Director of Security

🕒 il y a 27 jours

Postuler Maintenant

Trouver des Emplois à Distance Similaires

Recevoir des emails pour des emplois à distance

📊 Vérifiez votre score de CV pour ce poste

Améliorez vos chances d'obtenir un entretien en vérifiant votre score de CV avant de postuler.

Télécharger le CV

Crete Professionals Alliance

Site WebLinkedInTous les Emplois

51 - 200 employés

Crete Professionals Alliance (Crete PA) est un réseau collaboratif de cabinets de comptabilité et de services professionnels. Le modèle Crete PA est conçu pour renforcer le pouvoir des marques locales et de la culture, avec des capacités nationales, pour créer des opportunités de croissance pour l'entreprise et de progression de carrière pour notre personnel. Avec notre partenariat, si l'entreprise réussit, nous réussissons tous. #ÉquipeCrete

Description

• Own the enterprise information security, compliance & business continuity program across Crete (corporate) and all member firms. • Build standardized, scalable security controls, governance, and operations across multiple independent control environments. • Define the multi-year security strategy and roadmap across Crete and member firms in a federated model. • Establish and maintain the security policy framework, standards, and minimum control baseline across all firms. • Build security operating rhythms and executive reporting: KPIs, risk posture, incident trends, audit/compliance status, and program progress for Crete leadership and firm leaders. • Partner with IT, data, and engineering leadership to embed security into operations, architecture decisions, and change management across the portfolio. • Lead security diligence for M&A: current-state control assessments, key risk identification, remediation estimates. • Drive security integration of new firms (people/process/technology) across separate environments. • Provide security architecture oversight for cloud and hybrid environments with emphasis on Azure, Intune, and Microsoft Defender. • Oversee day-to-day security operations: vulnerability management, patch/risk prioritization, endpoint and email security, tooling lifecycle, and event triage. • Manage third-party MDR/SOC providers and drive continuous improvement of monitoring outcomes. • Own the incident response program end-to-end: runbooks, tabletop exercises, ransomware preparedness. • Implement consistent risk management across firms – periodic assessments, control testing, remediation tracking. • Support member firms with client-driven security and compliance requirements (NIST CSF, CIS, SOC 2 Type II). • Lead security awareness and training programs tailored to professional services workflows. • Lead, coach, and develop the cybersecurity team.

🎯 Exigences

• 10+ years of progressive experience in information security or cybersecurity. • 3+ years leading and developing security teams. • Demonstrated M&A, private equity, or roll-up experience. • Strong understanding of cloud security principles with hands-on Azure and Microsoft security experience. • Experience managing and governing compliance standards (NIST, CSF, CIS, and SOC2 Type II preferred) • Experience managing business continuity programs and lifecycle • Microsoft Azure/Intune experience • Experience managing third-party security services (MDR/SOC, IR retainers, testing vendors). • Proven ability to design and run a complete enterprise security control program. • Excellent stakeholder management and executive communication skills. • Bachelor’s degree or equivalent experience; security certifications preferred (CISSP). • Professional services experience and/or accounting and CPA firm experience strongly preferred.

🏖️ Avantages

• Offers Bonus