Director of Information Security jobs in United States
cer-icon
Apply on Employer Site
company-logo

RevOptimal ยท 4 hours ago

Director of Information Security

positionNew Orleans, LA
timeFull-time
remoteOnsite
seniorityDirector/Executive
date7+ years exp

RevOptimal is a leader in data-driven advertising solutions, and they are seeking a hands-on Director of Information Security. This role involves designing, operating, and maturing a security, privacy, and compliance program, while leading SOC 2 and ISO 27001 readiness, and ensuring privacy compliance across US state laws and GDPR.

B2BB2CMarketing

Responsibilities

Define and execute the company security strategy and roadmap across cloud, data, application, and infrastructure security
Lead the design and pragmatic implementation of Zero Trust architecture principles (identity-centric controls, least-privilege access, micro-segmentation, device posture and conditional access)
Design and enforce secure cloud architecture patterns (AWS best practices for S3, IAM, KMS, VPCs, cross-account roles and clean-room integrations)
Implement secure key management, encryption at rest / in transit, and data classification & retention standards appropriate for sensitive data
Own SOC 2 readiness, audit lifecycles and evidence automation
Lead ISO 27001:2022 readiness and the ISMS lifecycle when appropriate (scoping, risk assessment & treatment, SoA, internal/external audits)
Own data privacy compliance frameworks across relevant regimes: US state privacy laws (e.g., CPRA/CCPA and other state statutes) and EU GDPR. Responsibilities include:
Maintain a comprehensive data map / Record of Processing Activities (RoPA) covering personal data flows, storage locations, retention and processors
Run Data Protection Impact Assessments (DPIAs) for high-risk processing and partner integrations
Operate a DSAR / DSR process (data subject access/deletion/portability requests) and ensure timely responses that meet legal deadlines
Manage Data Processing Agreements (DPAs) and contractual privacy controls with vendors and partners
Implement and enforce privacy-by-design/default controls and data minimization across technical and product solutions
Ensure lawful cross-border data transfer mechanisms (e.g., SCCs, adequacy assessments, and technical safeguards) and document them appropriately
Operate and maintain compliance automation tooling (e.g., Vanta) and privacy management tooling; track remediation and evidence collection
Build and operate detection & monitoring (centralized logging, alerting and lightweight SIEM)
Manage vulnerability scanning, third-party pen testing, remediation workflows and risk treatment
Secure onboarding and hardening of partner integrations (S3 buckets, IAM roles, cross-account access, clean-room patterns)
Assess and govern third-party security and privacy posture with technical and contractual controls
Manage day-to-day IT for a company <20 people: device lifecycle (MDM), endpoint protection, SSO/MFA, Google Workspace/Slack/Atlassian administration, onboarding/offboarding and enforcement of 2FA
Own vendor relationships for IT/security/privacy services and provide escalated IT support
Evangelize security and privacy across the company: training, phishing simulations, privacy awareness
Report security and privacy KPIs to executives (SOC 2/ISO coverage, Zero Trust adoption, DSAR SLAs, MTTR)

Qualification

Information Security LeadershipCloud Security (AWS)SOC 2 ReadinessZero Trust ImplementationGDPR ComplianceUS State Privacy LawsVulnerability ManagementIT OperationsSecurity CertificationsCommunicationTeam Collaboration

Required

7+ years of professional experience in information security, with at least 3 years in a leadership/managerial role
Hands-on cloud security experience in AWS (S3, IAM, KMS, CloudTrail, CloudWatch, VPCs, cross-account roles)
Proven experience leading SOC 2 readiness and audit programs and operating compliance automation tools
Practical experience implementing Zero Trust principles in cloud environments
Practical experience with GDPR and with US state privacy laws (CCPA/CPRA and/or other modern state privacy statutes), including DSAR/DSR handling, DPIAs, RoPA, DPAs and breach notification processes
Strong operational security capabilities (vulnerability management, IR, logging/monitoring, IAM, encryption)
Practical IT operations experience for small companies (MDM, SSO/MFA, onboarding/offboarding)
Excellent written and verbal communication skills
Formal security certification preferred (CISSP, CISM)

Preferred

Experience directly driving or supporting ISO 27001:2022 certification and managing an ISMS
Privacy certifications: CIPP/US, CIPP/E or equivalent
Experience designing and implementing Zero Trust at scale and familiarity with NIST SP 800-207
Familiarity with privacy and governance tooling (OneTrust, TrustArc, BigID) and with SOC 2 automation (Vanta)
Infrastructure as code experience (Terraform/CloudFormation) and secure CI/CD pipelines
Experience with global privacy topics (Schrems II implications, SCCs, adequacy) and with managing cross-border transfer risk
Familiarity with CPRA, Virginia, Colorado, Connecticut, Utah privacy rules and breach notification regimes

Company

RevOptimal

twittertwitter
company-logo
RevOptimal provides B2B, B2C, account-based marketing, data enrichment, and validation solutions.
dateFounded in 2021
location
New Orleans, Louisiana, USA
people-size11-50 employees
web-link
https://revoptimal.com

Funding

Current Stage
Early Stage

Leadership Team

leader-logo
Eric Slone
Founder & CTO
linkedin

Recent News

Business Wire
FreeWheel Unlocks Precision Political Targeting on Streaming with First-of-its-Kind Data Partnerships
2025-11-19
NOLA.com
Patrick Comer sold his startup for $1.1 billion. Now he's trying to rescue the company that bought it.
2025-11-05
Company data provided by crunchbase