Sr. Director of Information Security and Compliance

Salary Range: $190,000.00 - 200,000.00
Who we are:
Hi, we're SambaSafety and we offer the industry's most comprehensive driver monitoring software. Our mission is promoting safer communities by reducing risk through data insights. Companies trust SambaSafety to keep their employees safe on the roads, price and reduce risk, help protect their brand, their bottom line, and our global community.
We've built an inclusive, supportive, and exceptional culture where every employee is empowered in their role. Don't take our word for it; we've been recognized as a Top Workplace by The Denver Post, Albuquerque Journal, Sacramento Bee, and Built In Colorado. And our employees rate SambaSafety as top-notch, with a rock solid Top Rating on Glassdoor.
What You'll Do:
We are seeking an experienced Senior Director of Information Security and Compliance to lead our information security strategy and compliance programs. This key leadership role will be responsible for protecting our critical infrastructure, customer data, and ensuring adherence to regulatory requirements while enabling business growth and innovation.
Strategic Leadership

• Define the vision, strategy, and roadmap for security operations, delivering measurable progress each quarter
• Develop and implement a comprehensive information security strategy aligned with business objectives and risk tolerance
• Lead global teams of security engineers within Security Operations
• Provide mentorship, guidance, and professional development to security teams
• Serve as the primary security and compliance advisor to executive leadership and the Board of Directors
• Collaborate with cross-functional teams to ensure security is integrated into product development and business operations
• Identify and mitigate cyber risks while continuously strengthening the organization's security posture
• Foster a culture of security awareness, implementing training programs to minimize risks
• Stay ahead of emerging threats and integrate proactive security measures to minimize risk exposure
• Cloud Security
• Lead AWS cloud security strategy and implementation across the organization
• Design and implement secure AWS architecture following best practices and security frameworks
• Ensure proper configuration of AWS security services
• Develop and maintain cloud security policies, standards, and procedures specific to our AWS environment
• Implement and oversee Zero Trust architecture and data loss prevention (DLP) strategies

Security Operations

• Oversee the design, implementation, and maintenance of security controls, policies, and standards
• Direct security monitoring, incident response, and vulnerability management programs
• Develop and implement effective security controls to reduce risk
• Lead threat intelligence activities to proactively identify and mitigate emerging security risks
• Establish metrics and reporting frameworks to measure security program effectiveness
• Direct threat hunting operations to proactively identify potential compromises within the environment
• Manage relationships with MSSP to ensure effective security monitoring and response capabilities
• Oversee the implementation and operation of application security testing programs including SAST, DAST, and Attack Surface Management
• Provide regular reporting on cybersecurity risks, initiatives, and mitigation strategies to key stakeholders
• Partner with Engineering, Product, Legal, PR, and Customer Support teams to manage incidents and enhance response processes

Compliance Management

• Lead SOC 2 compliance program with proven experience successfully achieving and maintaining SOC 2 Type II attestations
• Direct GDPR compliance initiatives with thorough understanding of EU data protection requirements and implementation of appropriate technical and organizational measures
• Ensure compliance with relevant regulations and standards including SOC 2, ISO 27001, GDPR, CCPA, HITRUST, NIST, and industry-specific requirements
• Direct audit preparation and remediation activities
• Maintain relationships with external auditors and regulatory bodies
• Develop and update policies, procedures, and controls to address evolving compliance requirements
• Leverage Jira for security project management, vulnerability tracking, and remediation workflows
• Develop and enforce security policies and risk management frameworks across the organization

Risk Management

• Establish and mature the enterprise risk management framework
• Lead regular risk assessments and develop mitigation strategies
• Oversee third-party risk management program for vendors and partners
• Collaborate with legal and privacy teams on data protection initiatives
• Implement and manage Vulnerability Management as a Service (VMaaS) solutions to ensure comprehensive visibility into infrastructure vulnerabilities
• Implement and oversee vendor security assessments to mitigate third-party risks

