Meet the Ultimate Strength Studio. Tonal's expert coaching and advanced digital weight allow you to #BeYourStrongest.
Director, IT & Security
Location
Texas
Posted
5 hours ago
Salary
$178K - $220K / year
Seniority
Lead
Job Description
Director, IT & Security
Tonal
• Own end-to-end IT operations, including device lifecycle, onboarding/offboarding, SaaS administration, identity and access management, help desk, and office infrastructure across all locations. • Lead the technical controls side of Tonal's HIPAA compliance program, implementing the safeguards required by the HIPAA Security Rule and HITECH Act. • Own and execute Tonal's security program: penetration testing remediation, security policy, tabletop exercises, vendor security reviews, and incident response. • Govern Tonal's AI tool ecosystem, including licensing, spend, API key governance, corporate AI policy, and DLP and prompt injection protections. • Administer Tonal's SaaS portfolio, owning contract renewals, license optimization, and vendor negotiations across critical platforms. • Drive automation and identity governance maturity, including Okta Identity Governance, expanding SCIM-based provisioning, building & enforcing RBAC frameworks, and driving workflow automation and system integration. • Lead and grow the IT & Security team, managing engineers and administrators, overseeing the virtual CISO engagement, owning the budget and aligning org structure to Tonal’s needs. • Own IT documentation and process improvement, maintaining runbooks and closing gaps in onboarding, offboarding, and incident response, and driving overall automation. • Manage global physical infrastructure — networking, Wi-Fi, AV, and physical access — across a distributed, multi-office footprint. • Serve as a trusted operator on Tonal's most sensitive matters, from executive access provisioning to security incidents and legal holds. • Report regularly to senior leadership and the C-suite, translating IT & Security roadmap priorities, progress, technical risk and incident management into clear, actionable narratives.
Job Requirements
- 10+ years in IT and security leadership, with full functional ownership and experience across identity and access management, endpoint security, SaaS administration, network infrastructure, and security program management.
- Hands-on HIPAA compliance implementation experience, beyond writing policies
- Track record of building a security program from the ground up: policy, penetration testing, and real incident response
- Broad expertise across identity and access management, endpoint security, SaaS administration, and network infrastructure
- Equally comfortable configuring technical systems and presenting security risk to executive leadership
- A start-up mindset: thrives in fast-moving, resource-constrained environments without cutting corners on security
- Proven ability to prioritize with a lean team and limited budget, with outcomes to show for it.
- Experience managing a large SaaS portfolio, including contract renewals, vendor negotiation, and license governance
- Strong people leadership skills, setting clear expectations and developing team members
- High standards of trust, integrity, and discretion, given access to the company's most sensitive systems.
Benefits
- Tonal is committed to meeting the diverse needs of people with disabilities in a timely manner that is consistent with the principles of independence, dignity, integration, and equality of opportunity.
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Senior IT Security Engineer
NPRNPR is committed to being an inclusive workplace that welcomes diverse and unique perspectives, all working toward the same goal – to create a more informed public.
