Director of Security & IT

Job Description

Job Description

Description:

About Veryon

Veryon is the leading global provider of aviation software and information services , trusted by over 5000+ customers, 75,000 maintenance professionals, and 100+ OEMs across nearly 150 countries . Our mission is to deliver smarter, predictive technology solutions , including our AI platform, Veryon AIRE that maximizes aircraft uptime and operational efficiency for the world’s most demanding aviation organizations.

At Veryon , we are an AI-forward company focused on driving innovation and efficiency through emerging technologies. We prioritize hiring individuals who embrace AI, think creatively about its application, and are excited to continuously evolve alongside it.

About the Role

We are seeking a highly experienced and hands-on Director of Security & IT to lead our internal IT operations and, most importantly, our security and compliance programs.

This role is a blend of strategic leadership and deep technical execution. The successful candidate will own the company’s security posture, lead compliance initiatives, and oversee IT operations delivered primarily through third-party providers. A critical aspect of this role is strong, hands-on expertise in networking and security infrastructure, including VPNs, firewalls, and proxy technologies.

This leader will manage key vendors, partner closely with compliance stakeholders, and directly lead the SecOps function. The ideal candidate is someone who can operate at both executive and technical levels—setting direction while actively contributing to implementation.

Key Responsibilities

Security & Technical Leadership (Primary Focus)

• Own and drive the organization’s overall security strategy, architecture, and execution.
• Design, implement, and continuously enhance security controls across network, infrastructure, and endpoints.
• Act as the subject matter expert in network security, including VPNs, firewalls, and proxy solutions.
• Lead and mentor the SecOps Manager and broader security operations efforts.
• Partner with engineering and infrastructure teams to embed security best practices.

Compliance & Governance

• Partner with internal compliance teams to achieve and maintain certifications, including ISO 27001, SOC 2 Type II, and GDPR.
• Oversee third-party providers supporting governance, risk, and compliance initiatives within Veryon’s Vanta platform.
• Ensure audit readiness and continuous monitoring of controls.
• Translate compliance requirements into scalable technical and operational practices.

IT Operations & Vendor Management

• Oversee internal IT services supporting employee productivity (e.g., collaboration tools, identity/access).
• Manage relationships with third-party IT service provider responsible for Helpdesk and end-user support
• Device provisioning and lifecycle management
• Logistics such as shipping laptops and peripherals
• Own vendor selection, performance management, and cost optimization for enterprise tooling and services.
• Ensure a high-quality, reliable IT experience for all employees.

End-User Device & Infrastructure Oversight

• Ensure seamless onboarding and offboarding processes, including device provisioning.
• Establish and enforce endpoint security and configuration standards.
• Oversee troubleshooting and resolution processes through managed service providers.

Requirements

• 10+ years of experience in IT and/or Security, with at least 3–5 years in a leadership role.
• Strong hands-on expertise in network security, including VPNs, firewalls, and proxy technologies.
• Proven experience building and executing security programs that improve organizational security posture.
• Experience working with or leading compliance initiatives for ISO 27001, SOC 2 Type II, and/or GDPR.
• Experience managing third-party vendors and outsourced IT/security services.
• Ability to operate both strategically and tactically, with a willingness to be hands-on when needed.
• Strong communication skills with the ability to engage both technical and non-technical stakeholders.

Preferred Skills

• Background in network engineering or infrastructure security.
• Experience with compliance and security tooling platforms (e.g., Vanta or similar).
• Familiarity with cloud-first and SaaS-based environments.
• Experience with identity and access management systems.
• Strong vendor negotiation and cost management experience.
• Track record of scaling security and IT functions in a growing organization.

AI Competency Expectations

• Leverage AI tools to improve efficiency across IT operations, security monitoring, and compliance workflows.
• Identify opportunities to automate repetitive IT and security tasks using AI-driven solutions.
• Apply AI-assisted analysis to enhance threat detection, incident response, and risk assessment.
• Partner with cross-functional teams to evaluate and adopt AI technologies securely and responsibly.
• Ensure appropriate governance, data protection, and risk management practices are applied to AI usage within the organization.
• Stay informed on emerging AI capabilities and risks, integrating relevant advancements into security and IT strategies.

Our Core Values:

• Fueled by Customers: Customers are at the core of every decision.
• Win Together : Collaboration is our competitive edge.
• Make It Happen: No excuses. Just outcomes.
• Innovate to Elevate: We boldly challenge what’s standard and lift what’s possible.

• 10+ years of experience in IT and/or Security, with at least 3–5 years in a leadership role.
• Strong hands-on expertise in network security, including VPNs, firewalls, and proxy technologies.
• Proven experience building and executing security programs that improve organizational security posture.
• Experience working with or leading compliance initiatives for ISO 27001, SOC 2 Type II, and/or GDPR.
• Experience managing third-party vendors and outsourced IT/security services.
• Ability to operate both strategically and tactically, with a willingness to be hands-on when needed.
• Strong communication skills with the ability to engage both technical and non-technical stakeholders.