Newfire Global PartnersRemote
Director of Infrastructure – Security
Colombia
Full Time
4 days ago
No Sponsorship
Key skills
AWSCloudCyber SecurityLeadershipCommunication
About this role
Role Overview
- Own the design, roadmap, and execution of the client's infrastructure and cybersecurity programs, aligned to HIPAA, NIST, SOC 2, PCI, and internal InfoSec standards
- Oversee secure-by-default architectural design across all platforms
- Manage infrastructure budget, team resourcing, and resource allocation
- Serve as a strategic partner to product, legal, and engineering leadership
- Lead, mentor, and manage the Infrastructure and Security team with sprint-based delivery practices and measurable throughput
- Drive a shift from reactive to proactive operations by building organizational visibility into workload, capacity, and priorities
- Own the InfraSec support request intake and triage process
- Establish cross-functional prioritization cadence with Engineering, Product, Data, and Leadership
- Act as a hands-on technical leader contributing directly to security and infrastructure design, review, and implementation
- Serve as senior escalation point for complex deployments, secure architecture, and incident resolution
- Champion engineering self-service for routine InfraSec operations with appropriate guardrails
- Maintain cybersecurity policies and documentation aligned with applicable standards
- Own audit readiness for HIPAA, SOC 2 Type 2, PCI SAQ-D, and internal InfoSec assurance engagements
- Lead Vanta implementation and ongoing compliance automation
- Lead third-party and vendor risk assessments; maintain the vendor security catalog
- Conduct ongoing vulnerability assessments, threat detection, and mitigation
- Own and maintain incident response and disaster recovery plans
- Drive continuous risk-management education across the organization
- Manage identity and access governance across employees, contractors, and systems
- Maintain endpoint protection coverage (CrowdStrike, Tenable) aligned to applicable control frameworks
Requirements
- 7+ years of experience in infrastructure and cybersecurity, with at least 3 years in a people management or team lead capacity in a regulated environment
- Deep expertise in HIPAA, NIST, and SOC 2 compliance
- Proven track record building operational processes: intake triage, sprint-based delivery, cycle time measurement, and cross-functional prioritization
- Strong technical fluency across cloud infrastructure (AWS preferred), endpoint security, access management, and compliance tooling (Vanta, CrowdStrike, Tenable)
- Excellent communication skills — able to translate security posture and risk for non-technical stakeholders and executive leadership
- Experience managing vendor risk assessment programs and third-party security reviews
- US East Coast timezone overlap required
- Professional certifications preferred: CISSP, CISM, or GIAC GCED
Tech Stack
- AWS
- Cloud
- Cyber Security
Benefits
- SOC 2 Type 2: zero critical Trust Services Criteria exceptions
- PCI SAQ-D: 100% annual submission with no major gaps
- Incident response: 90% of incidents triaged within SLA (high severity within 1 hour)
- Infrastructure uptime: 99.9% monthly across mission-critical systems
- Sprint delivery: 90% of committed items delivered on time
- Change failure rate: less than 5% of changes resulting in an incident or unplanned rollback.