Lead the lifecycle management of enterprise Information Security policies, standards, baselines, and guidelines
Ensure alignment with regulatory requirements, industry frameworks (e.g., NIST CSF, ISO 27001), and internal risk posture
Oversee periodic reviews, updates, and governance activities for all security documentation
Lead the enterprise Information Security–focused TPRM program, ensuring all third parties with access to corporate data, systems, or facilities undergo rigorous security risk assessments
Maintain assessment methodologies centered on security controls, including data protection, access management, vulnerability management, encryption practices, incident response maturity, and cloud security posture
Oversee due diligence processes, security questionnaires, evidence reviews, attestations (SOC 2, ISO 27001, penetration tests), and follow‑up remediation activities
Partner with Procurement, Legal, and business stakeholders to ensure contracts include appropriate security obligations, such as breach notification requirements, minimum security standards, and right‑to‑audit language
Monitor ongoing vendor security risk through periodic reassessments, continuous monitoring tools, and threat intelligence related to third‑party ecosystems
Deliver metrics and executive‑level reporting on the security posture of third parties, highlighting emerging risks, systemic gaps, and required remediation actions
Support the development and execution of the long‑term security strategy
Partner closely with cross‑functional business teams and IT leadership to ensure security strategy aligns with organizational goals, technology roadmaps, and operational priorities
Provide expert insight into risk-based prioritization, investment planning, and roadmap development
Monitor regulatory, threat, and technology trends to inform strategic decisions
Oversee the enterprise security awareness program, including phishing simulations, mandatory training, campaigns, and targeted education for high‑risk groups.

Requirements

8+ years of experience in Information Security, Risk Management, Compliance, or related fields
3+ years in a leadership role
Strong knowledge of security frameworks (NIST, ISO, SOC 2, CIS), risk methodologies, and regulatory requirements
Experience leading enterprise policy programs and vendor risk management activities
Proven ability to collaborate and influence across all levels of the organization
Excellent written and verbal communication skills with the ability to influence stakeholders, present to executives, and simplify complex risk topics

Benefits

health insurance
dental
vision
401k
PTO/paid sick leave
employee stock purchase plan

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

Information SecurityRisk ManagementComplianceSecurity frameworksNIST CSFISO 27001SOC 2CISVendor risk managementSecurity policy programs

Soft Skills

CollaborationInfluenceCommunicationLeadershipPresentationSimplification of complex topicsStakeholder engagementStrategic decision-makingCross-functional teamworkExpert insight