Director of Security – GRC

📋 Description

• Lead, develop, and expand the team and systems responsible for Censys’ corporate security infrastructure.

• Oversee the company's security requirements from endpoint provisioning to implementing tools that enhance our overall security posture while ensuring simplicity for all employees.

• Manage the Security team; assign daily tasks and ensure critical functions are covered during PTO to maintain a high Service Level Agreement (SLA).

• Take full ownership of the endpoint lifecycle, including provisioning, application deployment, security controls, and asset retirement.

• Collaborate with internal teams to enforce compliance across endpoints and assist users in understanding how security policies affect their daily tasks.

• Manage and secure cloud environments while coordinating the security configuration of software and tools.

• Create and deliver Security Awareness Training for internal users.

• Compile and develop documentation for security processes and establish a knowledge base for the team.

• Design, implement, and oversee the company’s Data Loss Prevention (DLP) program, encompassing policies, tools, and enforcement across endpoints, cloud, and email.

• Operate and manage the insider threat program, which includes behavioral monitoring, investigation workflows, and collaboration with Legal, HR, and senior leadership as necessary.

• Collaborate with engineering and infrastructure teams to ensure security telemetry and logging coverage fulfills both operational and compliance requirements.

• Spearhead the development and execution of Censys’ compliance strategy to achieve and maintain adherence to ISO 27001, SOC 2 Type 2, UK NCSC Cyber Essentials+, and CMMC, in conjunction with the Security and Operations teams.

• Formulate, review, and update organizational policies and procedures to comply with governance and compliance requirements.

• Supervise timely responses to security questionnaires and other sales inquiries related to organizational and product security and privacy.

• Validate and respond to inbound legal processes as mandated by federal law.

• Support the procurement process by reviewing proposed purchases for security and privacy implications.

• Manage control and process libraries.

• Conduct ongoing risk assessments.

• Perform other duties as assigned.

⛳️ Requirements

• Over 10 years of progressive experience in cybersecurity, including at least 3 years in a senior leadership or Director-level position.

• Proven experience in owning and operating enterprise security programs, including DLP, insider threat, and detection and response.

• Extensive knowledge of compliance frameworks such as ISO 27001, SOC 2 Type 2, CMMC, NIST, and GDPR.

• Experience in building and managing security telemetry, SIEM, and detection engineering programs.

• Strong understanding of cloud security (AWS, GCP, or Azure), endpoint security, and identity and access management.

• Demonstrated ability to lead, mentor, and develop a high-performing security team.

• Exceptional written and verbal communication skills, capable of conveying complex security concepts to executive leadership, legal, and non-technical stakeholders.

• Experience in managing security incident response, including coordination with Legal, HR, and executive leadership.

• Background in developing security programs within a high-growth or scale-up environment.

🏝️ Benefits

• 401k match

• Health insurance

• Vision coverage

• Dental insurance

• And more!