THE OPPORTUNITY
Dynata is hiring a VP of Security & Compliance to own and evolve our enterprise security posture at a pivotal moment: we are scaling AI-driven infrastructure, migrating legacy platforms to cloud-native architectures, and hardening compliance controls across a global, highly regulated data environment.
Reporting directly to the SVP of Infrastructure & Corporate Applications, you will lead a team of 6-15 security and compliance professionals, serve as the company's senior-most security executive, and operate as a strategic partner to the CTO, Legal, and Board. This is a high-visibility, high-impact role for a leader who combines deep technical security expertise with fluency in AI risk, regulatory compliance, and executive communication.
Candidates with backgrounds in banking, financial services, or Fortune 500 data-intensive environments are strongly preferred - where AI governance, model risk, and regulatory scrutiny are already embedded in the security culture.
This role carries formal committee responsibilities: the VP will serve as a standing member of Dynata's Data Governance Committee and AI Governance Committee, and will participate in strategic task forces as designated by senior leadership. The ideal candidate is located in the Eastern or Central time zone to ensure alignment with core business hours and cross-functional collaboration.
KEY RESPONSIBILITIES
Security Strategy & Governance
• Own Dynata's enterprise security strategy - define the roadmap, prioritize investment, and align security controls with business objectives across cloud, corporate applications, and data platforms.
• Establish and maintain a Zero Trust security architecture spanning AWS, Azure, and GCP environments.
• Oversee threat intelligence, vulnerability management (CVE reduction), and incident response programs.
• Drive Cloud Security Hardening initiatives and set security standards within the Cloud Center of Excellence (CCoE).
AI Security & Risk Management
• Build and own Dynata's AI Security governance framework - establish policies, controls, and risk guardrails for the company's growing AI/ML portfolio including MS Fabric, Snowflake, Copilot, and LLM-based tools.
• Lead AI risk assessment and model governance aligned with NIST AI RMF, EU AI Act, and emerging regulatory requirements.
• Define controls for LLM-specific threats: prompt injection, data exfiltration via AI, model inversion, and adversarial inputs.
• Partner with the EDMS and Engineering teams to embed AI security-by-design in DataHub, lakehouse architectures, and AI product development.
Compliance & Regulatory Oversight
• Own and manage all major compliance certifications and audits: SOC 2 Type II, ISO 27001, GDPR, CCPA/CPRA, and HIPAA where applicable.
• Monitor the regulatory landscape - proactively identify and respond to emerging privacy and AI regulation in the US and EU.
• Manage third-party and vendor risk management programs across Dynata's technology supply chain.
• Partner with Legal and Finance to respond to client security questionnaires, audits, and contractual security requirements.
Security Operations Center (SOC) & Audit Management
• Own and manage Dynata's Security Operations Center (SOC) - including 24/7 monitoring coverage, alert triage, escalation protocols, and continuous improvement of detection and response capabilities.
• Lead all internal and external security audits - coordinate audit preparation, evidence collection, control testing, and finding remediation across all compliance frameworks (SOC 2, ISO 27001, GDPR, CCPA).
• Manage relationships with external auditors, assessors, and penetration testing partners; ensure audit readiness is a continuous state, not a seasonal event.
• Drive SIEM/SOAR optimization - tune alerting, reduce false positives, and improve analyst efficiency across Splunk, Microsoft Sentinel, CrowdStrike, or equivalent platforms.
• Establish SOC KPIs and SLAs: MTTD, MTTR, alert-to-ticket ratio, and analyst utilization - reported to leadership monthly.
Governance Committees & Strategic Leadership
• Serve as a standing member of Dynata's Data Governance Committee - providing the security and privacy lens on data classification, access policies, retention standards, and data lineage across the enterprise.
• Serve as a standing member of Dynata's AI Governance Committee - defining AI risk thresholds, responsible AI standards, and security controls for all AI/ML models and agents moving into production.
• Participate in strategic task forces as designated by senior leadership - contributing security expertise to emerging initiatives, M&A due diligence, vendor evaluations, and regulatory response efforts.
• Represent security interests in the Cloud Center of Excellence (CCoE) - ensuring that cloud architecture decisions are made with security guardrails built in from day one.
Cross-Functional Partnership - Product, Engineering & Technology
• Partner with Product and Engineering teams to embed security into the software development lifecycle (SDLC) - from threat modeling and secure design reviews through code scanning, staging validation, and production release gates.
• Collaborate with Technology leadership (Cloud Ops, EDMS, Corporate Applications) to ensure security controls are woven into platform architecture, data pipelines, and enterprise application rollouts - not bolted on after the fact.
• Serve as the trusted security advisor for all major technology programs - including D365 CE/F&O, MS Fabric/Lakehouse, Dynata+ Phase 3, and inBrain Azure migration - providing risk assessments and go/no-go input at key milestones.
