Director Information Security

Reporting to the Chief Information Officer, the Senior Manager of Information Security serves as the organization’s key cybersecurity authority, responsible for establishing, managing, and continually enhancing a robust, enterprise-wide information security and data privacy program. This role provides strategic direction, ensures regulatory compliance, leads incident response efforts, and fosters a strong security culture across the enterprise. The role also governs relationships with third-party vendors and managed security partners and drives business-aligned risk management and resiliency efforts. **This role will require out of hours work at short notice for potentially extended periods of time if the need arises.

Collaborates With: MSP/MDR, IT Operations, HR, Legal, Compliance, Business Units

• Evaluate and implement advanced security solutions (e.g., DLP, SASE, CASB, PAM, CSPM, LAPS) to enhance the organization's risk posture.
• Lead and enhance the Security Awareness Training (SAT) program (e.g., KnowBe4), including phishing simulations and compliance reporting.
• Implement third-party vendor risk management program, including onboarding security reviews and continuous monitoring.
• Lead incident response efforts, exercises, and investigations in collaboration with the MSP/MDR Security Operations Center (SOC).
• Monitor and ensure compliance with data privacy and cybersecurity regulations, participating in audits, litigation holds, and access reviews.
• Define and enforce technical security standards, including secure configuration baselines and secure coding guidelines.
• Lead enforcement and tuning of core security platforms, including EDR (e.g., SentinelOne), SIEM (e.g., Rapid7 MTC), and the secure email gateway (e.g., Checkpoint Harmony).
• Advocate for a security-first culture across IT and business teams through ongoing engagement, communication, and training.
• Establish and manage key performance indicators (KPIs) and dashboards to measure program effectiveness and foster continuous improvement.
• Develop, implement, and maintain the organization's information security and data privacy strategy, policies, and governance framework, aligning with frameworks such as NIST CSF 2.0 and CIS Controls.
• Implement controls and tracking mechanisms for compliance with frameworks like NIST, ISO, and Privacy Laws like PRA/CCPA (California), and CPA (Colorado) to name a few, and sector-specific mandates.
• Serve as a trusted advisor to leadership on cyber risk, compliance obligations (e.g., PCI, CJIS), and emerging threats.
• Coordinate real-time monitoring, triage, and response to security alerts and vulnerabilities.
• Drive remediation campaigns based on audit findings or security control gaps identified.
• Develop and communicate a strategic vision for the security program that balances business enablement with risk mitigation.
• Conduct and oversee regular security and risk assessments of infrastructure, applications, and new technologies.
• Work for an industry leader in pavement marking that puts the safety of their employees at the highest priority.
• Monitor and oversee the organization’s Disaster Recovery (DR) and Business Continuity Plans (BCP), ensuring readiness through regular testing.
• Collaborate with other IT teams to secure infrastructure, cloud services, and applications through defense-in-depth strategies.
• Own oversight for external access controls, firewall policy governance, DNS protection, DMARC/SPF, and log management.

Endpoint Detection

SentinelOne (S1)

Rapid7 MTC (IDR, IVM) – MDR Provider

MSP – Log Source Management

DNS, SPF, DMARC

In our time of growth, we are currently looking to add a Director of Information Security to our Denver HQ team. This is an on-site position in our downtown Denver headquarters. We are not considering relocation for out of state candidates or candidates who are not in metro Denver.

• A well-established, compliant, and auditable information security program.
• Communication Skills: Strong ability to articulate security concepts to non-technical stakeholders and executive leadership.
• Leadership: Experience managing cross-functional teams and vendor relationships, including MDR governance and performance measurement.
• Certifications: CISSP, CISM, or equivalent strongly preferred.
• Experience: 8+ years in information security leadership roles, with expertise in managing enterprise-wide programs in federated, M&A, or regulated environments.
• Business Acumen: Ability to balance cybersecurity strategy with business growth goals, using risk-based prioritization.
• Technical Proficiency: Deep knowledge of risk management, security technologies, and compliance frameworks (NIST, CIS, ISO).
• Education: Bachelor’s degree in Information Security, Computer Science, or related field (Master’s preferred).

Pay Range Commensurate With Experience: $180-210K

COMPETITIVE PAY/BENEFITS PACKAGE

Checkpoint Harmony SEG

• Excellent medical, dental, vision, life insurance and 401(k) benefits including a company match
• Pay range will be commensurate with knowledge/skills/abilities but should fall in the range of $180K-210K.
• A measurable reduction in organizational cyber risk through improved controls and visibility.