Director of Security

🕒 Maio 14

Candidatar-se

Encontrar Vagas Remotas Similares

Receber Emails de Vagas Remotas

📊 Verifique sua pontuação de currículo para esta vaga

Melhore suas chances de conseguir uma entrevista verificando sua pontuação de currículo antes de se candidatar.

Enviar Currículo

Crete Professionals Alliance

SiteLinkedInTodas as Vagas

51 - 200 funcionários

A Crete Professionals Alliance (Crete PA) é uma rede colaborativa de empresas de contabilidade e serviços profissionais. O modelo Crete PA foi desenvolvido para aumentar o poder das marcas e culturas locais, com capacidades de plataforma nacional, para criar oportunidades de crescimento para o negócio e progressão de carreira para nossa equipe. Com nossa parceria, se o negócio vence, todos vencemos. #TeamCrete

Descrição

• Own the enterprise information security, compliance & business continuity program across Crete (corporate) and all member firms. • Build standardized, scalable security controls, governance, and operations across multiple independent control environments. • Define the multi-year security strategy and roadmap across Crete and member firms in a federated model. • Establish and maintain the security policy framework, standards, and minimum control baseline across all firms. • Build security operating rhythms and executive reporting: KPIs, risk posture, incident trends, audit/compliance status, and program progress for Crete leadership and firm leaders. • Partner with IT, data, and engineering leadership to embed security into operations, architecture decisions, and change management across the portfolio. • Lead security diligence for M&A: current-state control assessments, key risk identification, remediation estimates. • Drive security integration of new firms (people/process/technology) across separate environments. • Provide security architecture oversight for cloud and hybrid environments with emphasis on Azure, Intune, and Microsoft Defender. • Oversee day-to-day security operations: vulnerability management, patch/risk prioritization, endpoint and email security, tooling lifecycle, and event triage. • Manage third-party MDR/SOC providers and drive continuous improvement of monitoring outcomes. • Own the incident response program end-to-end: runbooks, tabletop exercises, ransomware preparedness. • Implement consistent risk management across firms – periodic assessments, control testing, remediation tracking. • Support member firms with client-driven security and compliance requirements (NIST CSF, CIS, SOC 2 Type II). • Lead security awareness and training programs tailored to professional services workflows. • Lead, coach, and develop the cybersecurity team.

🎯 Requisitos

• 10+ years of progressive experience in information security or cybersecurity. • 3+ years leading and developing security teams. • Demonstrated M&A, private equity, or roll-up experience. • Strong understanding of cloud security principles with hands-on Azure and Microsoft security experience. • Experience managing and governing compliance standards (NIST, CSF, CIS, and SOC2 Type II preferred) • Experience managing business continuity programs and lifecycle • Microsoft Azure/Intune experience • Experience managing third-party security services (MDR/SOC, IR retainers, testing vendors). • Proven ability to design and run a complete enterprise security control program. • Excellent stakeholder management and executive communication skills. • Bachelor’s degree or equivalent experience; security certifications preferred (CISSP). • Professional services experience and/or accounting and CPA firm experience strongly preferred.

🏖️ Benefícios

• Offers Bonus