Director of IT & Security
Location
Worldwide
Posted
10 hours ago
Salary
$35K / year
Seniority
Lead
Job Description
Director of IT & Security
AJAIA
Role Description Ajaia is hiring a Director of IT & Security to own the full scope of internal IT operations, information security, and compliance across a multi-cloud, multi-country organization. This is a hands-on leadership role. You will build and maintain the systems, policies, and infrastructure that keep the company running securely while driving automation wherever possible. - Own internal IT (devices, access, onboarding) - Manage security posture (policies, monitoring, incident response) - Oversee compliance (HIPAA, SOC 2, vendor risk) - Utilize AI tools to automate routine operations, improve monitoring, and accelerate output - Start as an individual contributor with potential to build a small team as the company scales - Use AI in daily workflows across research, ideation, drafting, design iteration, quality checks, and delivery acceleration Qualifications - Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or equivalent experience - 8+ years of experience in one or more of the following areas: - IT operations and infrastructure management - Information security and security operations - Cloud administration and security (GCP, Azure, or multi-cloud environments) - Compliance and audit management (HIPAA, SOC 2, or similar frameworks) - Hands-on experience managing multi-cloud environments (GCP and Azure required) - Working knowledge of HIPAA and SOC 2 compliance, including direct experience preparing for or managing external audits - Experience building and enforcing security policies, access controls, and incident response procedures - Strong understanding of identity management (SSO, MFA, RBAC), endpoint management, and network security fundamentals - Proficiency with AI tools and a working practice of using automation to reduce operational burden - Excellent documentation and communication skills with the ability to translate security concepts for non-technical stakeholders - Comfortable working autonomously in a fast-paced, fully remote, distributed environment Requirements - Relevant certifications: CISSP, CISM, CCSP, CompTIA Security+, or equivalent - Experience with DevSecOps practices, CI/CD pipeline security, or infrastructure-as-code (Terraform, Pulumi, or similar) - Background in vendor risk management and third-party security assessments - Experience supporting healthcare or financial services clients with regulated data requirements - Familiarity with GDPR, DPDPA, or other regional data protection frameworks - Experience with GRC platforms such as Vanta, Drata, or similar tools - Experience with SIEM platforms, vulnerability management tools, or penetration testing coordination Benefits - Base salary: Approximately $35,000 USD per year (calibrated for target regions) - Performance bonus: Opportunity to earn up to 100% of base salary in performance-based bonuses - Salary and total compensation depend on experience, location, and demonstrated performance during the hiring process
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
• Be part of our Global Engineering Network! • Design and implement a high-availability IBM QRadar SIEM architecture to ensure resilience, scalability, and business continuity. • Perform platform sizing and capacity planning based on log volume, EPS/FPS requirements, retention policies, and future growth. • Lead the deployment, configuration, and optimization of the IBM QRadar platform. • Plan and execute the migration from the existing SIEM solution to IBM QRadar with minimal service disruption. • Integrate, collect, parse, and normalize logs from diverse security devices, network infrastructure, servers, applications, cloud services, and endpoint solutions. • Develop, tune, and maintain correlation rules, use cases, offenses, and detection content aligned with the MITRE ATT&CK framework. • Optimize SIEM performance by reducing false positives and improving detection accuracy. • Configure and manage access security, including Multi-Factor Authentication (MFA), LDAP / Active Directory integration, Role-Based Access Control (RBAC). • Ensure compliance with security standards and organizational policies. • Produce technical documentation, architecture diagrams, deployment guides, and operational procedures. • Collaborate with SOC analysts, infrastructure teams, and cybersecurity stakeholders to continuously improve monitoring and incident detection capabilities. • Provide technical support, troubleshooting, and knowledge transfer to operational teams.
