Director, Information Security - IFS Copperleaf

IFS

$120K — $150K *
Information Technology
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's in Cybersecurity, Computer Science, Information Systems, or related field (Master's or MBA preferred)
  • 10+ years in information security with 5+ years in leadership roles
  • CISSP strongly preferred; other security certifications are assets
  • Experience with enterprise security in diverse deployment models (SaaS, cloud, on-premises)
  • Proven track record in compliance programs including SOC 2 and ISO 27001
  • In-depth understanding of international data protection frameworks (GDPR, CCPA)
  • Experience in securing AI/ML products and establishing AI governance
  • Strong prioritization and communication skills

Responsibilities

  • Develop a measurable, business-aligned security strategy across technology and data
  • Own and manage the security risk register and compliance with frameworks
  • Direct security operations and incident response protocols
  • Embed security in product development and cloud practices
  • Act as the primary contact for customer security inquiries and partnerships
  • Lead team building, coaching, and development initiatives
  • Develop and monitor annual security plans and KPI reports

Benefits

  • Flexible paid time off including sick and holiday
  • Medical, dental, and vision insurance
  • Tuition assistance programs
  • Life insurance and disability benefits
  • Community involvement and volunteering opportunities
  • Hybrid work options to support diverse needs
  • Innovative and inclusive workplace culture
Full Job Description
Job Description

About the Role

We're looking for a Director of Information Security to join our Technology Experience (TX) team and take ownership of the full information security lifecycle. Reporting to the SVP of Finance & Enterprise Solutions, you'll be a key member of our leadership team, setting the strategy and standards that protect our people, products, and customers.

This is a true people-leadership role, giving you the opportunity to build, mentor, and inspire a talented security organization. Your remit spans five critical domains: Governance, Risk & Compliance (GRC); Product & Application Security; Security Operations & Threat Management; Cloud & Infrastructure Security; and Trust & Customer Assurance.

What You'll Own

Security Strategy & Governance - Build a measurable, business-aligned security strategy across technology, networks, data, applications, cloud, and the secure use of AI.
  • Develop and maintain an enterprise security strategy aligned to business objectives and Copperleaf's Industrial-AI product context
  • Set security standards, policies, roles, and responsibilities based on industry-leading frameworks
  • Embed early-stage, "shift-left" security across delivery teams through a clear engagement model
  • Drive an operating model that enables fast, focused decisions without unnecessary complexity

Risk, Compliance & Privacy - Own enterprise security risk and the control framework.
  • Own the security risk register and the enterprise risk-assessment and treatment process, tracking mitigation to closure
  • Run the SOC 2 and ISO 27001 programs end to end, maintaining certification and regulatory readiness (GDPR, CCPA, PIPEDA)
  • Own security and data-protection controls; partner with Legal and the DPO to embed privacy-by-design into the product lifecycle
  • Co-develop practical AI and privacy governance with Product, IT, Legal, and the Head of AI

Security Operations & Resilience - Direct detection, response, and continuity so the organization can prevent, withstand, and recover from attacks.
  • Direct security operations across detection, monitoring, and response using SIEM, EDR, IAM, and related tooling
  • Lead incident response end to end-from containment and eradication through recovery and post-incident improvement
  • Oversee vulnerability management, threat intelligence, and proactive testing
  • Own business continuity and disaster-recovery planning for security-impacting events

Product, Cloud & AI Security - Embed security across the product lifecycle and every deployment model.
  • Partner with R&D and Product to build security into the SDLC
  • Maintain an effective posture across cloud, on-premises, and private-cloud deployments used by regulated utilities and critical-infrastructure customers
  • Establish guardrails for the secure development and use of AI, in coordination with the Head of AI

Customer Trust & Commercial Enablement - Turn a strong security posture into a competitive advantage in regulated and critical-infrastructure markets.
  • Own the Trust Center and external security narrative; serve as primary contact for customer security inquiries, questionnaires, and audits
  • Partner with Legal and commercial teams on security schedules, data-protection terms, redlines, and customer assurance commitments
  • Provide timely, credible, risk-based assurance that accelerates enterprise sales and renewals

Team & Organizational Leadership - Build and develop a high-performing team with a clear "stay secure" culture across Copperleaf.
  • Own the org design and staffing model, sizing the team and its leadership to risk, demand, and business priorities
  • Directly manage, coach, and develop the InfoSec team across all five security functions
  • Foster a culture of speed, focus, simplicity, ownership, and clear prioritization in a high-growth environment
  • Embed organization-wide security awareness through ongoing training and clear expectations

Strategic Planning & Executive Partnership
  • Develop and execute annual security plans, budget, and KPIs, monitoring progress against goals and service levels
  • Build executive- and Board-level reporting that frames security risk and posture in business terms
  • Pursue cost-effectiveness through innovation, vendor management, and process improvement
  • Serve as primary security advisor to the SVP and represent InfoSec in cross-functional governance


Qualifications

What You'll Bring
  • Bachelor's in Cybersecurity, Computer Science, Information Systems, or a related field (Master's or MBA with a risk/technology focus preferred), or an equivalent mix of education and experience
  • 10+ years in information security, including 5+ years leading and directing security teams
  • CISSP strongly preferred; CISM, CISA, CRISC, or CCISO an asset
  • Proven ownership of enterprise security across SaaS, cloud, on-premises, and private-cloud deployments-including products delivered to regulated utilities and critical-infrastructure customers
  • Hands-on ownership of compliance programs (SOC 2, ISO 27001) and customer-facing security assurance
  • Deep knowledge of international data-protection frameworks (GDPR, CCPA) applied in a SaaS environment
  • Experience securing AI/ML products and defining AI security governance
  • A track record of maturing a security function from operational to strategic-and using security as a commercial differentiator in enterprise deals
  • A bias for action, strong prioritization, simple communication, and disciplined execution


Additional Information

What We're Offering
  • Salary: Competitive, based on experience
  • Bonus eligibility
  • Flexible paid time off, including sick and holiday
  • Medical, dental, & vision insurance
  • Flexible spending accounts
  • Life insurance and disability benefits
  • Tuition assistance
  • Community involvement and volunteering events

Additional Information

We embrace flexibility and hybrid work opportunities to support diverse needs and lifestyles, while also valuing inclusive workplace experiences. By fostering a sense of community, we drive innovation, strengthen connections, and nurture belonging. Our commitment ensures you can work in a way that suits you best, while also engaging with colleagues to share ideas and build meaningful relationships.

Use of Artificial Intelligence in Recruitment

As part of our recruitment process, we may use automated tools, including artificial intelligence, to help screen and assess applications based on job-related criteria such as skills, experience, and qualifications.

These tools do not make hiring decisions. All employment decisions are reviewed and made by members of our hiring team.

This position is for an existing vacancy.

Similar Jobs

More Jobs at IFS

More Information Technology Jobs

Find similar Director, Information Security - IFS Copperleaf jobs: