Director, IT Audit & Compliance (Cybersecurity)

TL;DR

Director, IT Audit & Compliance (Cybersecurity): Directing the organization’s cybersecurity program with an accent on robust governance, regulatory compliance, policy adherence, audit readiness, and risk mitigation. Focus on establishing a compliance-based approach to threat identification, vulnerability management, incident response, and security operations, while leading internal and external IT compliance audits.

Location: Hybrid in Mesa, Arizona (3 days in office, 2 days remote). Must be locally located.

Company

hirify.global is a company focused on smart mobility solutions, with a strong emphasis on integrity and driving breakthrough outcomes.

What you will do

• Provide strategic leadership and oversight for the organization’s cybersecurity program, focusing on compliance.
• Direct the implementation of technical controls, monitoring, and defensive measures to safeguard digital and physical assets.
• Establish and implement policies, standards, and procedures for compliance with regulatory and customer requirements, and frameworks such as NIST, SOX, SOC2, ISO 27001, FedRAMP, and PCI-DSS.
• Direct and perform internal and external IT compliance audits, and oversee remediation activities.
• Oversee, develop, implement, and maintain the cybersecurity risk management program, including internal and third-party risk.
• Partner with Legal & Sales to respond to requests for proposals, requests for information, and customer contract reviews, and participate in Mergers & Acquisition activities.

Requirements

• Bachelor’s degree from an accredited university or 8 years’ experience in cybersecurity leadership roles focused on audit and compliance.
• SOX, NIST, ISO 27001, PCI, SOC 2 working experience and/or certification(s) required.
• CIA or CISA certification required (other relevant certifications will be considered).
• Experience leading others and managing IT compliance audits, including controls walkthroughs and stakeholder interviews.
• Experience developing and implementing policies and procedures.
• Strong knowledge of risk management methodologies and advanced IT audit skills.
• Must be locally located and okay working a 3 days in office hybrid model and 2 days remote.

Nice to have

• Master’s degree in cybersecurity discipline.
• CISSP or CompTIA Security+ certification.
• Formal project management experience and/or certification(s).
• Experience working in GRC tools and risk assessment methodologies.
• Experience supporting privacy operations and working with ERP systems.

Culture & Benefits

• Focus on high performance, accountability, customer focus, and cultivating innovation.
• Champion integrity, ethical behavior, and good judgment.
• Encourage courage over comfort, challenging assumptions to move the business forward.
• Value collaboration, diversity, global thinking, and people development.