Director, Information Security

Summary

Join GeorgeJon as an Information Security Leader to shape and operationalize our cybersecurity program. You will define security strategies, implement solutions, mentor staff, and respond to security needs. Lead compliance initiatives (SOC 2, ISO 27001), conduct risk assessments, and serve as a trusted partner during customer due diligence. The ideal candidate is a hands-on leader who leads with expertise, builds trust, and drives execution. This role offers the opportunity to make a foundational impact on GeorgeJon’s security posture. You will also engage directly with customers to communicate our security posture and respond to detailed inquiries.

Requirements

• Bachelor’s degree in computer science, cybersecurity, information systems, or a related field (or equivalent experience)
• At least 5 years of progressive experience in information security or a related technical field
• Proven ability to implement and manage security controls in Windows and Linux environments and cloud platforms such as AWS or Azure
• Hands-on experience with SIEM tools, endpoint protection, vulnerability management, firewalls, and scripting or automation
• Strong familiarity with compliance frameworks such as SOC 2, ISO 27001, and HIPAA
• Excellent communication skills with the ability to engage across engineering, leadership, audit, and customer teams
• Demonstrated ability to lead by example, operate autonomously, and mentor others in a fast-moving environment

Responsibilities

• Define and implement security strategies, policies, and processes that support business goals and align with industry standards
• Own the full lifecycle of GeorgeJon’s information security program, from defining objectives to executing initiatives
• Actively manage and harden system configurations, cloud environments, and network security controls
• Lead compliance efforts across SOC 2, ISO 27001, and customer-specific requirements
• Coordinate audit preparation and respond to auditor requests with complete and well-organized documentation
• Maintain and continuously improve compliance processes and supporting artifacts
• Serve as the primary security resource for customer RFPs, due diligence questionnaires, and contract negotiations
• Collaborate with Sales, Legal, and Account Management teams to support pre and post sales activities
• Engage directly with customers to communicate our security posture and respond to detailed inquiries
• Identify and assess security risks across the organization and implement practical controls
• Lead incident response efforts, manage investigations, and drive post-incident remediation
• Conduct vulnerability scanning, threat monitoring, and hands-on mitigation in coordination with engineering
• Operate as a working leader by managing technical tasks while mentoring and coaching others
• Define and delegate tactical information security responsibilities across engineering teams
• Foster a culture of security awareness through documentation, training, and continuous improvement
• Evaluate and optimize security tools and practices for effectiveness, adoption, and value

Preferred Qualifications

• Experience supporting customer trust programs or working directly with customers on security evaluations
• Background in IT operations, infrastructure, or DevSecOps
• Familiarity with tools such as CrowdStrike, Rapid7, or Splunk
• A pragmatic approach to security that aligns with agile, high-growth environments
• EDiscovery industry experience
• Industry certifications such as CISSP, CISM, or CEH

Benefits

• Remote-first work environment
• A high-value, low-cost BCBS health insurance plan
• 401(k) with company match
• Ample time off including a full week in December
• Paid parental leave for primary and secondary caregivers
• A wellness reimbursement program