Director of Security and Compliance

Director of Security and Compliance

Onit, a leader in B2B SaaS solutions, is seeking a Director of Security and Compliance to spearhead our security and compliance initiatives, focusing on maintaining and elevating standards for SOC 2 Type 1 and 2, as well as achieving ISO 27001 certification. In this strategic role, the successful candidate will develop and execute the Onit’s security strategy, policies, standards, and procedures to ensure the protection of our customers’ data and ensure Onit adheres to the highest compliance standards, developing and implementing policies and procedures across departments, and instilling a compliance-first culture within the organization. This position is suited for a proactive leader who can adeptly manage the complexities of security and compliance in the tech sector, support sales through security discussions and RFP responses, and lead a dedicated team of compliance analysts.

Responsibilities:

• Develop and implement Onit's security strategy defining and executing a comprehensive security strategy and roadmap that aligns with business objectives and ensures the confidentiality, integrity, and availability of our systems and data.

• Lead security operations, overseeing day-to-day security operations, including monitoring, incident response, vulnerability management, and threat intelligence.

• Manage security infrastructure, evaluating, implementing, and managing security technologies, tools, and solutions to enhance our security posture.

• Direct Onit's compliance program, ensuring adherence to and surpassing SOC 2 Type 1 and 2 and ISO 27001 standards.

• Work collaboratively with Product Development, IT, legal, and other departments to establish, enforce, and evaluate policies and procedures that support compliance goals.

• Execute thorough audits and risk assessments to locate potential compliance issues and develop mitigation strategies.

• Oversee the organization and management of compliance audits, including coordination with external auditors and ensuring comprehensive documentation.

• Create and facilitate employee training programs emphasizing security and compliance awareness and adherence to industry standards.

• Stay current with evolving compliance regulations and standards, advising leadership on necessary adjustments to maintain or exceed compliance.

• Act as the main point of contact for regulatory bodies, external auditors, and during security calls with sales prospects.

• Generate detailed compliance reports for senior management, highlighting progress, challenges, and achievements.

• Respond to RFPs with complete compliance information and conduct security calls with potential sales leads to demonstrate Onit's commitment to secure and compliant operations.

• Review customer contract security requirements to ensure Onit’s compliance

• Provide leadership and management to the compliance team, including a group of compliance analysts, fostering professional growth and ensuring the team’s objectives align with company goals.

Specific Requirements:

• Bachelor’s degree.

• A minimum of 7 years of experience in a senior security and compliance leadership role within the SaaS or technology sector, with at least 3 years in a leadership position.

• Deep understanding of security best practices, standards, and frameworks

• Demonstrated success in managing compliance for SOC 2 and ISO 27001 standards.

• Experience in responding to RFPs and handling security calls with sales prospects.

• Proven track record in effectively leading and developing a team of security and compliance professionals.

• Security and compliance knowledge in AWS/Cloud and with appropriate tools/services eg. Crowdstrike, Cloudflare, Vanta, etc

Recommended Skills

• Exceptional leadership and people management skills.

• Strong communication and interpersonal abilities, ensuring clear interactions at all

organizational levels.

• Detail-oriented with a deeply analytical mindset.

• Demonstrated proficiency in developing and enforcing compliance policies and

procedures.

• Integrity and a strong ethical foundation in all business conduct.

• Capable of managing multiple initiatives and adhering to deadlines in a fast-paced

environment.

• A comprehensive understanding of the SaaS business model and its inherent compliance

challenges.

• Effective in clearly articulating compliance and security protocols during sales

engagements.