Director of Security

Crete Professionals Alliance

Director of Security responsible for information security and compliance for Crete Professionals Alliance. Leading a team, managing risk, and integrating security processes across the organization.

Posted 5/14/2026full-timeRemote • 🇺🇸 United StatesLead💰 $187,000 - $225,000 per yearWebsite

Tech Stack

Tools & technologies

AzureCloudCyber Security

About the role

Key responsibilities & impact

Own the enterprise information security, compliance & business continuity program across Crete (corporate) and all member firms.
Build standardized, scalable security controls, governance, and operations across multiple independent control environments.
Define the multi-year security strategy and roadmap across Crete and member firms in a federated model.
Establish and maintain the security policy framework, standards, and minimum control baseline across all firms.
Build security operating rhythms and executive reporting: KPIs, risk posture, incident trends, audit/compliance status, and program progress for Crete leadership and firm leaders.
Partner with IT, data, and engineering leadership to embed security into operations, architecture decisions, and change management across the portfolio.
Lead security diligence for M&A: current-state control assessments, key risk identification, remediation estimates.
Drive security integration of new firms (people/process/technology) across separate environments.
Provide security architecture oversight for cloud and hybrid environments with emphasis on Azure, Intune, and Microsoft Defender.
Oversee day-to-day security operations: vulnerability management, patch/risk prioritization, endpoint and email security, tooling lifecycle, and event triage.
Manage third-party MDR/SOC providers and drive continuous improvement of monitoring outcomes.
Own the incident response program end-to-end: runbooks, tabletop exercises, ransomware preparedness.
Implement consistent risk management across firms – periodic assessments, control testing, remediation tracking.
Support member firms with client-driven security and compliance requirements (NIST CSF, CIS, SOC 2 Type II).
Lead security awareness and training programs tailored to professional services workflows.
Lead, coach, and develop the cybersecurity team.

Requirements

What you’ll need

10+ years of progressive experience in information security or cybersecurity.
3+ years leading and developing security teams.
Demonstrated M&A, private equity, or roll-up experience.
Strong understanding of cloud security principles with hands-on Azure and Microsoft security experience.
Experience managing and governing compliance standards (NIST, CSF, CIS, and SOC2 Type II preferred)
Experience managing business continuity programs and lifecycle
Microsoft Azure/Intune experience
Experience managing third-party security services (MDR/SOC, IR retainers, testing vendors).
Proven ability to design and run a complete enterprise security control program.
Excellent stakeholder management and executive communication skills.
Bachelor’s degree or equivalent experience; security certifications preferred (CISSP).
Professional services experience and/or accounting and CPA firm experience strongly preferred.

Benefits

Comp & perks

Offers Bonus 📊 Check your resume score for this job Improve your chances of getting an interview by checking your resume score before you apply. Check Resume Score

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

information securitycybersecuritycloud securityvulnerability managementrisk managementincident responsesecurity architecturebusiness continuitysecurity controlscompliance management

Soft Skills

stakeholder managementexecutive communicationteam leadershipcoachingdevelopmentstrategic planningcollaborationproblem-solvingtrainingreporting

Certifications

CISSPNISTCISSOC 2 Type IIISO 27001CEHCISMCRISCCompTIA Security+GIAC