Director of Information Security

March 25

Apply Now

Receive Emails with Similar Jobs

Truepic

WebsiteLinkedInAll Job Openings

Truepic is a technology company that specializes in digital media authentication. It provides secure tools to verify and secure the authenticity and history of photos, videos, and audio in a digital world. Truepic's solutions include C2PA compliance, virtual inspections, and secure media workflows, which enhance transparency and reduce fraud across various sectors such as insurance, finance, and construction. Its technology ensures digital content authenticity from the moment it's captured or created, supporting organizations in maintaining trust in their media content.

Media Authentication • Media Provenance • Photo Authentication • Video Authentication • Photo Provenance

51 - 200 employees

🔐 Security

🏢 Enterprise

💰 $26M Series B on 2021-09

📋 Description

• Remote in the US • We’re looking for a talented Director of Information Security to lead our security, privacy, and compliance efforts. In this role, you’ll be responsible for protecting our company, customers, and data by managing risk, strengthening IT security operations, and ensuring we stay compliant with industry regulations. You’ll work closely with engineering, product, and IT teams to integrate security into everything we build, oversee security audits, and keep our systems and devices secure. You’ll also be the go-to person for external auditors, regulators, and customers when it comes to security. To succeed, you’ll need a strong technical background, sharp risk assessment skills, and the ability to balance hands-on security operations with big-picture strategy. If you’re a proactive, security-minded leader who enjoys collaborating across teams and championing best practices, we’d love to hear from you! • Responsibilities: • Develop, implement, and oversee the company’s information security, privacy, and compliance programs to protect the business, our customers, and their data while ensuring regulatory compliance. • Continuously assess and collaborate across teams to improve security policies, procedures, and controls, keeping us aligned with SOC 2 Type II, ISO 27001, CPRA, and GDPR requirements. • Lead risk management efforts by identifying, evaluating, and mitigating security threats and vulnerabilities across the organization. • Handle client and vendor security questionnaires, ensuring we meet all contractual security commitments. • Work closely with engineering and product teams to embed security best practices into the software development lifecycle and infrastructure decisions. • Ensure security is a key consideration in the evaluation, selection, and configuration of applications and software. • Manage security audits, penetration tests, and compliance assessments, driving timely remediation of any findings. • Act as the primary point of contact for external auditors, regulators, and customers on security and compliance matters. • Oversee endpoint security, device management, and IT asset lifecycle management to keep employee systems secure and compliant. • Support IT operations, including access management, identity and authentication systems, and troubleshooting security-related IT issues. • Lead security awareness initiatives, educating employees through training programs and internal communications, proactively building awareness around "the why" for established protocol. • Oversee incident response and disaster recovery planning, ensuring fast and effective handling of security breaches.Stay ahead of emerging threats, regulatory updates, and industry best practices, adapting our security strategy as needed. • Define metrics and reporting processes to track the effectiveness of security, IT support, and compliance initiatives for leadership and stakeholders. • Lead and grow the information security team, ensuring the department supports the company’s vision and evolving business needs.

🎯 Requirements

• 8+ years of experience in information security, with at least 3+ years in a leadership or management role. • Proven track record of developing and leading security teams and programs in a SaaS or technology-driven environment. • Strong leadership, communication, and stakeholder management skills to work cross-functionally with engineering, product, legal, operations, and executive teams. • Deep understanding of security frameworks, regulations, and standards such as SOC 2 Type II, ISO 27001, CPRA, and GDPR. • Direct experience managing security audits, penetration tests, and compliance assessments, with the ability to drive remediation efforts. • Hands-on experience with risk management, including identifying, evaluating, and mitigating security threats and vulnerabilities. • Familiarity with application security - including mobile, web, and integrated technologies, secure software development (DevSecOps), and cloud security best practices. • Experience evaluating and configuring security tools, including endpoint security, identity and access management (IAM), and security monitoring solutions. • Strong understanding of network security, encryption, authentication, and security controls in SaaS environments. • Experience handling client and vendor security questionnaires and ensuring contractual security commitments are met. • Ability to oversee security incident response, disaster recovery, and business continuity planning. • Familiarity with IT security operations, including access management, device security, and troubleshooting security-related IT issues. • Experience developing security awareness programs and training employees on security best practices.