Jobs · Information Technology

VP, Security & Compliance

Dynata · Texas, United States · Yesterday
RemoteRemoteInformation Technology$200k–$220k/yrFull-time

About the role

Dynata is hiring a VP of Security & Compliance to own and evolve our enterprise security posture at a pivotal moment: we are scaling AI-driven infrastructure, migrating legacy platforms to cloud-native architectures, and hardening compliance controls across a global, highly regulated data environment.

Responsibilities

  • Own Dynata's enterprise security strategy — define the roadmap, prioritize investment, and align security controls with business objectives across cloud, corporate applications, and data platforms.

  • Establish and maintain a Zero Trust security architecture spanning AWS, Azure, and GCP environments.

  • Oversee threat intelligence, vulnerability management (CVE reduction), and incident response programs.

  • Drive Cloud Security Hardening initiatives and set security standards within the Cloud Center of Excellence (CCoE).

  • Build and own Dynata's AI Security governance framework — establish policies, controls, and risk guardrails for the company's growing AI/ML portfolio including MS Fabric, Snowflake, Copilot, and LLM-based tools.

  • Lead AI risk assessment and model governance aligned with NIST AI RMF, EU AI Act, and emerging regulatory requirements.

  • Define controls for LLM-specific threats: prompt injection, data exfiltration via AI, model inversion, and adversarial inputs.

  • Partner with the EDMS and Engineering teams to embed AI security-by-design in DataHub, lakehouse architectures, and AI product development.

  • Own and manage all major compliance certifications and audits: SOC 2 Type II, ISO 27001, GDPR, CCPA/CPRA, and HIPAA where applicable.

  • Monitor the regulatory landscape — proactively identify and respond to emerging privacy and AI regulation in the US and EU.

  • Manage third-party and vendor risk management programs across Dynata's technology supply chain.

  • Partner with Legal and Finance to respond to client security questionnaires, audits, and contractual security requirements.

  • Own and manage Dynata's Security Operations Center (SOC) — including 24/7 monitoring coverage, alert triage, escalation protocols, and continuous improvement of detection and response capabilities.

  • Lead all internal and external security audits — coordinate audit preparation, evidence collection, control testing, and finding remediation across all compliance frameworks (SOC 2, ISO 27001, GDPR, CCPA).

  • Manage relationships with external auditors, assessors, and penetration testing partners; ensure audit readiness is a continuous state, not a seasonal event.

  • Drive SIEM/SOAR optimization — tune alerting, reduce false positives, and improve analyst efficiency across Splunk, Microsoft Sentinel, CrowdStrike, or equivalent platforms.

  • Establish SOC KPIs and SLAs: MTTD, MTTR, alert-to-ticket ratio, and analyst utilization — reported to leadership monthly.

  • Serve as a standing member of Dynata's Data Governance Committee — providing the security and privacy lens on data classification, access policies, retention standards, and data lineage across the enterprise.

  • Serve as a standing member of Dynata's AI Governance Committee — defining AI risk thresholds, responsible AI standards, and security controls for all AI/ML models and agents moving into production.

  • Participate in strategic task forces as designated by senior leadership — contributing security expertise to emerging initiatives, M&A due diligence, vendor evaluations, and regulatory response efforts.

  • Represent security interests in the Cloud Center of Excellence (CCoE) — ensuring that cloud architecture decisions are made with security guardrails built in from day one.

  • Partner with Product and Engineering teams to embed security into the software development lifecycle (SDLC) — from threat modeling and secure design reviews through code scanning, staging validation, and production release gates.

  • Collaborate with Technology leadership (Cloud Ops, EDMS, Corporate Applications) to ensure security controls are woven into platform architecture, data pipelines, and enterprise application rollouts — not bolted on after the fact.

  • Serve as the trusted security advisor for all major technology programs — including D365 CE/F&O, MS Fabric/Lakehouse, Dynata+ Phase 3, and inBrain Azure migration — providing risk assessments and go/no-go input at key milestones.

  • Engage with front-end and application teams to assess and remediate security risks in web applications, APIs, and customer-facing platforms — including penetration testing oversight and vulnerability triage coordination.

  • Recruit, develop, and retain a high-performing Security & Compliance team of 6–15 FTEs.

  • Foster a security-first culture across Technology Operations and the broader organization through training, awareness programs, and executive engagement.

  • Present to executive leadership and the board — deliver quarterly security posture reviews, risk dashboards, and compliance status updates with clarity, confidence, and business context.

