Director of Information Security

Summary

Join Sylogist, a purpose-driven company empowering its customers, as the Director, Information Security. Reporting to the CITO, you will develop, implement, and oversee security protocols, compliance programs, and risk management strategies. This role requires a strong background in cloud infrastructure management, compliance frameworks, and strategic security planning. You will enhance security team accomplishments, define security protocols, develop installation requirements for network devices, and execute corporate identity and access control. Incident response, phishing program management, roadmap development, vulnerability scanning, and staying current on security practices are also key responsibilities. Sylogist offers a remote-first work environment and benefits covering health, wealth, and wellness.

Requirements

• Bachelor’s degree in Computer Science, Cybersecurity, or a related field
• 5+ years of experience in information security
• Cloud infrastructure management experience
• Certifications such as CISSP, CISM, Azure Solutions Architect Expert, Azure Security Architect Expert, or CCSP (preferred)
• Proficiency in Azure IaaS/PaaS, IaC (Terraform/Bicep), and SIEM tools
• Deep knowledge of GDPR, SOC 2, NIST CSF, and PCI DSS
• Experience managing global compliance programs
• Strategic planning, vendor negotiation, and crisis management skills
• Strong working knowledge of IT risks, cybersecurity, and operating systems
• Excellent communication and interpersonal skills

Responsibilities

• Enhance security team accomplishments and competencies by planning the delivery of solutions and responding to technical RFPs and miscellaneous questions
• Define security protocols by evaluating business strategies and requirements
• Develop, review, and approve installation requirements for LANs, WANs, VPNs, firewalls, routers, and related network devices
• Execute corporate identity and access control by implementing Azure AD solutions, MFA, and Privileged Access Management (PAM)
• Respond to and investigate security incidents, providing thorough post-event analysis
• Manage secure phishing programs and ensure compliance through tools and ongoing training
• Develop and maintain a corporate security roadmap to include ongoing system upgrades
• Conduct vulnerability scans, penetration tests, and incident response drills
• Verify security systems by developing and implementing test scripts
• Stay current on emerging security practices and standards; participate in educational opportunities, review professional publications, and engage in professional organizations
• Partner with DevOps and architectural teams on security best practices
• Document and review corporate policies to ensure compliance with NIST and other industry standards
• Review and ensure product compliance with privacy requirements (GDPR, CCPA, PIPEDA, and global privacy laws)
• Implement data classification, encryption (at rest/in transit), and DLP solutions
• Develop, implement, and document disaster recovery and business continuity plans
• Conduct Privacy Impact Assessments (PIAs) for new systems and data flows
• Conduct quarterly security workshops on emerging threats (e.g., ransomware, social engineering)
• Maintain training records for compliance audits (SOC 2, ISO 27001)
• Vendor & Cloud Risk: Manage third-party risk assessments (including Microsoft Azure environments)
• Monitor compliance of SaaS vendors

Preferred Qualifications

• Microsoft Azure security certification
• Additional advanced security or cloud certifications
• Experience with privacy compliance programs across multiple jurisdictions

Benefits

• A company where you can really make a meaningful impact
• A healthy work-life balance
• Benefits that cover health, wealth, and wellness
• Sylogist is a remote-first company