Director, Information Security

Suzy is an always-on consumer insights platform that connects organizations directly with their target audiences to make smarter, faster, and more consumer-centric decisions. We’re looking for an information security leader who can roll up their sleeves and take ownership of Suzy’s Information Security Management System (ISMS). As Director, Information Security, you’ll define and execute the company’s security strategy, ensuring both proactive risk management and security compliance maturity as we continue to scale. Position Summary: The Director, Information Security will provide both strategic input and hands-on technical acumen across all areas of Suzy’s security program — including endpoint protection, identity and access management, data loss prevention, cloud security, and compliance implementation. This role requires a hybrid mindset: someone who can architect and manage enterprise security infrastructure while also mentoring a growing team of engineers and analysts to operationalize best practices. Key Responsibilities: 1. Security Leadership & Program Ownership • Define and lead Suzy’s security roadmap, spanning endpoint, identity, network, and cloud domains. • Serve as a trusted advisor to leadership on security risk and technology priorities. • Foster a company-wide culture of security through education, influence, and automation. • Partner with the GRC lead to ensure technical controls map effectively to compliance frameworks. • Own the security strategy for Suzy’s global workforce footprint, including offshore vendor engagements, ensuring consistent security posture across diverse geographies, device management practices, and access models. 2. Identity & Access Management (IAM) • Own identity governance and access control within Azure Entra ID. • Design and enforce RBAC, group-based access, and conditional access policies — ensuring no direct access assignments. Oversee access review cycles, privileged identity management (PIM), and lifecycle automation tied to HR systems. • Continuously refine authentication and authorization mechanisms to support zero-trust principles. 3. Endpoint & Device Security • Oversee MDM operations via macOS and Windows (e.g., Kandji, Intune) to ensure configuration compliance, patch management, and device hardening. • Manage and optimize EDR solutions (e.g., CrowdStrike, SentinelOne) for proactive threat detection, response, and telemetry integration. • Drive automation of device onboarding, policy enforcement, and endpoint health reporting. • Collaborate with IT to ensure all endpoints align with Suzy’s security baselines. 4. Data Loss Prevention (DLP) & Network Security • Lead deployment and tuning of Zscaler and Netskope to secure web traffic and prevent data exfiltration. • Create adaptive DLP policies balancing protection and business enablement. • Integrate DLP and SASE event data into centralized monitoring and alerting pipelines. • Partner with engineering and operations to optimize traffic routing and data protection across the environment. 5. Security Operations & Incident Response • Own Suzy’s SIEM infrastructure (Azure Sentinel or equivalent), including rule creation, correlation logic, and escalation workflows. • Oversee vulnerability assessments, penetration tests, and incident detection and response processes. • Lead and document incident response activities, including post-incident reviews and corrective action plans. • Manage security vendor relationships, ensuring effective integration and performance of managed services. • Work closely with Suzy’s product and engineering teams to conduct business continuity and disaster recovery testing and readiness. 6. Cloud & Application Security (CNAPP) • Oversee cloud workload protection and posture management through Orca Security, Wiz, or equivalent CNAPP platforms. • Monitor and remediate cloud misconfigurations, vulnerabilities, and IAM risks. • Collaborate with DevOps to integrate CNAPP insights into CI/CD pipelines for continuous risk reduction. • Guide secure architecture reviews for new cloud deployments and application integrations. Qualifications: Required • 5+ years of experience in information security, with ideally 2 years in a management or leadership capacity. • Proven experience leading or contributing to enterprise security programs across endpoint, identity, and cloud domains. • Deep understanding of ISO 27001, SOC 2, ISO 42001, and NIST frameworks. • Strong communication and leadership skills with the ability to translate technical risk to business impact. • Demonstrated ability to build and scale teams, prioritize initiatives, and drive measurable results. Preferred • Certifications such as CISSP, CISM, SSCP, or Azure Security Engineer Associate (AZ-500). • Hands-on experience with: • MDM (Kandji, Intune) • EDR (CrowdStrike, SentinelOne) • DLP/SASE (Zscaler, Netskope) • SIEM (Azure Sentinel or equivalent) • Azure Entra ID (RBAC, Conditional Access, PIM) • CNAPP (Orca, Wiz) • Experience integrating tools with SIEM/SOAR platforms for end-to-end automation. • Familiarity with GitHub Advanced Security, secret scanning, and secure code practices. • Experience leading tabletop exercises and developing IR playbooks. Benefits: • We take care of our employees and their families. We have generous health dental and vision benefits, and our 401K plan vests immediately • A friendly, fun, and collaborative work environment that allows for frequent exposure to executives • The opportunity to make an immediate impact as a part of a fast-growing company • The target base compensation for this role is $155,000 - $175,000. Suzy is an equal opportunity employer. We are a welcoming place for everyone, and we do our best to ensure all people feel supported and connected at work. Suzy is committed to protecting its customers, employees, partners, and the company as a whole, from damaging acts that are intentional or unintentional. Effective security is a team effort involving the participation and support of every user who interacts with company information/data and systems. It is the responsibility of each individual to help protect company information assets. #LI-Remote #LI-LH1 Click Here to view our Applicant Privacy Notice Apply tot his job