ARCHIVED
This job listing has been archived and is no longer accepting applications.
MisuJob - AI Job Search Platform MisuJob
Login Sign Up

Director of Information and Data Security

Confidential

Santa Clara, California Hybrid permanent

Posted: January 30, 2026

Interested in this position?

Create a free account to apply with AI-powered matching

Register to Apply

Required Skills

IT Cyber Security IT and Infrastructure Security Endpoint Management Asset Inventory Identity and Access Management Security Standards Device Hardening Patch Management Secure Configuration Budget Management Security Tool Management

Job Description

Role Purpose
The Director of Information and Data Security will establish and lead Eltropy’s IT and
Cybersecurity function, responsible for developing foundational systems, processes, and
governance across infrastructure, data protection, and compliance. This leader will drive
security maturity across the organization, balancing hands-on execution with long-term
strategic planning, and partnering with external GRC consultants to build a scalable security
and compliance framework aligned with industry standards (e.g., SOC 2, ISO 27001).

Key Responsibilities
IT and Infrastructure Security

Oversee endpoint management, asset inventory, and identity and access management
(IAM).

Establish standards for device hardening, patch management, and secure configuration.

Define and manage the budget for all security and IT tools, services, and human capital,
ensuring cost-effectiveness and alignment with the overall security roadmap.

Implement centralized visibility and control across systems and SaaS applications.

Cybersecurity and Data Protection

Lead threat detection, vulnerability management, and incident response operations.

Implement and maintain a Cloud Security Posture Management (CSPM) solution to
monitor cloud infrastructure (AWS/Azure) for misconfigurations and compliance issues.

Deploy and tune SIEM/XDR solutions to enhance visibility and threat detection across
environments.

Conduct regular penetration testing, track remediation, and drive security awareness
programs.

Define and enforce data protection policies covering classification, encryption, and
retention.

Governance, Risk, and Compliance (in partnership with GRC Consultant)

Partner with external GRC consultants to design and operationalize Eltropy’s information
security and compliance framework.

Translate consultant-driven recommendations into actionable internal controls, policies,
and monitoring mechanisms.

Manage the Third-Party Risk Management (TPRM) program, including vendor due
diligence, security questionnaires, and ongoing risk monitoring.

Maintain a centralized risk register and oversee remediation tracking.

Own operational compliance for frameworks such as SOC 2, ISO 27001, and GDPR.

Security Architecture and Product Collaboration

Work closely with Engineering and Product teams to embed security-by-design principles
in SaaS architecture and cloud deployments.

Implement automated security testing (SAST/DAST) within the CI/CD pipeline to shift
security left and reduce vulnerabilities early in the development lifecycle.

Review architecture and third-party integrations to ensure alignment with data security
and privacy standards.

Incident Management and Business Continuity

Establish and operationalize the company’s Incident Response Plan (IRP) and Business
Continuity/Disaster Recovery (BCP/DR) framework.

Conduct tabletop exercises and post-incident reviews to enhance preparedness and
learning.

Security Awareness and Culture

Develop and implement a company-wide security awareness program.

Partner with HR and Operations to ensure onboarding/offboarding includes security
compliance and periodic training.

Foster a security-first culture emphasizing accountability and vigilance across teams.

Leadership and Department Setup

Build and lead a high-performing IT and Security team, including IT administrators and
cybersecurity engineers.

Define structure, roles, and hiring priorities aligned with the company’s growth stage.

Create a phased roadmap for security maturity, including technology adoption and process optimization.

Key Performance Indicators (KPIs)

Security Tool Coverage: Achieve at least X% deployment and agent coverage across all
corporate and cloud assets within the first 6 months.

Vulnerability Remediation: Maintain average time-to-remediate critical and high
vulnerabilities below X days.

Compliance Milestones: Achieve SOC 2 / ISO 27001 readiness within agreed timelines.

Asset Visibility: 100% endpoint and asset inventory completeness.

Incident Management: Reduction in mean time to detect (MTTD) and mean time to
respond (MTTR) for incidents.

Team Ramp; Process Setup: Completion of key hires and operational processes within the first
year.

Requirements

Independent, self-starter with strong ownership and execution bias.

Ability to prioritize and execute in a resource-constrained, fast-paced SaaS environment.

Strategic thinker with operational depth; able to balance long-term maturity goals with
immediate risk mitigation.

Excellent communication skills with the ability to influence and align cross-functional
stakeholders.

Proven experience setting up IT or cybersecurity programs in a SaaS or technology
environment.

Strong understanding of endpoint protection, cloud infrastructure security (AWS/Azure),
IAM, and network security.

Experience with SIEM and/or XDR deployment and tuning for threat detection and
monitoring.

Familiarity with CSPM, SAST/DAST, and vulnerability management tools.

Knowledge of GRC frameworks (SOC 2, ISO 27001) and translating them into practical,
auditable controls.

Reporting to: VP of Operations
Level: Senior Leadership

Direct Reports:
- IT Team
- Cybersecurity Engineer(s)

Why Apply Through MisuJob?

AI-Powered Job Matching: MisuJob uses advanced artificial intelligence to analyze your skills, experience, and career goals. Our matching algorithm compares your profile against thousands of job requirements to find positions where you have the highest chance of success. This saves you hours of manual job searching and ensures you only see relevant opportunities.

One-Click Applications: Once you create your profile, applying to jobs is effortless. Your resume and cover letter are automatically tailored to highlight the most relevant experience for each position. You can apply to multiple jobs in minutes, not hours.

Career Intelligence: Beyond job matching, MisuJob provides valuable career insights. See how your skills compare to market demands, identify skill gaps to address, and understand salary benchmarks for your experience level. Make data-driven decisions about your career path.

Frequently Asked Questions

How do I apply for this position?

Click the "Register to Apply" button above to create a free MisuJob account. Once registered, you can apply with one click and track your application status in your dashboard.

Is MisuJob free for job seekers?

Yes, MisuJob is completely free for job seekers. Create your profile, get matched with jobs, and apply without any cost. We help you find your dream job without any hidden fees.

How does AI matching work?

Our AI analyzes your resume, skills, and experience to understand your professional profile. It then compares this against job requirements using natural language processing to calculate a match percentage. Higher matches mean better fit for the role.

Can I apply to jobs in other countries?

Absolutely. MisuJob features jobs from companies worldwide, including remote positions. Filter by location or look for remote opportunities to find jobs that match your preferences.

Ready to Apply?

Join thousands of job seekers using MisuJob's AI to find and apply to their dream jobs automatically.

Create Free Account Sign In
← Browse all jobs
Register to Apply