Director of IT Infrastructure and Security

Job Title: Director, IT Infrastructure and Security Department: Information Technology Location: Hybrid, based in Washington, DC, or Durham, NC; or Remote in Illinois, Maryland, New Jersey, New York, North Carolina, or Virginia Position Overview The Director, IT Infrastructure & Security is responsible for the strategy, performance, and security of the organization’s technology environment, including cloud infrastructure, networks, endpoints, and information security programs. This role leads a small internal team and manages an outsourced Managed Service Provider (MSP) to ensure reliable, secure, and scalable IT operations. This leader partners across the organization to align infrastructure and security capabilities with business needs, risk tolerance, and growth priorities. What You’ll Do Infrastructure Strategy & Operations Define and execute the organization’s infrastructure strategy across cloud (Azure), network, endpoints, and collaboration platforms, in coordination with partner non-profit organizations. Ensure long term roadmap is aligned to business growth Ensure high availability, performance, and cost optimization of all infrastructure systems Oversee endpoint management, device lifecycle, and identity systems (e.g., Azure AD / Entra ID, Intune, group policy) Establish and maintain standards for system configuration, patching, and lifecycle management Lead evaluation, selection, and implementation of infrastructure technologies Establish infrastructure monitoring strategy (uptime, performance, etc.) Act as escalation point for critical incidents Continuously improve IT service management processes and user experience Security Develop and maintain a comprehensive information security strategy aligned with organizational risk tolerance and growth ambitions Define and track security KPIs and maturity benchmarks Act as in-house security expert, coordinating with an in-house security team, partner non-profits, and external vendors. Handle proactive and reactive issues related to technical, administrative, physical and virtual threats Establish and enforce security policies, standards, procedures, and trainings Lead risk management practices, including risk assessments, threat modeling, and remediation planning Oversee security architecture, including identity and access management, endpoint security, and cloud security posture Lead and evolve incident response processes, including detection, investigation, and recovery Business Continuity & Resilience Oversee disaster recovery and business continuity planning and testing Ensure integration of security incident response with broader IT and business processes Conduct tabletop exercises and simulations for incident response and disaster recovery Governance, Compliance & Audit Ensure compliance with applicable frameworks (e.g., SOC 2, client requirements, regulatory needs) Coordinate internal and external audits and remediation efforts Maintain policies and documentation supporting governance and compliance Leadership & Team Management Oversee day-to-day IT service delivery through internal staff and MSP, including establishment of clear operating model between internal teams and MSP Define and enforce SLAs, KPIs, and performance expectations for MSP and vendors Lead, mentor, and develop a small internal IT team Manage external partners including MSP, security vendors, and consultants Foster a culture of accountability, service excellence, and continuous improvement Partner with leadership within and across teams to align strategy with organizational priorities What You’ll Bring Bachelor’s degree or equivalent experience 15+ years of progressive experience in IT infrastructure and/or information security 5+ years of strategic leadership of infrastructure and security systems Experience managing cloud environments (Microsoft Azure preferred) Strong knowledge of: Identity & access management (Azure AD / Entra ID) Endpoint management (e.g., Intune) Networking fundamentals and cloud architecture Security frameworks and best practices Experience managing vendors and/or MSPs Demonstrated experience leading incident response and risk management efforts Certifications in one or more relevant areas (e.g., CISSP, CISM, Azure certifications) Experience with SOC 2 or similar compliance frameworks Experience in professional services, consulting, or nonprofit environments Outstanding collaboration and communication skills with the ability to present ideas to non-IT stakeholders Highly detailed, organized, and influential with the ability to manage stakeholders Multi-tasking, problem-solving, and decision-making ability in a fast-paced environment Compensation and Benefits The annual salary range for this position is $124,000 – 146,000. Our salary ranges are based on national compensation benchmarks of similar sized companies in professional services. This position is eligible for an annual bonus at 10% of the annual salary. We offer a comprehensive benefits package that includes medical, dental, and vision insurance, plus a flexible spending account and health savings account, in addition to a 401k with a company match, and commuter benefits. We give generous paid time off, with 16 days of vacation time, 10 days of personal time, 20 hours of volunteer time, 11 company holidays, and 4 optional holidays. We support work-life balance with parental leave, UrbanSitter membership, Employee Resource Groups, and fitness and telecommunications reimbursements. We value growth and development with options for education reimbursement and professional development. We also offer disability, life insurance, additional voluntary insurances, and access to Teladoc and Health Advocate. Location Requirements This is a full-time position. The position can operate on a hybrid schedule, based in our Washington, DC or Durham, NC offices, or it can be fully remote from the following locations: Illinois, Maryland, New Jersey, New York, North Carolina, or Virginia. If a new hire is within proximity of our Washington, DC or Durham, NC offices, the expectation during onboarding (~90 days) is that you come into the office a minimum of 3 days per week. After this onboarding period, employees can then come into the office on a more flexible schedule with the remaining days worked at home/remotely. Physical Requirements Prolonged periods of sitting at a desk and working on a computer Must be able to lift up to 10 pounds at a time We will make reasonable accommodations under the guidelines of the Americans With Disabilities Act. Sunflower Services is an Equal Opportunity Employer without regard to race, gender, disability status, veteran status, or any other category protected by federal, state, or local law. #J-18808-Ljbffr Sunflower Services PBC