VP, Security & Compliance
About the role
Dynata is hiring a VP of Security & Compliance to own and evolve our enterprise security posture at a pivotal moment: we are scaling AI-driven infrastructure, migrating legacy platforms to cloud-native architectures, and hardening compliance controls across a global, highly regulated data environment.
Responsibilities
Own Dynata's enterprise security strategy — define the roadmap, prioritize investment, and align security controls with business objectives across cloud, corporate applications, and data platforms.
Establish and maintain a Zero Trust security architecture spanning AWS, Azure, and GCP environments.
Oversee threat intelligence, vulnerability management (CVE reduction), and incident response programs.
Drive Cloud Security Hardening initiatives and set security standards within the Cloud Center of Excellence (CCoE).
Build and own Dynata's AI Security governance framework — establish policies, controls, and risk guardrails for the company's growing AI/ML portfolio including MS Fabric, Snowflake, Copilot, and LLM-based tools.
Lead AI risk assessment and model governance aligned with NIST AI RMF, EU AI Act, and emerging regulatory requirements.
Define controls for LLM-specific threats: prompt injection, data exfiltration via AI, model inversion, and adversarial inputs.
Partner with the EDMS and Engineering teams to embed AI security-by-design in DataHub, lakehouse architectures, and AI product development.
Own and manage all major compliance certifications and audits: SOC 2 Type II, ISO 27001, GDPR, CCPA/CPRA, and HIPAA where applicable.
Monitor the regulatory landscape — proactively identify and respond to emerging privacy and AI regulation in the US and EU.
Manage third-party and vendor risk management programs across Dynata's technology supply chain.
Partner with Legal and Finance to respond to client security questionnaires, audits, and contractual security requirements.
Own and manage Dynata's Security Operations Center (SOC) — including 24/7 monitoring coverage, alert triage, escalation protocols, and continuous improvement of detection and response capabilities.
Lead all internal and external security audits — coordinate audit preparation, evidence collection, control testing, and finding remediation across all compliance frameworks (SOC 2, ISO 27001, GDPR, CCPA).
Manage relationships with external auditors, assessors, and penetration testing partners; ensure audit readiness is a continuous state, not a seasonal event.
Drive SIEM/SOAR optimization — tune alerting, reduce false positives, and improve analyst efficiency across Splunk, Microsoft Sentinel, CrowdStrike, or equivalent platforms.
Establish SOC KPIs and SLAs: MTTD, MTTR, alert-to-ticket ratio, and analyst utilization — reported to leadership monthly.
Serve as a standing member of Dynata's Data Governance Committee — providing the security and privacy lens on data classification, access policies, retention standards, and data lineage across the enterprise.
Serve as a standing member of Dynata's AI Governance Committee — defining AI risk thresholds, responsible AI standards, and security controls for all AI/ML models and agents moving into production.
Participate in strategic task forces as designated by senior leadership — contributing security expertise to emerging initiatives, M&A due diligence, vendor evaluations, and regulatory response efforts.
Represent security interests in the Cloud Center of Excellence (CCoE) — ensuring that cloud architecture decisions are made with security guardrails built in from day one.
Partner with Product and Engineering teams to embed security into the software development lifecycle (SDLC) — from threat modeling and secure design reviews through code scanning, staging validation, and production release gates.
Collaborate with Technology leadership (Cloud Ops, EDMS, Corporate Applications) to ensure security controls are woven into platform architecture, data pipelines, and enterprise application rollouts — not bolted on after the fact.
Serve as the trusted security advisor for all major technology programs — including D365 CE/F&O, MS Fabric/Lakehouse, Dynata+ Phase 3, and inBrain Azure migration — providing risk assessments and go/no-go input at key milestones.
Engage with front-end and application teams to assess and remediate security risks in web applications, APIs, and customer-facing platforms — including penetration testing oversight and vulnerability triage coordination.