Role Description As our Senior Security Engineer, you will bridge the gap between traditional infrastructure security and modern DevSecOps. We are looking for a proactive security engineer to define secure-by-design frameworks, implement high-impact DevSecOps pipelines across multi-cloud environments (AWS and GCP), and lead critical security reviews for emerging technologies, including artificial intelligence. Beyond technical mastery, you will act as a collaborative partner to our internal teams, fostering a culture of proactive security, cyber vigilance, and continuous improvement. If you thrive in rapidly evolving environments and have a passion for building secure, resilient ecosystems, this is your next challenge. Responsibilities - Secure-by-Design Architecture: Implement, own, and champion secure-by-design frameworks across cloud, infrastructure, and application ecosystems, ensuring all system architectures address robust cybersecurity requirements. - Design & Integration Reviews: Review and approve security architecture designs for new internal systems, cloud platforms, and third-party integrations. - DevSecOps & CI/CD Pipelines: Design, enable, and maintain automated security pipelines to proactively scan Git repositories, catching vulnerabilities early in the software development lifecycle. - Cloud Security Management: Manage security lifecycles within multi-cloud environments (primarily AWS and GCP) to ensure continuous compliance and threat mitigation. - Vulnerability Management: Own and run the end-to-end vulnerability management program, prioritizing remediation efforts across enterprise systems. - AI & Emerging Tech Security: Assess and secure emerging technologies, evaluating security-focused Large Language Models (LLMs) and AI workflows to keep NPR aligned with industry progressions. - Security Monitoring & SIEM: Leverage SIEM platforms (specifically Splunk) to develop advanced dashboards, write queries, and build automated reporting mechanisms for real-time threat intelligence. - Network & Endpoint Defense: Deploy, recommend, and test advanced security controls, including Endpoint Detection and Response (EDR), enterprise-level antivirus, and perimeter security for Cisco networking devices. - Cross-Functional Collaboration: Partner with internal NPR technology and business teams to address security gaps, resolve concerns, and provide subject matter expertise in ongoing cybersecurity meetings. Qualifications - 5+ years of experience in an information security, security engineering, or infrastructure security role. - 2+ years of hands-on experience in DevSecOps, secure software development, or automated CI/CD security pipeline integration. - Strong hands-on technical experience administering enterprise security tools, including SIEM (Splunk), EDR/anti-malware, and vulnerability management systems. - Proven experience securing multi-cloud environments (AWS and/or GCP) and a solid understanding of cloud security posture management. - Practical knowledge of core networking concepts and principles, including securing perimeter devices (such as Cisco hardware). - Demonstrated track record of cross-functional technical communication, documentation, and assisting development teams with security remediation. Preferred Qualifications - Industry certifications such as CISSP, GIAC, or specialized cloud/DevSecOps credentials (or equivalent practical experience). - Experience with Infrastructure as Code (IaC) and network automation tools. - Practical experience implementing secure workflows for generative AI tools or LLMs. Required Skills/Competencies - Threat & Vulnerability Analysis: Analytical capability to interpret automated scan results, prioritize vulnerabilities, and formulate remediation plans. - Cloud Security Architecture: Foundational competence in designing and securing cloud-native services and environments. - Automation & Scripting: Ability to write utility scripts (Python, Bash, etc.) to automate security checks or integrate tools. - SIEM Querying: Proficiency in building custom queries and alerts within SIEM platforms like Splunk. - Collaborative Problem Solving: Exceptional interpersonal and technical communication skills to bridge security policies with developer workflows. Education Requirements - Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or equivalent work experience. Work Location & Requirements - This is a remote-permitted role. This role is based out of our Washington, D.C. office, but the employee may choose to work on a remote basis from a location that NPR approves. - You will have the option of working (a) remotely from a location of your choosing within the United States that is supported by NPR; (b) on-site at an NPR facility, based on the availability of desks and approval from NPR; or (c) a combination of both. - Regardless of where you choose to work from, you may be expected to travel to other locations from time to time to perform the duties of your position. Job Type - This is a full-time, exempt position. Compensation - The U.S.-based anticipated salary range for this opportunity is $125,000 - $152,000 plus benefits. - The range displayed reflects the minimum and maximum salaries NPR expects to provide for new hires for the position across all US locations. Benefits - NPR provides comprehensive benefits for employees and dependents. - Regular, full-time employees scheduled to work 30 hours or more per week are eligible to enroll in NPR’s benefits options. - Benefits include access to health and wellness, paid time off, and financial well-being. - Plan options include medical, dental, vision, life/ accidental death and dismemberment, long-term disability, short-term disability, and voluntary retirement savings to all eligible NPR employees. Company Description NPR is committed to being an inclusive workplace that welcomes diverse and unique perspectives, all working toward the same goal – to create a more informed public. Qualified applicants receive consideration for employment without regard to race, color, ethnicity, national origin, ancestry, age, religion, religious belief, sex (including pregnancy, childbirth and related medical conditions, lactation, and reproductive health decisions), sexual orientation, gender, gender identity or expression, transgender status, gender non-conforming status, intersex status, sexual stereotypes, nationality, citizenship status, personal appearance, marital status, family status, family responsibilities, military status, veteran status, mental and physical disability, medical condition, genetic information, genetic characteristics of yourself or a family member, political views and affiliation, unemployment status, protective order status, status as a victim of domestic violence, sexual assault, or stalking, or any other basis prohibited under applicable law.
