Director of Security and IT

I

IQ Clarity

Director of Security and IT

Austin, TX
Full Time
Paid
  • Responsibilities

    Director of Security & IT

    As Director of Security & IT, you will own the organization’s security posture end-to-end across applications, infrastructure, and business systems. You will be the primary person responsible for maintaining a secure, compliant, and audit-ready environment in the face of traditional threats, AI-enabled adversaries, and emerging risks tied to the use of AI in both internal workflows and customer-facing platforms.

    You will partner closely with engineering and infrastructure teams to design solutions that enable speed without introducing unacceptable risk.

    This is a hands-on individual contributor role at the director level. You will define policy and implement it, run threat models, and remediate gaps. The company operates in a high-trust enterprise environment where customers and partners closely evaluate security practices. You will be directly responsible for ensuring those standards are met.

    Key Responsibilities

    • Own company-wide security and compliance across application security, infrastructure security, and IT, including full ownership of audits and compliance programs (e.g., SOC 2), with future certifications such as ISO 27001 and ISO 42001
    • Define, implement, and enforce organization-wide security policies, standards, and controls, ensuring adoption and adherence
    • Lead incident preparedness and response, including planning, tooling, and execution
    • Own software supply chain security, including dependency risk, build pipeline integrity, and third-party code provenance
    • Assess and mitigate risks introduced by AI tooling in development workflows and agentic AI systems in production
    • Oversee and operate security monitoring infrastructure (e.g., EDR, SIEM), and respond to identified threats
    • Own identity and access management, including provisioning, deprovisioning, and privileged access controls
    • Lead vendor security assessments and manage security obligations tied to customer contracts
    • Serve as a subject matter expert in customer and investor discussions related to security architecture and compliance
    • Own the penetration testing program, including coordination and remediation efforts
    • Conduct ongoing vulnerability assessments and threat modeling across applications and business systems
    • Oversee internal IT infrastructure and operations, including support across both Google and Microsoft ecosystems
    • Ensure security across applications and supporting infrastructure in partnership with engineering teams
    • Drive key security initiatives such as compliance tooling implementation, device hardening, and infrastructure improvements
    • Partner with go-to-market and leadership teams to shape external security messaging, including trust materials and documentation

    Experience

    • Proven track record owning security end-to-end at a fast-paced technology company, with hands-on execution from policy through implementation
    • Deep knowledge of security compliance frameworks including SOC 2 Type II, with experience leading audits and managing evidence lifecycle; familiarity with ISO 27001 and ISO 42001 is a plus
    • Strong threat modeling and vulnerability assessment capabilities across application and infrastructure layers, with working knowledge of frameworks such as MITRE ATT&CK, MITRE ATLAS, NIST CSF, and OWASP (including OWASP LLM Top 10)
    • Practical understanding of risks introduced by AI-assisted and autonomous development workflows, including prompt injection, data exfiltration, and uncontrolled tool usage; familiarity with NIST AI RMF is a plus
    • Hands-on experience with security tooling such as EDR, SIEM, vulnerability scanners, and secrets management systems
    • Solid IT operations background, including administration of Google Workspace and Microsoft 365, MDM, identity providers (e.g., Okta, Azure AD, Google Identity), and endpoint security
    • Experience securing cloud environments (AWS, GCP, or Azure), including IAM, network segmentation, and secrets management
    • Experience designing and managing access control across SaaS and cloud platforms
    • Working knowledge of software supply chain security, including dependency scanning and third-party risk management
    • Experience with application infrastructure (e.g., containers, Kubernetes, EKS, EC2) is a plus
    • Ability to read and write code in one or more programming languages