Director, Information Security – IT

Kaseware

Director of Information Security & IT at Kaseware, leading security and compliance initiatives for critical software. Managing enterprise IT operations while ensuring robust security frameworks and practices.

Posted 4/30/2026full-timeDenver • Colorado • 🇺🇸 United StatesLead💰 $185,000 - $225,000 per yearWebsite

Tech Stack

Tools & technologies

AzureCloudJamf

About the role

Key responsibilities & impact

Serve as the named Information Security Officer (ISO), with delegated authority for control implementation, evidence collection, and ongoing attestation
Partner with the executive team on overall security strategy, risk posture, and executive reporting to the leadership team
Own the compliance program for Kaseware’s active certifications and pursuits, including but not limited to: FedRAMP, SOC 2 Type II, ISO/IEC 27001, State and federal CJIS, StateRAMP and TxRAMP
Manage 3PAO and external auditor engagements end to end; planning, evidence collection, walkthroughs, findings, and remediation tracking
Maintain the System Security Plan (SSP), Plan of Action & Milestones (POA&M), and continuous monitoring artifacts
Author and maintain company security policies, standards, and procedures; perform technical writing as needed
Review customer contracts, RFP responses, and partner agreements for compliance and security obligations
Lead enterprise IT operations across endpoint management (Mac and Windows, MDM, patching, lifecycle), identity and access management (Entra ID, SSO, SCIM, joiner/mover/leaver), Microsoft 365, and the corporate network
Own employee onboarding and offboarding, IT support, and SaaS administration for the corporate environment
Drive secure-by-default IT engineering – configuration baselines, vulnerability management, asset and license management, and access governance – in alignment with FedRAMP, CJIS, and ISO 27001 control requirements
Own the security incident response program – playbooks, tabletop exercises, communications, and post-incident review – for both security events and compliance violations
Coordinate cross-functional response during security incidents, breaches, and compliance escalations; document outcomes and report to leadership and regulatory bodies as required
Use lessons learned from incidents to evolve policies, controls, and tooling; integrate findings into continuous monitoring and the POA&M
Partner with Engineering on application security findings (penetration tests, SAST/DAST, container scans) where corporate or compliance reporting is required; AppSec ownership remains with Engineering
Lead, mentor, and develop a four-person team
Recruit and onboard new team members as the program grows; conduct performance reviews and career development planning
Lead company-wide security awareness, new-hire training, and role-specific training programs
Present compliance posture, audit results, and risk findings to executive leadership and, where appropriate, customers and regulators
Support the Sales team on customer-facing security and compliance requirements in RFPs, security questionnaires, and customer audits

Requirements

What you’ll need

10+ years of progressive experience in information security, IT, or compliance roles, with at least 4+ years in a leadership role managing people
Demonstrated experience as a named ISO, security lead, or equivalent on a FedRAMP package
CISSP required (CISM or CISA accepted as equivalent); CCEP, CRISC, or comparable compliance/risk certifications are a plus
Hands-on experience implementing and operating control frameworks: NIST SP 800-53 R5, FedRAMP, DoD IL5, SOC 2, ISO 27001:2022, ISO 27701, and CJIS
Working knowledge of StateRAMP, TxRAMP, CMMC, GDPR, and U.S. state privacy laws (CCPA/CPRA), with the ability to build a program that addresses applicable obligations across multiple frameworks
Enterprise IT leadership experience – endpoint management (Windows and Mac, MDM tooling such as Intune or Jamf), identity (Microsoft Entra ID, SSO/SCIM/MFA), Microsoft 365 administration, and corporate networking
Vulnerability management experience – running scan programs, triaging findings, maintaining a POA&M, and partnering with engineering teams on remediation
Strong vendor and customer-facing skills , supporting RFPs, security questionnaires, customer audits, and external auditor engagements
Excellent written and verbal communication; strong technical writing skills with a track record of authoring policies, procedures, and audit documentation
Working knowledge of software development practices and the security implications of cloud-native architectures (Azure preferred)
Self-starter who can operate without close supervision; strong attention to detail and judgment under pressure
Other duties as needed.

Benefits

Comp & perks

Excellent health, dental, and vision insurance with generous company contribution
Flex Spending Accounts
Unlimited paid vacation
12 paid company holidays
Paid Sick Time
Paid Parental Leave
401k with company matching
EcoPass provided for Colorado-based employees

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

information securitycompliancecontrol frameworksvulnerability managementtechnical writingendpoint managementidentity and access managementapplication securityrisk managementaudit documentation

Soft Skills

leadershipcommunicationteam developmentvendor managementcustomer engagementattention to detailself-starterjudgment under pressurecross-functional collaborationtraining and mentoring

Certifications

CISSPCISMCISACCEPCRISCISO 27001ISO 27701NIST SP 800-53 R5DoD IL5CJIS