Role Description We are seeking a highly qualified CMMC Compliance Specialist to serve as a trusted compliance advisor for Department of Defense contractors. In this role, you will function as a virtual Compliance Officer for assigned clients, helping them build, maintain, and continuously improve their cybersecurity compliance programs. You will guide organizations through every phase of the compliance lifecycle—from initial gap assessments and remediation planning to audit readiness and ongoing compliance management—while providing strategic guidance on CMMC, NIST SP 800-171, DFARS, and related federal cybersecurity requirements. Primary Responsibilities - Compliance Consulting - Serve as the designated compliance advisor for assigned client organizations. - Interpret and apply: - NIST SP 800-171 - DFARS 252.204-7012 - CMMC 2.0 Level 1 & Level 2 requirements - SPRS scoring and submissions - Guide clients through gap assessments, remediation planning, implementation, and certification readiness. - Assist clients with developing and maintaining: - System Security Plans (SSPs) - Plans of Action & Milestones (POA&Ms) - Security policies and procedures - Compliance documentation and evidence - Client Success & Advisory - Conduct recurring compliance strategy meetings with clients. - Review implementation progress and validate remediation efforts. - Serve as the primary compliance contact throughout the client engagement. - Translate complex regulatory requirements into practical business and technical recommendations. - Collaborate with client leadership, IT teams, and security personnel to implement compliant solutions. - Support clients before, during, and after assessments. - Documentation & Reporting - Prepare professional assessment reports and executive summaries. - Maintain accurate compliance documentation and audit evidence. - Track compliance milestones and client deliverables. - Ensure documentation aligns with federal requirements and industry best practices. - Training & Education - Deliver cybersecurity awareness and compliance training for client personnel. - Educate organizations on evolving CMMC and NIST requirements. - Help clients understand how cybersecurity controls support their business operations. - Ongoing Compliance Management - Conduct monthly compliance reviews. - Monitor regulatory updates affecting Department of Defense contractors. - Assist clients with annual self-assessments and SPRS submissions. - Support audit readiness initiatives. - Coordinate with C3PAOs, government auditors, and other stakeholders as necessary. Qualifications - Current CMMC Certified Practitioner (CP) certification or higher - Ability to obtain CMMC CCP or CCA within 90 days if not already certified - 3+ years of experience in cybersecurity, information assurance, risk management, or compliance - Experience working with: - NIST SP 800-171 - DFARS 252.204-7012 - CMMC - Experience supporting Department of Defense contractors or federal compliance programs - Strong written and verbal communication skills - Ability to manage multiple client engagements simultaneously - Excellent organizational and project management skills Preferred Qualifications - CMMC CCP (OK If In Progress) - CMMC CCA (OK If In Progress) - Security+ - Experience working within a Managed Service Provider (MSP) - Experience serving as a vCISO or virtual Compliance Officer - Experience with vulnerability assessments, risk assessments, and security audits - Understanding of federal contracting regulations and Controlled Unclassified Information (CUI) - Familiarity with common compliance tracking platforms, ticketing systems, and remote collaboration tools Technical Knowledge - Strong knowledge of: - NIST SP 800-171 - CMMC 2.0 - DFARS cybersecurity requirements - Risk Management Frameworks - Security policies and governance - Security documentation - Risk assessments - Cybersecurity best practices - Microsoft Government Cloud (GCC/GCC High) environments (preferred) What We're Looking For - Enjoys solving complex compliance challenges. - Can confidently explain technical concepts to executive leadership. - Builds trusted relationships with clients. - Is highly organized and detail-oriented. - Thrives in a fast-paced consulting environment. - Is passionate about helping organizations improve their cybersecurity posture. Benefits - Competitive salary - Comprehensive medical, dental, and vision insurance - Company-paid Life Insurance - Company-paid Short-Term & Long-Term Disability - SIMPLE IRA retirement plan with company match - 128 hours of Paid Time Off - Paid industry certifications and continuing education - Professional development assistance - Referral bonus program - Legal services benefit - Performance bonus opportunities - Free office snacks - Outstanding team culture - Opportunity for long-term career advancement within one of the nation's premier defense cybersecurity organizations Travel Up to 25% travel may be required. Equal Opportunity Employer On Call Computer Solutions is proud to be an Equal Opportunity Employer. We celebrate diversity and are committed to creating an inclusive workplace where every employee has the opportunity to succeed.
• Monitor security events and provide technical analysis on alerts • Lead information security incidents and employee insider investigations by developing the incident response strategy, lead the execution through incident closure, while providing incident updates to key stakeholders throughout the incident • Deliver security guidance clearly and concisely for incident response and insider threat initiatives • Coordinate the building of services, capabilities, integrations, and implementations of technologies to support security operations, incident response, and insider threat • Champion, role model, and embed Samsara’s cultural principles as we scale globally and across new offices • Participate in our on-call rota covering weekends
Senior Security Engineer
Brave SoftwareWe're building a more private Internet by stopping trackers, making Web3 more accessible and reimagining advertising.
• Security reviews of Brave products • Triaging and fixing security reports • Designing and implementing security-relevant code • Penetration tests of Brave products and infrastructure