Recruit, develop, and retain a high-performing Security & Compliance team of 6–15 FTEs.
Foster a security-first culture across Technology Operations and the broader organization through training, awareness programs, and executive engagement.
Present to executive leadership and the board — deliver quarterly security posture reviews, risk dashboards, and compliance status updates with clarity, confidence, and business context.
Serve as the executive sponsor for security in cross-functional programs including BOS → D365 migration, inBrain Azure migration, and Dynata+ Phase 3.
Qualifications & Experience
Bachelor's degree in computer science, Information Technology/Systems, Cybersecurity or related field
Graduate Degree desirable, but not required
15 years of progressive experience in Information Security, Cybersecurity, or a related discipline
5+ years in a people-management role leading security and/or compliance teams of 6 or more
Proven track record building or maturing security programs at a Fortune 500, PE-backed, or highly regulated company (banking, financial services, healthcare, or large-scale data/tech platforms strongly preferred)
Hands-on AI/ML security experience: securing LLM deployments, generative AI products, or data science environments — ideally including model risk management frameworks from financial services
Deep cloud security expertise across AWS, Azure, and/or GCP — including cloud-native security tooling, IAM, and multi-cloud governance
Strong compliance program ownership: SOC 2, ISO 27001, GDPR, CCPA — you've run the audits, not just supported them
SIEM / SOAR platforms: hands-on experience with CrowdStrike Falcon (EDR, OverWatch, Identity Protection), Splunk, Microsoft Sentinel, or equivalent — including rule tuning, playbook development, and SOC workflow automation
DLP (Data Loss Prevention): deep familiarity with enterprise DLP tooling (e.g., Microsoft Purview, Symantec DLP, Forcepoint) — policy design, incident investigation, and integration with broader data classification frameworks
Vulnerability management: end-to-end CVE lifecycle — scanning, prioritization, patch coordination, and executive-level reporting
AI/ML security: NIST AI RMF, adversarial ML, LLM security controls, model inversion, and data poisoning defense
Data architecture fluency: working understanding of modern data platforms (cloud data lakes, lakehouses, Snowflake, MS Fabric, relational and NoSQL databases) — sufficient to assess data flow risks, classify sensitive assets, and engage credibly with data engineering teams
Front-end platforms & enterprise applications: familiarity with security considerations for SaaS/enterprise app stacks — including CRM/ERP (e.g., D365, HubSpot, Workday), web applications, and API security — enabling effective partnership with Corporate Applications teams
Cloud security tooling: AWS Security Hub, Microsoft Defender for Cloud, GCP Security Command Center, CSPM/CWPP platforms
Claude Cowork (Anthropic): direct, hands-on experience using Claude Cowork for enterprise task automation, document intelligence, and AI-assisted workflows — enabling the candidate to credibly govern, audit, and set guardrails for AI productivity tools deployed across the organization
Certifications: CISSP (Certified Information Systems Security Professional) — strongly preferred; candidates without CISSP must hold CISM, CISA, or equivalent and commit to CISSP within 18 months of hire
CCSP (Certified Cloud Security Professional) — a strong plus given Dynata's multi-cloud environment
AI security or governance certification (e.g., NIST AI RMF Practitioner, Google Cloud Security) — valued given the AI governance committee responsibilities
CRISC, CGEIT, or similar risk management credentials — welcomed
Executive presence & communication: comfortable presenting to C-suite, board members, and external stakeholders — translating complex security risk into clear business language, defensible recommendations, and compelling narratives
Cross-functional partnership: proven ability to partner effectively with Product, Engineering, and Technology teams — embedding security into the SDLC, product roadmaps, and platform architecture without becoming a bottleneck
Strategic thinker who can balance long-term security architecture with near-term operational realities and shifting business priorities
Collaborative influencer — this role succeeds through influence, trust, and shared ownership across teams, not authority alone
Mission-driven: a genuine passion for protecting data, earning customer trust, and building a security culture that people believe in — not just comply with