Security Advisor I – Falcon Complete GovCloud
CrowdStrikeCrowdStrike has redefined security with the world’s most advanced cloud-native platform that protects and enables the people, processes and technologies that drive modern enterprise. Tested and proven, the world's largest organizations trust CrowdStrike to stop breaches with unparalleled protection against the most sophisticated cyberattacks. The CrowdStrike culture has been built upon our Core Values since the day we began. We are Fanatical About the Customer, Relentlessly Focused on Innovation and believe that our Limitless Passion drives Unlimited Potential for every CrowdStriker. As a purpose-built remote-first company, we believe cultivating a connected culture for every employee, no matter where they are in the world, is a key ingredient in building a high-performing, diverse team. We don’t have a mission statement. We’re on a mission—to stop breaches. Ready to join a mission that matters?
• Assess customer’s Falcon environment and ensure alignment with Falcon Complete standards. • Provide Falcon Complete customers with recommendations that align to improved security. • Create and recommend remediation for components of CrowdStrike products that may lead to improved security posture. • Contact customers directly upon identification of misalignment with Falcon Complete standards. • Document, update, and resolve all customer related issues in accordance with established procedures and SLAs. • Develop and provide customers with service reports and stats as requested. • Partner with internal teams to ensure customer satisfaction. • Liaise with support team to help troubleshoot and coordinate efforts to resolve technical issues.
Manager, Enterprise Security Architecture
DatavantConnecting the world’s health data to improve patient outcomes.
• Lead and develop a team of hands-on security architects • Set clear performance expectations and conduct reviews • Hold the team to high quality bar on deliverables • Own the enterprise security roadmap • Monitor emerging technology landscape for security implications
Senior Security Engineer
LaterLevel up your social media marketing strategy ✨ Schedule, plan, engage & grow 🌴
Role Description We're looking for a Senior Security Engineer to strengthen Later's company-wide security posture through hands-on engineering, thoughtful collaboration, and pragmatic standards. This role blends deep security expertise with strong software engineering skills, focusing on: - Application security - Cloud and infrastructure security - Secure development practices - Vulnerability management - Compliance enablement - Security improvements across corporate systems and business operations A core focus of this role is helping Later mature its security capabilities in support of SOC 2 and other compliance expectations through practical controls, automation, evidence-ready processes, and clear guidance that works across the company. What you'll be doing: - Company-Wide Security Strategy & Compliance - Assess and continuously improve Later's overall security posture across applications, infrastructure, cloud environments, corporate systems, vendor tooling, and business workflows. - Define and implement scalable security standards, best practices, and guardrails that support SOC 2 readiness through practical, automated, and auditable solutions. - Partner with Engineering, Infrastructure, IT, Product, Legal, People, Finance, and business leaders to align security priorities with company goals, risk reduction, and delivery timelines. - Translate SOC 2 and related compliance requirements into sustainable technical and operational controls, procedures, and evidence collection practices. - Identify security gaps across the company, prioritize remediation efforts, and help teams make pragmatic, risk-based decisions. - Support company-wide security awareness, secure operating practices, and adoption of security controls across business teams. - Technical Execution - Build and maintain internal security tools, automation, and services that support secure development, compliance workflows, vulnerability management, corporate security operations, and operational visibility. - Design and implement security controls within CI/CD pipelines, including secure build and deploy patterns, security scanning, dependency management, container scanning, and secret management. - Support application security efforts, including secure design reviews, threat modeling, code review guidance, API security, microservices security patterns, and remediation planning. - Improve cloud infrastructure and corporate systems security through hardening, monitoring, configuration review, Infrastructure-as-Code security scanning, access reviews, and secure operational patterns. - Collaborate with technical and business teams to identify vulnerabilities and control gaps, explain impact clearly, and drive effective remediation. - Strengthen security observability and response readiness through logging, alerting, detection engineering, incident response improvements, and company-wide security process maturity. - Collaboration & Enablement - Partner with teams across the company to identify, understand, and fix security issues in a collaborative, non-blocking way. - Provide pragmatic security guidance on designs, implementations, vendor tools, operational practices, and business workflows. - Communicate security risks, tradeoffs, and recommendations clearly across technical and non-technical audiences. - Embed security into development workflows, corporate systems, and company operating practices without