Director of Security/GRC

Responsibilities

• Own, build, and scale the team and systems for Censys’ corporate security infrastructure
• Own company security needs from endpoint provisioning to deploying tools that improve overall security posture while keeping things simple for all employees
• Manage the Security team; delegate day-to-day workloads and ensure coverage of critical functions during PTO to maintain a high SLA
• Own the complete endpoint lifecycle including provisioning, application deployment, security controls, and asset retirement
• Work closely with internal teams to enforce compliance across endpoints and help users understand how security policies impact their daily work
• Manage and secure cloud environments and coordinate security configuration of software and tools
• Develop and deliver Security Awareness Training to internal users
• Collect and create documentation for security processes and build out a knowledge base for the team
• Design, implement, and manage the company’s Data Loss Prevention (DLP) program, including policies, tooling, and enforcement across endpoints, cloud, and email
• Own and operate the insider threat program, including behavioral monitoring, investigation workflows, and coordination with Legal, HR, and senior leadership as required
• Partner with engineering and infrastructure teams to ensure security telemetry and logging coverage meets both operational and compliance requirements
• Lead the development and implementation of Censys’ compliance strategy to achieve and maintain compliance with ISO 27001, SOC 2 Type 2, UK NCSC Cyber Essentials+, and CMMC, in partnership with the Security and Operations teams
• Develop, review, and update organizational policies and procedures to align with compliance and governance requirements
• Oversee timely responses to security questionnaires and other sales requests relating to organizational and product security and privacy
• Validate and respond to inbound legal process as required by federal law
• Assist in the procurement process to review proposed purchases for security and privacy concerns
• Manage control and process libraries
• Conduct ongoing risk assessments

Qualifications

• 10+ years of progressive experience in cybersecurity, with at least 3 years in a senior leadership or Director-level role
• Demonstrated experience owning and operating enterprise security programs including DLP, insider threat, and detection and response
• Deep familiarity with compliance frameworks including ISO 27001, SOC 2 Type 2, CMMC, NIST, and GDPR
• Experience building and managing security telemetry, SIEM, and detection engineering programs
• Strong understanding of cloud security (AWS, GCP, or Azure), endpoint security, and identity and access management
• Proven ability to lead, mentor, and grow a high-performing security team
• Excellent written and verbal communication skills, with the ability to convey complex security concepts to executive leadership, legal, and non-technical stakeholders
• Experience managing security incident response, including coordination across Legal, HR, and executive leadership
• Background in security program development within a high-growth or scale-up environment

Compensation

• High cost of living areas (Seattle, San Francisco Bay Area, NYC Metro): $206,000 - $237,000 plus bonus and equity
• All other US locations: $180,000 - $220,000 plus bonus and equity
• Benefits include 401k match, health, vision, dental (effective day one)