Director of Security/GRC

As the Director of Security & GRC at Censys, you will lead the corporate security function and governance, risk, and compliance programs. This role is pivotal in ensuring the security and availability of our systems while adhering to compliance frameworks such as ISO 27001, SOC 2 Type 2, UK NCSC Cyber Essentials+, and CMMC. You will collaborate closely with various teams to maintain a secure and compliant operational environment.

Key responsibilities include building and scaling the corporate security infrastructure, managing endpoint provisioning, and deploying tools to enhance the company's security posture. You will oversee the Security team, ensuring effective workload delegation and coverage. Additionally, you will develop and implement security awareness training, manage data loss prevention and insider threat programs, and ensure comprehensive security telemetry and logging.

The ideal candidate will have over 10 years of experience in cybersecurity, including at least 3 years in a senior leadership role. A deep understanding of compliance frameworks such as ISO 27001, SOC 2 Type 2, CMMC, NIST, and GDPR is essential. Experience with cloud security, endpoint security, identity and access management, and managing security telemetry and detection engineering programs is also required. Strong leadership, communication skills, and a background in high-growth environments are highly valued.

For high cost of living areas (Seattle, San Francisco Bay Area, and NYC Metro), the expected salary range for this position is $206,000 - $237,000, plus bonus eligibility and equity. For all other US locations, the expected salary range is $185,000 - $213,000, plus bonus eligibility and equity. Censys offers a comprehensive benefits package, including health insurance, retirement plans, and professional development opportunities.

Censys fosters a collaborative and innovative company culture, emphasizing continuous learning and growth. Employees are encouraged to take initiative and contribute to the company's mission of providing comprehensive internet intelligence. This role offers significant opportunities for professional development and the chance to make a substantial impact on the organization's security and compliance posture.