• Engage with front-end and application teams to assess and remediate security risks in web applications, APIs, and customer-facing platforms - including penetration testing oversight and vulnerability triage coordination.
Team Leadership & Culture
• Recruit, develop, and retain a high-performing Security & Compliance team of 6-15 FTEs.
• Foster a security-first culture across Technology Operations and the broader organization through training, awareness programs, and executive engagement.
• Present to executive leadership and the board - deliver quarterly security posture reviews, risk dashboards, and compliance status updates with clarity, confidence, and business context.
• Serve as the executive sponsor for security in cross-functional programs including BOS 162; D365 migration, inBrain Azure migration, and Dynata+ Phase 3.
QUALIFICATIONS & EXPERIENCE
Education
• Bachelor's degree in computer science, Information Technology/Systems, Cybersecurity or related field
• Graduate Degree desirable, but not required
Experience
• 15 years of progressive experience in Information Security, Cybersecurity, or a related discipline.
• 5+ years in a people-management role leading security and/or compliance teams of 6 or more.
• Proven track record building or maturing security programs at a Fortune 500, PE-backed, or highly regulated company (banking, financial services, healthcare, or large-scale data/tech platforms strongly preferred).
• Hands-on AI/ML security experience: securing LLM deployments, generative AI products, or data science environments - ideally including model risk management frameworks from financial services.
• Deep cloud security expertise across AWS, Azure, and/or GCP - including cloud-native security tooling, IAM, and multi-cloud governance.
• Strong compliance program ownership: SOC 2, ISO 27001, GDPR, CCPA - you've run the audits, not just supported them.
Technical Expertise
• SIEM / SOAR platforms: hands-on experience with CrowdStrike Falcon (EDR, OverWatch, Identity Protection), Splunk, Microsoft Sentinel, or equivalent - including rule tuning, playbook development, and SOC workflow automation.
• DLP (Data Loss Prevention): deep familiarity with enterprise DLP tooling (e.g., Microsoft Purview, Symantec DLP, Forcepoint) - policy design, incident investigation, and integration with broader data classification frameworks.
• Vulnerability management: end-to-end CVE lifecycle - scanning, prioritization, patch coordination, and executive-level reporting.
• AI/ML security: NIST AI RMF, adversarial ML, LLM security controls, model inversion, and data poisoning defense.
• Data architecture fluency: working understanding of modern data platforms (cloud data lakes, lakehouses, Snowflake, MS Fabric, relational and NoSQL databases) - sufficient to assess data flow risks, classify sensitive assets, and engage credibly with data engineering teams.
• Front-end platforms & enterprise applications: familiarity with security considerations for SaaS/enterprise app stacks - including CRM/ERP (e.g., D365, HubSpot, Workday), web applications, and API security - enabling effective partnership with Corporate Applications teams.
• Cloud security tooling: AWS Security Hub, Microsoft Defender for Cloud, GCP Security Command Center, CSPM/CWPP platforms.
• Claude Cowork (Anthropic): direct, hands-on experience using Claude Cowork for enterprise task automation, document intelligence, and AI-assisted workflows - enabling the candidate to credibly govern, audit, and set guardrails for AI productivity tools deployed across the organization.
Certifications
• CISSP (Certified Information Systems Security Professional) - strongly preferred; candidates without CISSP must hold CISM, CISA, or equivalent and commit to CISSP within 18 months of hire.
• CCSP (Certified Cloud Security Professional) - a strong plus given Dynata's multi-cloud environment.
• AI security or governance certification (e.g., NIST AI RMF Practitioner, Google Cloud Security) - valued given the AI governance committee responsibilities.
• CRISC, CGEIT, or similar risk management credentials - welcomed.
Leadership & Soft Skills
• Executive presence & communication: comfortable presenting to C-suite, board members, and external stakeholders - translating complex security risk into clear business language, defensible recommendations, and compelling narratives. You inform decisions, you don't just report status.
• Cross-functional partnership: proven ability to partner effectively with Product, Engineering, and Technology teams - embedding security into the SDLC, product roadmaps, and platform architecture without becoming a bottleneck.
• Strategic thinker who can balance long-term security architecture with near-term operational realities and shifting business priorities.
• Collaborative influencer - this role succeeds through influence, trust, and shared ownership across teams, not authority alone.
• Mission-driven: a genuine passion for protecting data, earning customer trust, and building a security culture that people believe in - not just comply with.
The base salary range for this position in is $200K-$220K/yr; however, base pay offered may vary depending on location, job-related knowledge, skills, and experience. A discretionary incentive program may be provided as part of the compensation package, in addition to a full range of medical and other benefits, dependent on full-time employment status