Director, Information Security - Risk & Compliance


Responsibilities include, but are not limited to:

Lead the organization’s existing and prospective Information Security, Compliance and Privacy programs in accordance with industry standards and requirements, which includes, but is not limited to, ISO 27001, SOC 1 & 2, PCI-DSS, FedRAMP, HIPAA, EU Data Privacy and others.

Oversee ongoing adherence to Information Security, Compliance and Privacy programs in accordance with industry standards and requirement to ensure ongoing alignment with emerging laws, regulations, etc.

Identify and remain current with industry requirements and regulatory changes that will affect IT/IS technologies, policies and procedures and recommend appropriate changes to ensure ongoing alignment with Information Security, Compliance and Privacy program requirements

Collaborate closely with other departments to ensure that these requirements are met

Manage senior Information Security staff and provide Information Security, Compliance and Privacy leadership

Act as an advocate and liaison of Information Security, Compliance and Privacy programs across the organization

Prepare reports and performance metrics for senior management

Coordinate internal resources and third parties or vendors for the execution of projects

Report and escalate issues to management as needed

Develop detailed Information Security project plans to track compliance statuses

Identify potential areas of vulnerability and risk. Facilitate the formulation of corrective action plans for resolution of problematic issues

Appraise and communicate control strengths and weaknesses with audit, IT management and business unit staff in order to plan an effective and efficient integrated audit approach and remediation plan


Bachelor's Degree in Business, Computer Science, Information Systems, or equivalent prior work experience in a related field

Five to eight years experience in an Information Technology field, preferably working in PaaS and/or SaaS, with at least ten years in Information Security in an enterprise setting

Demonstrated competency in information security management for a cross-functional environment and with the proven ability to lead security and technical teams as required

Deep understanding of information security risk management frameworks such as ISO 27001, COBIT, NIST, etc.

Current Information Security Certification (e.g. CISSP, CISM, CISA, or related security certification) preferred or the ability to attain one within six months of hire

Experience in creating and maintaining management schedules to ensure on-time delivery of information security projects

Excellent client-facing and internal communication skills

Strong understanding of security products and concepts such as firewalls, VPNs, IDSs and other security devices

Prior public audit experience

Demonstrated experience supporting and overseeing a FedRamp program

Working knowledge of US and EU Data Privacy protection requirements and Safe Harbor

An understanding of applicable federal, state, and local regulations as well as maintain current training and knowledge of applicable Information Security, Compliance and Privacy program requirements

Solid analytical skills and the ability to evaluate the business and financial aspects of existing and future technologies

Project management skills and the ability to analyze pending assignments to establish priorities and/or multi-task

Ability to cultivate good working relationships with both internal and external stakeholders to engender trust and confidence in Acquia’s risk/governance/compliance/security efforts

More Information / Apply Now launch


Corporate / senior


Boston , United States


United States



Corporate / senior