Director of Information Security

Summary

Join Truepic as their Director of Information Security and lead their security, privacy, and compliance efforts. You will be responsible for protecting the company, customers, and data by managing risk, strengthening IT security operations, and ensuring compliance with industry regulations. This role requires close collaboration with various teams to integrate security into all aspects of the business, oversee security audits, and maintain secure systems. You will serve as the primary contact for external auditors and customers on security matters. Success requires a strong technical background, excellent risk assessment skills, and the ability to balance hands-on operations with strategic planning. This is a leadership position requiring proactive collaboration and a commitment to best practices.

Requirements

• 8+ years of experience in information security, with at least 3+ years in a leadership or management role
• Proven track record of developing and leading security teams and programs in a SaaS or technology-driven environment
• Strong leadership, communication, and stakeholder management skills to work cross-functionally with engineering, product, legal, operations, and executive teams
• Deep understanding of security frameworks, regulations, and standards such as SOC 2 Type II, ISO 27001, CPRA, and GDPR
• Direct experience managing security audits, penetration tests, and compliance assessments, with the ability to drive remediation efforts
• Hands-on experience with risk management, including identifying, evaluating, and mitigating security threats and vulnerabilities
• Familiarity with application security - including mobile, web, and integrated technologies, secure software development (DevSecOps), and cloud security best practices
• Experience evaluating and configuring security tools, including endpoint security, identity and access management (IAM), and security monitoring solutions
• Strong understanding of network security, encryption, authentication, and security controls in SaaS environments
• Experience handling client and vendor security questionnaires and ensuring contractual security commitments are met
• Ability to oversee security incident response, disaster recovery, and business continuity planning
• Familiarity with IT security operations, including access management, device security, and troubleshooting security-related IT issues
• Experience developing security awareness programs and training employees on security best practices

Responsibilities

• Develop, implement, and oversee the company’s information security, privacy, and compliance programs to protect the business, our customers, and their data while ensuring regulatory compliance
• Continuously assess and collaborate across teams to improve security policies, procedures, and controls, keeping us aligned with SOC 2 Type II, ISO 27001, CPRA, and GDPR requirements
• Lead risk management efforts by identifying, evaluating, and mitigating security threats and vulnerabilities across the organization
• Handle client and vendor security questionnaires, ensuring we meet all contractual security commitments
• Work closely with engineering and product teams to embed security best practices into the software development lifecycle and infrastructure decisions
• Ensure security is a key consideration in the evaluation, selection, and configuration of applications and software
• Manage security audits, penetration tests, and compliance assessments, driving timely remediation of any findings
• Act as the primary point of contact for external auditors, regulators, and customers on security and compliance matters
• Oversee endpoint security, device management, and IT asset lifecycle management to keep employee systems secure and compliant
• Support IT operations, including access management, identity and authentication systems, and troubleshooting security-related IT issues
• Lead security awareness initiatives, educating employees through training programs and internal communications, proactively building awareness around “the why” for established protocol
• Oversee incident response and disaster recovery planning, ensuring fast and effective handling of security breaches
• Stay ahead of emerging threats, regulatory updates, and industry best practices, adapting our security strategy as needed
• Define metrics and reporting processes to track the effectiveness of security, IT support, and compliance initiatives for leadership and stakeholders
• Lead and grow the information security team, ensuring the department supports the company’s vision and evolving business needs