Director of Information Security

Director of Information Security

Duration: Full-Time

Location: Remote

About BigRio :


BigRio is a Digital Transformation consulting firm headquartered in Boston, MA, specializing in data and analytics, custom development, software implementation, data analytics, and machine learning/AI integrations. As a one-stop shop, we deliver cutting-edge and cost-conscious software solutions to clients across various industries. With diverse industry exposure, our teams of data architects, engineers, developers, and consultants tackle complex software and data challenges, providing best-in-class solutions.

Job Overview:


We are looking for a strategic, hands-on Information Security Director to lead and manage enterprise-wide cybersecurity initiatives. This role is responsible for developing and executing a comprehensive certification roadmap to align with leading industry standards such as SOC 2, ISO 27001, HITRUST, NIST, and FedRAMP. The position plays a key role in strengthening and evolving the organization's overall security posture.


The ideal candidate has deep experience in information security governance, risk management, audit compliance, and policy development. You will collaborate closely with infrastructure, engineering, legal, and compliance teams to protect organizational assets and ensure security certification requirements are met.

Key Responsibilities:

Security Certification Strategy & Execution

• Lead the strategy and implementation roadmap for achieving security certifications (SOC 2, ISO 27001, HITRUST, NIST 800-53, FedRAMP, etc.).
• Act as the primary liaison for external auditors and certification bodies.
• Develop and maintain documentation, policies, and procedures to support compliance efforts.

Governance, Risk & Compliance (GRC)

• Establish and manage a robust enterprise security governance program.
• Conduct risk assessments and oversee third-party vendor security evaluations.
• Ensure compliance with regulations and standards (HIPAA, GDPR, CCPA, etc.).

Enterprise Security Operations

• Oversee the implementation of cybersecurity controls including network security, endpoint protection, identity management, and data loss prevention.
• Lead incident response planning and execution.
• Monitor emerging threats and promote security awareness across teams.

Leadership & Collaboration

• Build and lead a high-performing security team focused on compliance and operational security.
• Collaborate with engineering, DevOps, and IT teams to integrate security into all phases of system development and infrastructure.
• Present security updates, metrics, and risks to executive leadership and board members.

Audit Readiness & Continuous Improvement

• Conduct internal audits and gap analyses in preparation for formal assessments.
• Manage vendor security assessments and ensure compliance with contractual security requirements.
• Drive automation to optimize certification and security reporting processes.

Qualifications:

• 10+ years of experience in cybersecurity or information security leadership roles.
• Proven track record of leading organizations through formal security certifications (e.g., SOC 2, ISO 27001, HITRUST).
• Strong understanding of cybersecurity frameworks (NIST, ISO, CIS) and regulatory compliance (HIPAA, GDPR, FedRAMP).
• Proficiency in security technologies (SIEM, IAM, DLP, vulnerability scanning).
• Excellent leadership, communication, and stakeholder engagement skills.

Preferred Qualifications:

• Industry certifications: CISSP, CISM, CISA, CRISC, or PMP.
• Experience in healthcare, government, or other regulated industries.
• Familiarity with DevSecOps practices and cloud security (AWS, Azure, GCP).
• Background in security architecture or engineering is a plus.