Security and Compliance Director

Director of Security (Acting CISO / Head of Security)

Department : Security

Reports to : SVP Engineering

Role Overview

We are seeking a Director of Security (Acting CISO) to serve as the company’s top security leader, responsible for defining, implementing, and continuously improving our security, compliance, and risk management programs. This role blends executive-level responsibility with hands-on operational leadership, ideal for a high-calibre leader who can both set strategy and drive execution.

You will own the company’s end-to-end security posture—spanning SecOps, AppSec, Governance, Compliance, Privacy, and Enterprise Risk—ensuring our systems, products, and operations meet the highest standards of security and trust.

Key Responsibilities

Strategic Security Leadership

Establish and own the company-wide security vision, strategy, and multi-year roadmap .

Engage directly with the executive leadership team to define risk tolerance, priorities, and investment needs.

Present security posture, risks, and major initiatives to the Senior leadership and key external stakeholders .

Develop the security organizational structure (team, roles, processes) as the company scales.

Security Operations (SecOps)

Oversee detection and response programs, including SIEM, EDR, alerting pipelines, runbooks, and incident command.

Lead incident response for major security events, including communications, containment, root cause analysis, and long-term remediation.

Own vulnerability management across cloud infrastructure, endpoints, and applications.

Partner closely with SRE / CloudOps to maintain secure configurations, patching SLAs, and infrastructure hardening standards.

Application Security (AppSec)

Define and drive a secure SDLC , including code scanning, dependency management, CI / CD checks, and architecture reviews.

Build and maintain a threat modeling program.

Partner with Engineering leadership to integrate security automation and secure coding practices throughout the development lifecycle.

Oversee internal and external penetration testing efforts.

Governance, Risk & Compliance (GRC)

Own all security governance and policy lifecycle management.

Lead the enterprise risk management program, including risk assessments, mitigation plans, and risk acceptance workflows.

Manage compliance programs such as SOC 2, ISO 27001, HIPAA, PCI , and customer security assessments.

Collaborate with Legal and Privacy teams to ensure alignment on data protection obligations and regulatory requirements.

Business Enablement & External Leadership

Serve as the company’s primary security spokesperson for customers, partners, and prospects.

Participate in large customer security reviews, RFPs, and enterprise onboarding processes.

Support commercial teams by articulating security posture, controls, and trust initiatives.

Maintain relationships with auditors, assessors, and relevant security communities.

Team Leadership & Execution

Build and lead a growing team across SecOps, AppSec, and GRC.

Mentor and develop talent, fostering a culture of accountability, continuous improvement, and technical excellence.

Establish KPIs and metrics to measure maturity, performance, and risk reduction.

Manage the security budget, vendor portfolio, and technology selection.

Qualifications

10–15+ years of progressive experience in cybersecurity, with at least 5+ years in a security leadership role.

Proven experience owning both operational and strategic security functions in a cloud / SaaS environment.

Strong technical background across cloud security, application security, threat detection, and modern security tooling.

Demonstrated experience achieving and maintaining compliance frameworks (SOC 2, ISO, PCI, HIPAA, etc.).

Exceptional communication skills with the ability to influence executives, collaborate across departments, and articulate complex security topics clearly.

Experience presenting security posture and risk to senior leadership and / or a board.

Industry certifications (e.G., CISSP, CISM, CCSP) are advantageous but not required.

Interested candidates, please send their resumes to iqbal.kaur@birdeye.com

Regards

Iqbal Kaur