slowing teams unnecessarily. - Support SOC 2 and related compliance efforts through automation, well-defined controls, reliable evidence practices, and cross-functional coordination. What success looks like: - Within the first 90 days, you've completed a security posture assessment, identified the highest-priority gaps, and have a remediation roadmap that's been reviewed and socialized with key stakeholders across Engineering, IT, and Leadership. - By 6 months, core SOC 2 controls are documented, automated where possible, and evidence collection is running reliably without manual heroics from any single team. - Security is embedded into Later's CI/CD pipelines, with scanning, secret management, and container security integrated and maintained as a standard part of the development lifecycle. - Teams across Engineering, IT, and the business have a clear point of contact for security questions, a shared understanding of the risk landscape, and security guidance that helps them move faster, not slower. - Later's security observability has materially improved: logging, alerting, and detection coverage are in place, and the company has a documented, practiced incident response process. Qualifications - 5-7+ years of experience as a Security Engineer or Software Engineer with a strong security focus. - Proven ability to build and operate production-quality software, automation, and internal tooling. - Strong understanding of application security, infrastructure security, cloud security, secure CI/CD practices, and corporate security controls. - Hands-on experience with vulnerability management, secure software development, threat modeling, remediation workflows, and operational security improvements. - Experience with security frameworks and standards such as OWASP, NIST, CIS Controls, SOC 2, and ISO 27001, and the ability to apply them in production and business environments. - Experience supporting SOC 2 compliance efforts through practical, automated, and auditable controls. - Familiarity with cloud security platforms such as AWS Security Hub, Azure Security Center, or GCP Security Command Center. - Experience with SIEM/SOAR tools, logging and monitoring platforms, detection workflows, and practical incident response processes. - Experience with Infrastructure-as-Code security scanning for tools such as Terraform or CloudFormation. - Ability to translate complex security concepts into clear, actionable guidance for technical and non-technical audiences. - Experience collaborating closely with engineering, IT, compliance, and business teams to improve security outcomes. - Familiarity with C#, modern backend systems, cloud-native architecture, and SaaS business tooling. How you work: - Driven by Impact: You deliver results that matter, prioritizing high-value work, meeting deadlines, and adapting quickly while keeping outcomes clear. - Strategic & Customer-Centric: You anticipate risks and opportunities, connect decisions to long-term growth, and build trust through proactive insights. - Curious & Growth-Oriented: You seek knowledge, ask sharp questions, and apply learnings fast, challenging the status quo with a mindset of improvement. - Collaborative & Resilient: You thrive in change by staying resourceful, solution-focused, and positive, removing roadblocks, sharing insights, and keeping morale high. - Accountable & Honest: You own your work, hold yourself and others to a high bar, and use transparent feedback to drive growth. - Emotionally Intelligent: You build trust through empathy and collaboration, foster inclusion, and inspire others with grit, optimism, and integrity. Our approach to compensation: We take a market-based & data-driven approach to compensation. We leverage data from trusted third-party compensation sources to help us understand the market value of a role based on function, level, geographic location, and scope. We evaluate compensation bi-annually, including performance and market-related factors. Our salaries are benchmarked against market Total Cash Compensation for the geographic location of our job posting. Compensation for some roles is structured as On Target Earnings (OTE = base + commission/variable) while for others it is structured as Salary only. To comply with local legislation and ensure transparency, we share salary ranges on all job postings. Skills, experience and other factors help determine the final salary we offer which may vary from the original range posted. Additionally, all permanent team members are eligible to participate in various benefits plans as part of their overall compensation package. Salary Range: $145,000 - $175,000 Where we work: We have offices in Boston, MA; Vancouver, BC; and Vancouver, WA. For select positions, we are open to hiring fully remote candidates. We post our positions in the location(s) where we are open to having the successful candidate be located. Diversity, inclusion, and accessibility: At Later, we are committed to fostering a culture rooted in an inclusion-first mindset at every level of the company, embracing the importance of hiring and building teams for culture add rather than culture fit. We openly build and maintain unbiased hiring, pay, and promotion practices to create a foundation for an equitable workplace, paving the way for systemic change. We are committed to creating a diverse environment and are proud to be an equal opportunity employer. All applications will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, national origin, disability, or age. Please let us know if you require any accommodations or support during the recruitment process.



