Director of Infrastructure – Security

Job not on LinkedIn

🔥 0 minutes ago

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

Newfire Global Partners

WebsiteLinkedInAll Job Openings

501 - 1000 employees

Founded 2016

🤝 B2B

🤖 Artificial Intelligence

💳 Fintech

B2B • Artificial Intelligence • Fintech

Newfire Global Partners is an American IT services and advisory firm (founded in 2016 in Boston) that provides talent augmentation, software engineering, data & analytics, and AI/ML advisory to enterprise and investor clients. The company offers multidisciplinary engineering, product, and marketing teams, technical due diligence for VC/PE, data platform optimization, and an internal ML tool (Novel Heat) to improve code quality and Scrum velocity. Newfire operates across the Americas, Europe, and APAC with a 24x5 follow-the-sun delivery model and focuses on sectors such as digital healthcare, fintech, cybersecurity, and education technology.

📋 Description

• - Own the design, roadmap, and execution of the client's infrastructure and cybersecurity programs, aligned to HIPAA, NIST, SOC 2, PCI, and internal InfoSec standards • - Oversee secure-by-default architectural design across all platforms • - Manage infrastructure budget, team resourcing, and resource allocation • - Serve as a strategic partner to product, legal, and engineering leadership • - Lead, mentor, and manage the Infrastructure and Security team with sprint-based delivery practices and measurable throughput • - Drive a shift from reactive to proactive operations by building organizational visibility into workload, capacity, and priorities • - Own the InfraSec support request intake and triage process • - Establish cross-functional prioritization cadence with Engineering, Product, Data, and Leadership • - Act as a hands-on technical leader contributing directly to security and infrastructure design, review, and implementation • - Serve as senior escalation point for complex deployments, secure architecture, and incident resolution • - Champion engineering self-service for routine InfraSec operations with appropriate guardrails • - Maintain cybersecurity policies and documentation aligned with applicable standards • - Own audit readiness for HIPAA, SOC 2 Type 2, PCI SAQ-D, and internal InfoSec assurance engagements • - Lead Vanta implementation and ongoing compliance automation • - Lead third-party and vendor risk assessments; maintain the vendor security catalog • - Conduct ongoing vulnerability assessments, threat detection, and mitigation • - Own and maintain incident response and disaster recovery plans • - Drive continuous risk-management education across the organization • - Manage identity and access governance across employees, contractors, and systems • - Maintain endpoint protection coverage (CrowdStrike, Tenable) aligned to applicable control frameworks

🎯 Requirements

• - 7+ years of experience in infrastructure and cybersecurity, with at least 3 years in a people management or team lead capacity in a regulated environment • - Deep expertise in HIPAA, NIST, and SOC 2 compliance • - Proven track record building operational processes: intake triage, sprint-based delivery, cycle time measurement, and cross-functional prioritization • - Strong technical fluency across cloud infrastructure (AWS preferred), endpoint security, access management, and compliance tooling (Vanta, CrowdStrike, Tenable) • - Excellent communication skills — able to translate security posture and risk for non-technical stakeholders and executive leadership • - Experience managing vendor risk assessment programs and third-party security reviews • - US East Coast timezone overlap required • - Professional certifications preferred: CISSP, CISM, or GIAC GCED

🏖️ Benefits

• - SOC 2 Type 2: zero critical Trust Services Criteria exceptions • - PCI SAQ-D: 100% annual submission with no major gaps • - Incident response: 90% of incidents triaged within SLA (high severity within 1 hour) • - Infrastructure uptime: 99.9% monthly across mission-critical systems • - Sprint delivery: 90% of committed items delivered on time • - Change failure rate: less than 5% of changes resulting in an incident or unplanned rollback.