Security Architecture

• Guide the development of security architecture that supports business capabilities while protecting critical assets
• Evaluate and select appropriate security technologies and solutions
• Ensure secure design in cloud infrastructure, applications, and DevOps practices
• Oversee identity and access management systems and strategies
• Collaborate closely with Security and Engineering teams to help prioritize critical security initiatives

Customer Trust

• Serve as a security advocate with customers and prospects
• Collaborate with sales and customer success teams on security-related inquiries
• Present security posture in customer meetings and security reviews
• Develop materials that communicate our security program to customers

Required Skills:

• Bachelor's degree in Computer Science, Information Security, or related field; Master's degree preferred
• 10+ years of experience in IT security with at least 5 years in leadership roles (director level or higher)
• 10+ years in leadership roles, managing and scaling up security teams for SecOps programs
• At least one industry certification required: CISSP, CISM, CISA, CEH, (additional certifications highly valued)
• AWS certifications strongly preferred (AWS Certified Security - Specialty, AWS Certified Solutions Architect)
• Additional certifications in cloud security (CCSP), privacy (CIPP), or governance (CGEIT) highly desirable
• Extensive hands-on AWS experience with deep knowledge of AWS security services and best practices is required
• Proven experience leading SOC 2 compliance programs, including successful completion of SOC 2 Type II audits
• Demonstrable experience implementing GDPR compliance frameworks and managing data protection impact assessments
• Demonstrated success leading security and compliance programs in SaaS/cloud environments
• Experience leading security initiatives in multi-entity organizations
• Experience implementing and maintaining security frameworks (ISO 27001, NIST)
• Track record of successfully navigating complex compliance requirements
• Proven operational experience in threat hunting and active defense methodologies
• Experience managing MSSP relationships and optimizing their effectiveness
• Hands-on experience implementing and managing application security programs including SAST, DAST, Attack Surface Management (ASM), and Vulnerability Management as a Service (VMaaS)
• Deep knowledge of cloud security, network security, endpoint security, and identity & access management (IAM)
• Hands-on experience implementing Zero Trust architecture and data loss prevention (DLP) strategies
• Proficiency in security operations, SIEM tools, incident response, and threat intelligence
• Extensive experience across the entire Incident Response (IR) lifecycle, including leading incidents and developing detection controls
• Skilled in working with and briefing executives, legal teams, and PR during security incidents
• Leadership and Management
• A hands-on technical leader who can guide both people and technical roadmaps
• Strong leadership and people management skills
• Experience in structuring and executing security programs using engineering processes, OKRs, and KPIs
• Ability to drive maturity through code and security metrics
• Exceptional leadership abilities with experience managing diverse technical teams
• Knowledge
• In-depth knowledge of SOC 2 Trust Service Criteria and audit processes
• Comprehensive understanding of GDPR requirements, including lawful basis for processing, data subject rights, and cross-border data transfer mechanisms
• Deep understanding of cloud security principles and technologies, particularly in AWS environments
• Comprehensive knowledge of security operations, architecture, and engineering
• Strong understanding of data privacy regulations and compliance frameworks
• Familiarity with modern development practices (DevOps, CI/CD) and how to secure them in cloud environments
• Business acumen and ability to align security strategy with business objectives
• Advanced knowledge of threat actor tactics, techniques, and procedures (TTPs)
• Thorough understanding of application security testing methodologies and tools

Benefits and Perks:

• Flexible and generous Paid Time Off and Paid Volunteer Days
• 401k Employer Match
• Generous Healthcare Benefits
• Up to 12 weeks paid time off for maternity leave based on tenure
• Wellness &Tuition Reimbursement
• Flexible Work Arrangements
• Lots of SambaSafety swag & SambaSafety Events

Our team of talented and committed safety professionals is exceptional. At SambaSafety we strive to foster an inclusive culture that supports, encourages and celebrates a wide array of diversity. We are committed to create a space where all employees can show up as their authentic selves every day, and we work to advance employee equality, diversity and inclusion.
SambaSafety provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, gender identity, and expression or genetics.
Come join us to find out for yourself what all the excitement is about!