Director, Security - Sanctum

About Sanctum
We’re not here to “improve” managed IT.
We’re here to replace it.

Sanctum is a new Infinity Constellation venture building the world’s first Agentic MSP — where AI systems and humans work side-by-side to deliver IT that’s faster, smarter, and self-healing. We combine automation, intelligent agents, and human expertise to turn support into strategy and chaos into control.

This is a founding-stage role. You’ll be the first security leader shaping how AI-driven infrastructure stays trustworthy, compliant, and resilient — before a single breach, audit, or client question ever lands.

If you like coloring inside the lines, this isn’t for you.
If you want to write the rules for how security works in the AI era — keep reading.

The Role
We’re looking for a Director of Security who knows that good security isn’t about saying “no.”
It’s about building systems that move fast and stay safe.
You’ll design Sanctum's entire security program — from SOC 2 and ISO frameworks to incident response and client-facing trust ops — while getting your hands dirty automating controls, closing gaps, and scaling best practices across multiple companies.

You’ll:
• Build Sanctum’s first security framework from scratch.
• Launch certifications and compliance programs that actually mean something.
• Partner with engineers to bake security into every system, not bolt it on.
• Lead client security reviews, fix real issues, and make security a sales advantage.
• Set the culture for how humans and AI stay in sync without breaking things.

This is part strategist, part operator, part firefighter. And you’ll love all three.

Your Mission

1. Build the Foundations
• Create policies, standards, and controls that don’t read like government paperwork.
• Stand up Sanctum’s SOC 2, ISO 27001, HIPAA, and GDPR compliance programs.
• Keep a live, airtight library of everything clients, auditors, and partners need to see — before they even ask.
• Turn “security reviews” into a flex, not a fire drill.

2. Manage Risk Without Slowing Anyone Down
• Design and run a lightweight GRC program that scales across multiple portfolio companies.
• Define data classification, retention, and destruction policies that make sense.
• Run third-party risk reviews, access audits, and incident simulations that actually improve resilience — not just check boxes.

3. Get in the Trenches
• Partner with engineers and ops teams to secure infrastructure, identity, and access.
• Help design secure-by-default deployment patterns for cloud (AWS/GCP).
• Jump into client/vendor reviews — and walk out with security as a differentiator, not a delay.
• Automate everything you can, document what you can’t.

4. Be the Calm During Chaos
• Build the incident response framework nobody hopes to use but everyone trusts.
• Run tabletop exercises, pen tests, and coordinated remediation like clockwork.
• Own continuity and disaster recovery planning that actually works under pressure.

5. Lead the Culture Shift
• Build a company-wide “secure by default” mindset.
• Train people without boring them.
• Be the voice of reason when risk and innovation collide.
• Make security something everyone’s proud to talk about — not scared of.

Who You Are
• You’ve built security programs before — and broken a few to make them better.
• You’ve led SOC 2, ISO, or HIPAA certifications that didn’t take a year and your soul.
• You can jump between boardrooms, bash shells, and browser consoles without getting lost.
• You’re fluent in cloud (AWS/GCP), IAM, encryption, and modern SDLC security.
• You’ve fought through client security reviews and turned them into wins.
• You’re allergic to bureaucracy and obsessed with momentum.
• You know when to say “no,” but more importantly, how to say “yes, safely.”

Location & Schedule
This is a remote, global role, but you’ll work primarily on New York (EST) hours.
We don’t care where you live — just that you can think fast, write clearly, and deliver results.

What Success Looks Like

First 90 Days
• Sanctum has a functioning security framework and clear risk map.
• Client sales teams have polished, ready-to-send security documentation.
• You’ve earned trust as the person who fixes issues, not just flags them.

By 12 Months
• SOC 2 Type II or equivalent certification complete.
• Centralized “security deal room” live for all client/vendor reviews.
• No material findings in client audits.
• Security is recognized across Infinity Constellation as a competitive weapon.

Why You’ll Love It Here
• You’ll be protecting systems that think, not just servers that run.
• You’ll set the standard for how AI-first companies handle trust and risk.
• You’ll build a security culture that’s as fast as our tech — and twice as smart.

We move fast. We build real. We secure what matters.

If you’ve ever wanted to make security cool again — this is your shot.