  • Serve as the executive sponsor for security in cross-functional programs including BOS → D365 migration, inBrain Azure migration, and Dynata+ Phase 3.

Qualifications & Experience

  • Bachelor's degree in computer science, Information Technology/Systems, Cybersecurity or related field

  • Graduate Degree desirable, but not required

  • 15 years of progressive experience in Information Security, Cybersecurity, or a related discipline

  • 5+ years in a people-management role leading security and/or compliance teams of 6 or more

  • Proven track record building or maturing security programs at a Fortune 500, PE-backed, or highly regulated company (banking, financial services, healthcare, or large-scale data/tech platforms strongly preferred)

  • Hands-on AI/ML security experience: securing LLM deployments, generative AI products, or data science environments — ideally including model risk management frameworks from financial services

  • Deep cloud security expertise across AWS, Azure, and/or GCP — including cloud-native security tooling, IAM, and multi-cloud governance

  • Strong compliance program ownership: SOC 2, ISO 27001, GDPR, CCPA — you've run the audits, not just supported them

  • SIEM / SOAR platforms: hands-on experience with CrowdStrike Falcon (EDR, OverWatch, Identity Protection), Splunk, Microsoft Sentinel, or equivalent — including rule tuning, playbook development, and SOC workflow automation

  • DLP (Data Loss Prevention): deep familiarity with enterprise DLP tooling (e.g., Microsoft Purview, Symantec DLP, Forcepoint) — policy design, incident investigation, and integration with broader data classification frameworks

  • Vulnerability management: end-to-end CVE lifecycle — scanning, prioritization, patch coordination, and executive-level reporting

  • AI/ML security: NIST AI RMF, adversarial ML, LLM security controls, model inversion, and data poisoning defense

  • Data architecture fluency: working understanding of modern data platforms (cloud data lakes, lakehouses, Snowflake, MS Fabric, relational and NoSQL databases) — sufficient to assess data flow risks, classify sensitive assets, and engage credibly with data engineering teams

  • Front-end platforms & enterprise applications: familiarity with security considerations for SaaS/enterprise app stacks — including CRM/ERP (e.g., D365, HubSpot, Workday), web applications, and API security — enabling effective partnership with Corporate Applications teams

  • Cloud security tooling: AWS Security Hub, Microsoft Defender for Cloud, GCP Security Command Center, CSPM/CWPP platforms

  • Claude Cowork (Anthropic): direct, hands-on experience using Claude Cowork for enterprise task automation, document intelligence, and AI-assisted workflows — enabling the candidate to credibly govern, audit, and set guardrails for AI productivity tools deployed across the organization

  • Certifications: CISSP (Certified Information Systems Security Professional) — strongly preferred; candidates without CISSP must hold CISM, CISA, or equivalent and commit to CISSP within 18 months of hire

  • CCSP (Certified Cloud Security Professional) — a strong plus given Dynata's multi-cloud environment

  • AI security or governance certification (e.g., NIST AI RMF Practitioner, Google Cloud Security) — valued given the AI governance committee responsibilities

  • CRISC, CGEIT, or similar risk management credentials — welcomed

  • Executive presence & communication: comfortable presenting to C-suite, board members, and external stakeholders — translating complex security risk into clear business language, defensible recommendations, and compelling narratives

  • Cross-functional partnership: proven ability to partner effectively with Product, Engineering, and Technology teams — embedding security into the SDLC, product roadmaps, and platform architecture without becoming a bottleneck

  • Strategic thinker who can balance long-term security architecture with near-term operational realities and shifting business priorities

  • Collaborative influencer — this role succeeds through influence, trust, and shared ownership across teams, not authority alone

  • Mission-driven: a genuine passion for protecting data, earning customer trust, and building a security culture that people believe in — not just comply with

Similar jobs

VP, Compliance

Abby CareSan Francisco, CA· 2 wk ago
RemoteLegalapply on jobs.ashbyhq.com

VP, Compliance

LaddersOrange, CA· 6 days ago
Legal$228k–$342k/yrapply on theladders.com

VP, Compliance

AcrisureNew York, United States· 3 wk ago
Legalapply on careers.acrisure.international

VP, Compliance

Alignment HealthOrange, CA· 1 wk ago
Legal$228k–$342k/yrapply on alignmenthealthcare.wd12.myworkdayjobs.com

VP, Compliance Officer

Citizens Bank - IndianaMooresville, IN· 3 mo ago
Legalapply on citizens.applicantlist.com