Senior Director of Security and Compliance

Description

Job Title: Senior Director of Security and Compliance

Job Type: FT

Location: #LI- Remote, to be considered for this role, you must reside in one of the following states —AZ, CT, FL, GA, IL, KS, MA, MD, ME, MI, MO, NC, NJ, NV, NY, OH, PA, RI, SC, TN, TX, UT, VA, WI, WV.   

Who We Are

Benefits are complicated but by using innovative technology, paired with attentive and dedicated customer service, it doesn’t have to be! At Flores, we focus on technology and customer service, so our clients can focus on their employees. We are a leader in the field of consumer-based reimbursement plans, COBRA, and Direct Bill services. With a 97% client retention rate, we continue to grow our footprint across the US.

Please visit our website to learn more about our people, culture, and benefits! www.flores-associates.com.

Job Summary

At Flores, we are passionate about our clients having a great experience and this also applies to our team and our future team members. Building a remarkable team is a top-level company priority. The Senior Director of Security and Compliance will lead our organization's efforts in ensuring compliance, maintaining security standards, and driving enterprise engineering excellence. This role requires a strategic leader with in-depth knowledge of audit processes, regulatory compliance frameworks, enterprise engineering best practices, Azure cloud technologies, and expertise in implementing both NIST and HITRUST Cybersecurity Frameworks (CSFs). The Senior Director of Security and Compliance reports to the CTO. 

What You’ll Do

• Define and execute security strategies to protect enterprise systems, data, and infrastructure.
• Incorporate NIST and HITRUST CSF best practices into security programs, focusing on core functions like risk management, threat identification, and incident response.
• Lead risk assessments, vulnerability management, and incident response planning across the organization.
• Ensure secure design and architecture of enterprise engineering projects.
• Promote a culture of security awareness through training and engagement initiatives.
• Architect and enforce best practices for Azure Cloud Infrastructure security, aligning with secure architecture principles and ensuring robust data protection.
• Collaborate with enterprise and desktop engineering teams to design and implement security best practices across desktop and server configurations, software deployment, and endpoint security.
• Provide guidance on IAM, privileged access controls, and secure access policies to reinforce a zero-trust model across Azure and on-premises environments.
• Work independently and with third parties to conduct regular risk assessments for Azure, enterprise, and desktop systems, identifying vulnerabilities and recommending mitigation strategies in alignment with industry frameworks.
• Oversee compliance efforts, ensuring adherence to regulatory standards such as SOC 2, ISO 27001, GDPR, HITRUST, HIPAA, and PCI-DSS across cloud and enterprise systems.
• Manage audit preparation, documentation, and evidence collection for internal, customer, and third-party audits, working closely with audit and compliance teams.
• Lead cloud and enterprise incident response efforts, coordinating with internal and external teams to address Azure and enterprise-level security incidents effectively.
• Oversee the implementation of threat detection and monitoring strategies for Azure and desktop environments, utilizing tools like Azure Sentinel, Microsoft Defender for Cloud, and endpoint protection solutions.
• Collaborate with threat intelligence teams to proactively address threats, vulnerabilities, and security trends relevant to Azure and enterprise infrastructures.
• Work closely with IT, DevOps, and enterprise engineering teams to embed security and compliance requirements throughout cloud architecture, application development, and end-user systems.
• Drive awareness and training initiatives to foster a culture of security across enterprise engineering and desktop environments, promoting secure behavior and best practices.
• Serve as the primary contact for security and compliance related matters, liaising with internal stakeholders, customers, third-party vendors, and auditors.
• Perform other duties as assigned.
• Maintain quality work that exemplifies and promotes Flores’ core values. 

Requirements

Who You Are

• A self-driven, inquisitive, and tenacious individual, capable of understanding and improving upon complex existing software platforms.
• A graduate of a bachelor’s degree program preferably a degree in Computer Science, Information Security MIS or a related field; Master’s degree or equivalent experience preferred.
• Minimum of 10 years in information security, with at least 5 years in cloud security, compliance, and architectural guidance, particularly within Azure. Relevant certifications (e.g., Microsoft Certified: Azure Security Engineer, CCSP, CISSP, CISM) are highly preferred.
• Someone with proven experience in managing security within enterprise/desktop engineering environments, with a focus on best practices and secure design.
• An expert in Microsoft Azure Cloud Infrastructure, IAM governance, and enterprise security best practices for desktop and end-user systems.
• An individual who is proficient in compliance frameworks and regulatory standards, including SOC 2, ISO 27001, GDPR, HITRUST, HIPAA, and PCI-DSS, with demonstrated experience in audit readiness.
• Someone with strong analytical skills with a compliance-focused mindset and a commitment to best practices in cloud architecture and enterprise engineering security.
• Someone with proven experience in designing and implementing secure architectures across cloud and desktop environments, with a focus on scalable, sustainable security measures.
• Someone with proven experience documenting, organizing and creating a robust security and compliance program.
• Ability to work both independently & within a team environment while using strong communication skills (clear & concise written & verbal), with the ability to present complex security concepts to technical and non-technical stakeholders.
• An individual that understands the value of providing a high level of customer service.

Work Environment

Flores’ standard work hours are Monday through Friday, 8:30 a.m. to 5 p.m. ET with an hour lunch. Roles may be approved for other schedules by managers. This role operates in a professional #LI-remote office environment. To be considered for this role, you must reside in one of the following states  —AZ, CT, FL, GA, IL, KS, MA, MD, ME, MI, MO, NC, NJ, NV, NY, OH, PA, RI, SC, TN, TX, UT, VA, WI, WV. This role is mostly sedentary and consists of prolonged periods sitting at a desk and working on a computer. This role also utilizes other tools such as a phone, copy machine, and printer. Common programs often used are Outlook, Word, and Excel. This position frequently communicates with Flores team members and candidates and must be able to exchange accurate information clearly in these situations.

How We Support Our Team

At Flores, we invest in our people, our community and our technology and strive to provide work life balance, paired with professional growth for each of our employees. We provide an innovative benefit solution for our clients but that does not apply just to our clients. They extend to our team too!

• Competitive Benefits – Flores offers competitive medical, dental, and vision benefits for employees and their families. We also provide company funded HSA’s, Pre- and Post-tax 401k’s with a company match up to 5%, and other great benefits such as Life Insurance, Accident Insurance, Pet insurance, and more!
• Work Life Balance – We want all our team members to have time to focus on themselves and their families. We offer a Monday - Friday schedule, a generous vacation policy and a Life Balance Reimbursement Plan to support this.
• Community Involvement – We love to give back to our community, and we recognize that our team does too! We have a volunteer program in place to support our team members as they help the organizations’ they are passionate about.

Our Core Values & Diversity Focus

Our vision is to be the most admired benefits partner, and our core values and beliefs are:

• We believe in always doing the right thing.
• We believe that a remarkable service experience is possible.
• We believe in trusting one another as an operating philosophy.
• We believe that high performance teams deliver extraordinary results.
• We believe in building benefits technology that converts the complex to easy.
• We seek to empower, empathize, and respect our team members and our world.

Flores & Associates is proud to be an Equal Employment Opportunity employer. We do not discriminate based on race, color, creed, ancestry, national origin, citizenship, sex or gender (including pregnancy, childbirth, and pregnancy-related conditions), gender identity or expression (including transgender status), sexual orientation, marital status, religion, age, disability, genetic information, service in the military, or any other characteristic protected by applicable federal, state, or local laws and ordinances. We are committed to diversity and are committed to creating an inclusive environment for all employees. This is not intended to be an all-inclusive list of job related responsibilities and requirements.

Salary Description $168,560 - $210,700 depending on experience