Information Security Director

Company Description

The Director of Information Security will serve as Empyrean's Information Security Officer (ISO) and strategic leader of the company's information security program. This role is responsible for building, leading, and maturing security initiatives across the organization, with a strong focus on protecting infrastructure, networks, and cloud environments. The Director will oversee a team of security professionals, lead incident response when applicable, manage security tools and processes, and harmonize resources to achieve strategic outcomes. They will also be responsible for maintaining regulatory and audit readiness (SOC 2, ISO 27001, HIPAA, NIST-CSF) while supporting business growth and client trust through strong communication, governance, and technical leadership.

Essential Duties & Responsibilities

Strategic Leadership & Program Development

• Define and drive Empyrean's information security strategy in alignment with business objectives, roadmap task sets, and project initiatives, including collaboration with other stakeholders.
• Lead and mentor information security team, ensuring accountability, collaboration, and professional growth.
• Act as the “ringleader” of information security operations, harmonizing tools, resources, and personnel toward desired outcomes with the VP and leadership team.

Security Operations & Incident Response

• Oversee day‑to‑day operation of security tools, technologies, and processes.
• Lead the response to cyber incidents, including triage, investigation, remediation, and communication.
• Identify, assess, and mitigate potential security risks across infrastructure, networks, and cloud environments.

Compliance & Governance

• Ensure ongoing compliance with SOC 2, ISO 27001, HIPAA, and NIST-CSF standards.
• Represent Empyrean's security posture and program to auditors.
• Draft, refine, and enforce security‑centric policies, procedures, and standards.
• Represent and/or support Empyrean via client security reviews and questionnaires, and in client‑facing meetings.

Cloud & Infrastructure Security

• Support and secure both on‑premises and AWS cloud environments in partnership with infrastructure and engineering teams.
• Drive improvements in network and infrastructure security architecture in collaboration with stakeholders.

Communication & Collaboration

• Clearly articulate complex security topics to technical and non‑technical audiences, including executive leadership and clients.
• Deliver impactful security presentations to internal teams and external stakeholders.
• Support the VP in various ways to forward strategic and business outcomes, and roadmap execution.
• Other duties as outlined by the leadership team.

Non‑essential Duties

• Participate in audits and compliance activities as needed.
• Provide training and awareness to internal stakeholders.
• Contribute to process improvement initiatives outside of the direct scope where relevant technical expertise applies.

Required Skills & Abilities

• Deep technical background in information security, with strong knowledge of networks, infrastructure, and cloud platforms.
• Expertise with security tools, monitoring platforms, and incident response processes.
• Leadership and people management skills with demonstrated ability to inspire and develop teams.
• Exceptional project management skills, with the ability to define, drive, and deliver complex initiatives.
• Ability to interpret, draft, and enforce complex information security policies, procedures, and standards.
• Strong communication skills, with the ability to simplify and present complex topics to broad audiences.
• Experience working directly with clients on security topics (questionnaires, audits, presentations, etc.).
• Must have experience supporting SOC 2 and ISO 27001 audits, with knowledge of HIPAA and NIST-CSF frameworks.

Knowledge, Experience, and Education Requirements

• Bachelor's degree in Information Security, Computer Science, Information Technology, or a related field; equivalent experience considered.
• 8+ years of progressive experience in information security, including 3+ years in a leadership role.
• Documented experience supporting SOC 2 and ISO 27001 audits, with knowledge of HIPAA and NIST-CSF frameworks.
• Hands‑on experience with AWS or other major cloud providers highly desired.
• Relevant certifications (e.g., CISSP, CISM, CISA, CCSP) strongly preferred.

Other Requirements

• Ability to work on‑site, in a hybrid capacity, or remote as required by the role.
• Availability for after‑hours support as needed.
• Must be authorized to work in the United States without sponsorship.

Disclaimer

Disclaimer: This job description is not intended to be an exhaustive list of all duties, responsibilities, or qualifications associated with the job. Management reserves the right to modify or reassign job duties as business needs evolve.

Equal Opportunity Employer

Empyrean is an Equal Opportunity Employer: including disability and veterans.