Director, Information Security

Position Purpose and Impact

The Director of Information Security is responsible for building and leading our global information security program. Reporting to the SVP of Technology Operations, this leader will manage the Security Analyst, Senior Security Cloud Network Engineer, and Senior Security System & Network Engineer roles.

This role offers significant influence in shaping our security strategy and close partnership with the executive team.  It requires a hands-on executive technical leader who can both set strategic direction and dive deep into incident response, cloud security, and network defense. The Director will mature our monitoring, threat response, and compliance posture while partnering closely with Technology, Product, and Engineering teams.
 

The Ideal Candidate

You are an accomplished Information Security leader who delivers operational resilience while driving architectural modernization. You bring strong intellectual horsepower and are a strategic thinker who can connect the dots across threat landscapes, business processes, and technical controls to see both the enterprise risk posture and the critical details. Your natural curiosity pushes you to ask the right questions, hunt for root causes, and discover more secure, efficient ways of operating.

You excel at assessing and developing talent, making decisive changes when needed, and building high-performing defense teams. You understand the tools that power modern security ecosystems—from SIEM/SOAR and cloud-native security (AWS) to network defense and identity management—and how to integrate them for a unified security fabric. You stay ahead of evolving threat intelligence and emerging defensive paradigms, including zero-trust architecture, and have led successful security transformations without impeding business velocity.
You balance respect for existing systems with the urgency to close vulnerability gaps, retaining critical institutional knowledge while raising the bar on compliance and security maturity. You thrive where operational excellence and rapid remediation must happen in parallel, and you communicate with clarity and credibility from technical war rooms to the boardroom.
You are comfortable operating with high autonomy in an ambiguous environment, defining your own path forward when runbooks don’t exist, and making high-stakes decisions with incomplete information.

Key Responsibilities

Security Strategy & Leadership

• Develop and execute Aspira’s enterprise information security strategy, aligned with business goals and regulatory requirements
• Develop and execute Aspira’s information security roadmap, aligned with Tech Ops goals and enterprise strategy
• Lead the design and enforcement of security standards across AWS and Azure integrations within the US and abroad
• Provide security risk reporting and metrics to VP Tech Ops and executive leadership
• Manage and mentor the security team (Analyst, Sr. Cloud Security Engineer, Sr. Network Security Engineer)
• Represent security within Aspira’s Technology Operations leadership team
• Establish KPIs and metrics for security maturity, resilience, and incident response performance

Cloud & Network Security Oversight

• Oversee cloud security architecture for AWS-native services (VPCs, Transit Gateway, Direct Connect, GuardDuty, WAF, Network Firewall)
• Direct firewall and VPN management across Palo Alto (Panorama), Cisco Meraki, and hybrid environments
• Ensure secure hybrid connectivity across AWS, Azure, and global office sites
• Champion zero-trust principles across endpoints, applications, and networks

Security Operations & Incident Response

• Lead the monitoring and incident response program, integrating AWS CloudWatch, CloudTrail, Security Hub with Rapid7, LogRhythm, and log monitoring pipelines
• Define incident response playbooks and coordinate Tier 2/3 escalations
• Oversee forensic investigations, root cause analysis, and lessons learned after security events
• Partner with IT Ops and DevOps to ensure timely remediation of vulnerabilities

Governance, Risk & Compliance

• Ensure compliance with NIST, PCI DSS, CIS Benchmarks, SOC2, and insurer-driven security baselines (e.g., MFA enforcement)
• Drive risk assessments, security audits, and penetration testing
• Own responses to customer/vendor security reviews, insurer security questionnaires, and regulatory audits
• Maintain documentation for policies, controls, and audit reporting
• Define and measure security KPIs, including Mean Time to Respond (MTTR) for incidents, percentage of assets onboarded into SIEM monitoring, and SLA compliance for vulnerability patching

Automation & Continuous Improvement

• Lead automation of security operations using Terraform, Ansible, and CloudFormation
• Implement CI/CD security integrations to support DevSecOps practices
• Track KPIs for detection coverage, incident response times, and vulnerability remediation
• Partner with DevOps and engineering to embed DevSecOps practices in the software lifecycle
• Optimize SIEM and log ingestion pipelines to achieve full visibility across servers, endpoints, and laptops

 

Qualifications

• Experience: 8+ years in IT and security, including senior leadership in cloud and network security
• Cloud Security: Expertise in AWS security services (VPCs, Security Hub, Guard Duty, WAF, etc.) and securing AWS-first environments
• Network & Systems: Expertise in SIEM platforms (Rapid7/LogRhythm), Palo Alto/Meraki firewalls, and hybrid global connectivity
• Operations: Strong background in incident response, log analysis, and forensic investigation
• Compliance: Deep understanding of security frameworks and compliance standards (NIST, PCI DSS, SOC2, CIS); ideally including governmental standards like GovRAMP and FedRAMP
• Automation: Hands-on automation/scripting experience with Terraform, Ansible, Python, or PowerShell
• Certifications: Strongly preferred: CISSP, CISM, AWS Security Specialty, PCNSE, CCNP Security