Apply
Director of Information Security
Fully Remote
Apply
Description

The Director of Information Security is responsible for leading Civix's enterprise information security program across corporate systems, cloud infrastructure, SaaS products, and customer-facing security initiatives. This leader partners closely with Engineering, Product Management, Cloud Operations, Compliance, Customer Success, and Executive Leadership to ensure security is embedded throughout the software development lifecycle while maintaining a strong internal security posture. 


This role owns the strategic direction, governance, and operational execution of the company's security program, including compliance initiatives, security operations, product security, security awareness, and incident response. The Director will lead a team of security professionals while serving as the primary security advisor for customers, auditors, vendors, and executive leadership.  This is a hands-on leadership role in a scaling organization; the Director is expected to both lead and directly contribute where needed. 


This position reports directly to the CTO.

Requirements

Security Strategy & Leadership 

  • Develop and execute the company's enterprise information security strategy. 
  • Establish security policies, standards, procedures, and governance practices. 
  • Partner with executive leadership to assess and mitigate enterprise risk. 
  • Build and mentor a high-performing Information Security team. 
  • Establish security metrics and regularly report program health to executive leadership. 
  • Foster a culture where security is viewed as a business enabler rather than a gatekeeper. 
  • Define security requirements that are binding across Engineer, Product, and IT. 
  • Own security budget, tooling selection, and staffing roadmap. 

Product & Application Security 

  • Lead product security initiatives across Civix's SaaS portfolio. 
  • Partner with Engineering leadership to integrate security throughout the SDLC. 
  • Drive secure software development practices and developer enablement. 
  • Oversee vulnerability management, code scanning, penetration testing, and remediation prioritization. 
  • Guide threat modeling and architecture reviews for new products and major initiatives. 
  • Establish application security standards across multiple development organizations. 
  • Balance product velocity with risk-based security decision-making. 
  • Drive automation-first security, CI/CD integration, policy-as-code, and continuous compliance  

Governance, Risk & Compliance 

  • Own enterprise compliance initiatives including: 
  • SOC 2 
  • FedRAMP readiness and supporting programs 
  • CJIS-related security controls 
  • Customer security assessments 
  • Internal security audits 
  • Manage security policies and control frameworks. 
  • Coordinate external auditors and compliance partners. 
  • Track remediation efforts and ensure timely closure of findings. 
  • Partner with Legal and Compliance on customer contractual security requirements. 
  • Maintain formal enterprise risk management framework alignment with NIST 800-53  

Security Operations 

  • Oversee enterprise vulnerability management. 
  • Lead incident response planning and execution. 
  • Coordinate security monitoring and investigation activities. 
  • Direct third-party security testing and remediation efforts. 
  • Oversee identity and access management security practices. 
  • Ensure continuous improvement of operational security controls. 
  • Building guardrails and automation vs manual gatekeeping. 

Customer & Election Security 

  • Support high-profile customer implementations and critical election events where security readiness is essential. 
  • Act as executive face of for customers, including high-trust government and elections clients. 
  • Assist Sales and Customer Success with security questionnaires and customer due diligence. 
  • Partner with Product and Engineering to ensure customer-facing security commitments are achieved. 
  • Ability to translate complex security concepts into customer confidence.  

Vendor & Third-Party Security 

  • Serve as primary security contact for security vendors, auditors, and strategic partners. 
  • Oversee third-party security assessments. 
  • Evaluate security technologies and recommend investments. 
  • Manage relationships with penetration testing firms and compliance partners.  

Security Awareness & Organizational Enablement 

  • Lead company-wide security awareness and training initiatives. 
  • Build secure development education programs. 
  • Promote security-first thinking throughout the organization. 
  • Provide coaching and guidance to engineering leaders on security prioritization and best practices. 

Leadership Responsibilities 

  • Lead and mentor Information Security Analysts and Engineers. 
  • Establish goals, career development plans, and performance expectations. 
  • Build scalable security processes that support organizational growth. 
  • Collaborate across Engineering, Product, Cloud Operations, Customer Success, and Corporate IT. 
  • Influence without authority across multiple organizations. 

Qualifications 


Required 

  • 10+ years of progressive Information Security experience. 
  • 5+ years leading Information Security teams. 
  • Experience securing cloud-native SaaS platforms (AWS preferred). 
  • Strong understanding of modern application security practices. 
  • Experience leading enterprise compliance programs including SOC 2. 
  • Experience supporting or preparing organizations for FedRAMP or comparable government security frameworks. 
  • Experience managing vulnerability management and remediation programs. 
  • Knowledge of secure software development practices. 
  • Experience responding to customer security assessments and audits. 
  • Strong executive communication skills. 
  • Demonstrated ability to balance security, business objectives, and customer needs. 

Preferred 

  • Experience in GovTech, LegalTech, Elections, or regulated SaaS industries. 
  • Experience with CJIS, NIST 800-53, CIS Controls, OWASP, and Zero Trust principles. 
  • Familiarity with DevSecOps practices and cloud security tooling. 
  • Experience supporting enterprise customers during critical production events. 
  • Professional certifications such as CISSP, CISM, CCSP, GIAC, or equivalent. 

Technical Experience 

Experience with many of the following is preferred: 

  • AWS Security Services 
  • Microsoft Azure security 
  • IAM / SSO / MFA 
  • Vulnerability Management Platforms 
  • SIEM/SOAR solutions 
  • Endpoint Detection & Response 
  • Static and Dynamic Code Analysis 
  • Container Security 
  • Infrastructure as Code security 
  • Security automation 
  • Incident Response tooling 
  • FedRAMP and NIST control implementation 

Success Measures 

The successful candidate will: 

  • Maintain and mature Civix's enterprise security posture. 
  • Successfully lead SOC 2 and FedRAMP-related initiatives. 
  • Reduce organizational risk through proactive security leadership. 
  • Improve security maturity across products and engineering teams. 
  • Build strong partnerships with customers and internal stakeholders. 
  • Establish a security organization that enables product delivery while maintaining high standards of governance and compliance. 
  • Mentor and develop a highly effective security team. 
  • Serve as a trusted advisor to executive leadership on all matters related to cybersecurity, compliance, and enterprise risk. 
Apply
View All Jobs