point for complex deployments, secure architecture, and incident resolution.

• Promote engineering self-service for routine InfraSec operations while maintaining appropriate guardrails.

• Ensure cybersecurity policies and documentation are aligned with relevant standards.

• Take responsibility for audit readiness concerning HIPAA, SOC 2 Type 2, PCI SAQ-D, and internal InfoSec assurance engagements.

• Lead the implementation of Vanta and ongoing compliance automation processes.

• Conduct third-party and vendor risk assessments and maintain the vendor security catalog.

• Carry out continuous vulnerability assessments, threat detection, and mitigation strategies.

• Own and maintain incident response and disaster recovery plans.

• Promote ongoing risk-management education throughout the organization.

• Manage identity and access governance for employees, contractors, and systems.

• Ensure endpoint protection coverage (CrowdStrike, Tenable) is in line with applicable control frameworks.

⛳️ Requirements

• Minimum of 7 years of experience in infrastructure and cybersecurity, including at least 3 years in a leadership or team lead role within a regulated environment.

• In-depth knowledge of HIPAA, NIST, and SOC 2 compliance requirements.

• A proven history of establishing operational processes such as intake triage, sprint-based delivery, cycle time measurement, and cross-functional prioritization.

• Strong technical expertise in cloud infrastructure (preferably AWS), endpoint security, access management, and compliance tools (Vanta, CrowdStrike, Tenable).

• Exceptional communication skills to effectively convey security posture and risk to non-technical stakeholders and executive leadership.

• Experience in managing vendor risk assessment programs and conducting third-party security reviews.

• US East Coast timezone availability is required.

• Professional certifications such as CISSP, CISM, or GIAC GCED are preferred.

🏝️ Benefits

• SOC 2 Type 2: zero critical Trust Services Criteria exceptions.

• PCI SAQ-D: 100% annual submission with no significant gaps.

• Incident response: 90% of incidents triaged within SLA (high severity within 1 hour).

• Infrastructure uptime: 99.9% monthly across mission-critical systems.

• Sprint delivery: 90% of committed items delivered on schedule.

• Change failure rate: less than 5% of changes resulting in an incident or unplanned rollback.