Director, Information Security & Compliance

Conductor is a leading Website Optimization & Intelligence platform. Today’s top brands use Conductor to create and optimize digital experiences that get found organically in search engines and drive value for customers. The platform provides actionable SEO, content, and technical website intelligence paired with real-time website monitoring to help customers accelerate—and protect—digital growth.

Conductor is a mission-driven company with a commitment to innovation, customer success, and culture. For Conductor, success is improving the lives of all the people in our orbit—our customers, our customers' customers, our employee-owners, and our communities.

We are looking for a Director, Information Security to join our team at Conductor reporting to our Chief Financial Officer. You will lead the information security function across the company to ensure consistent and high-quality information security management in support of our business goals.   The successful candidate will be focused on creating the Security and Compliance Roadmap, being the security point person for our technology teams, compliance, security inquiries, as well as continuing to develop and maintain our automated security tests in our CICD processes.

What You'll Do

• Develops, implements, and executes a holistic information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy, and recovery of information
• Directly manage a small remote team of security engineers including management of your team’s projects and backlog
• Own and Develop the Information Security and Compliance Roadmap to Drive Infosec Automation and Security Maturity best practices (incl, Red Team/Blue Team Strategies)
• Participate in design reviews with product management and feature teams discussions to enhance security best practices during development.
• Collaborate with our technology teams to identify business-critical systems and remediate vulnerabilities 
• Provide strategic guidance and direction on compliance initiatives, ensuring adherence to relevant regulations such as CCPA, GDPR, FDA guidelines, and other global data protection laws.
• Develops and oversees effective disaster recovery policies and standards to align with the enterprise business continuity management (BCM) program goals, 
• Own technical security questionnaires, security policy reviews, configuration standards, third-party audits, Security process automation and tooling.  Represent the Company in discussions with stakeholders on matters related to information security and compliance.
• Deploy and analyze security-related tools and metrics (e.g. intrusion detection, log management, encryption, endpoint protection).
• Lead incident response and management activities to promptly detect, contain, and mitigate cybersecurity incidents, minimizing the impact on operations and preserving stakeholder trust.
• Lead all activities required by internal and external audit schedules
• Consistently ensure that business is conducted with integrity at all times and that behavior aligns with Conductor's policies, procedures, and values.

Who you are

• You have a minimum of 7 years of experience working in Security Engineering and SecOps with at least 2 years leading a security engineering team in a SAAS and modern cloud environment. 
• Certification in one or more of the following:  Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other similar credentials is preferred.
• At least 2 years working with 3rd party vendors in leading Security Audits and ISO 27001 Certification renewals
• Strong hands-on experience across cybersecurity domains, such as network security, endpoint security, cloud security, identity and access management, threat intelligence, etc.
• Experience working in agile environments, and you value collaboration, feedback and look to continually improve yourself and your work.
• Demonstrated ability to establish and maintain effective relationships with employees, partners, and vendors.
• Excellent communication skills, capable of engaging technical and non-technical audiences.
• Deep knowledge of SIEM, Vulnerability Management, Penetration Testing, IAM, IDS/IPS, advanced encryption at rest techniques, and other security protocols.
• Strong analytical and problem-solving skills, with an aptitude for identifying and mitigating risks proactively.
• Experience dealing with external entities like auditors and customer
• Significant Experience with Amazon Web Services
• Experience with modern virtualization technologies (Docker, Kubernetes, etc.)
• Hands on Working knowledge and understanding of Intrusion Detection Systems (IDS), Security Information and Event Management (SIEM), and Open Web Application Security Project (OWASP)
• Expertise of current cyber security standards/frameworks; ISO 27001, GDPR, SOC, NIST
• Exposure to security disciplines and in-depth exposure to Incident Response or Detection Engineering.
• Ability to manage vendor/supplier relationships, including contract negotiation, ongoing maintenance & support, and problem-resolution

Conductor's R&D organization is currently operating in a hybrid manner with the team working minimally two days in our NYC HQ office (Monday and Thursday) with work from anywhere the other three days) 

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Compensation: Conductor maintains competitive, performance-based compensation programs. 

The NYC base salary range for this role is currently $150,000 - 190,0000.  Actual base salary offered may vary within this range based on  education, knowledge, skills, abilities, relevant experience, internal equity, and geographic location, among other factors. The actual compensation, if offered a position, will be based on these factors.

Variable compensation: In addition to the base salary, this role is also eligible for an annual Corporate Bonus of 20% tied to company and individual performance.

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Conductor LLC is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. Bringing in diverse perspectives and challenging our assumptions is the clear key to growth; it drives innovation, creativity, faster problem-solving, and stronger decision making. All aspects of employment including the decision to hire, promote, train, discipline, or discharge, will be based on merit, competence, performance, and business needs. 

Conductor does not discriminate against any employee or applicant on the basis of race, color, ancestry, national origin, religion or religious creed, mental or physical disability, medical condition, genetic information, sex (including pregnancy, childbirth, and related medical conditions), sexual orientation, gender identity, gender expression, age, marital status, military or veteran status, or other characteristics protected by state or federal law or local ordinance.  In addition, it is the policy of Conductor to provide reasonable accommodation to qualified employees who have protected disabilities to the extent required by applicable laws, regulations and ordinances where a particular employee works.

https://www.conductor.com/legal/warning-fraudulent-job-offers-recruiting-scams/