Director of Information Security and Operations
Director of Information Security and Operations
jrni (jur·nee) is a leading provider of enterprise-grade customer engagement solutions. Our In-person Interaction Platform integrates appointment scheduling, queue management, and experiential events to drive revenue while enabling staff to delight customers at every step of their journey.
About the role
The Director of Information Security and Operations is a dual-mandate leadership role reporting directly to the CTO, with accountability for both jrni's Information Security program and its Technical Operations (TechOps) function. You'll set and execute the strategy for security, compliance, cloud infrastructure, and operational excellence — keeping our SaaS platform secure, resilient, scalable, and trusted by enterprise customers.
This role suits a data-informed, process-oriented leader with experience in security frameworks (ISO 27001, SOC 2), cloud infrastructure operations (AWS, GCP), and team leadership. You'll manage and develop the InfoSec and TechOps teams, partner closely with Engineering and Legal, and serve as jrni's senior security voice with customers, auditors, and the executive team.
What you'll do
Information security strategy & compliance
- Set the direction for jrni's Information Security program against ISO 27001 and SOC 2.
- Own and improve operational controls satisfying ISO 27001, SOC 2, GDPR, and other frameworks.
- Own JRNI's AI security policy and governance standards (aligned with NIST AI RMF and ISO 42001).
- Lead AI Operations — using AI to improve efficiency while governing AI systems for privacy and security risk.
- Partner with Legal and external auditors on audits, evidence collection, and certification renewals.
- Build and support a culture of security awareness, data protection, and compliance, including training.
Infrastructure management & production reliability
- Manage and optimize production cloud infrastructure for scalability, reliability, and compliance.
- Partner with Engineering / SRE on CI/CD, release management, and production stability.
- Oversee monitoring, alerting, and observability to resolve issues proactively.
- Implement and test disaster recovery and business continuity plans.
- Lead vulnerability management, patching, and hardening across the estate.
Incident response & crisis management
- Own security and operational incident response plans; run tabletop exercises.
- Serve as incident commander for Sev-1/Sev-2 events, coordinating with customers, Legal, and execs.
- Lead blameless post-incident reviews and track remediation to closure.
- Coordinate breach notification with Legal and the DPO where applicable.
Risk, vendor & identity management
- Maintain a risk register and lead periodic enterprise risk assessments.
- Own third-party / vendor risk management — vendor reviews, DPAs, sub-processor oversight.
- Oversee IAM across corporate (SSO, MFA, SCIM) and production (least-privilege, JIT access, break-glass), with access reviews and joiner/mover/leaver processes.
- Manage JRNI's cyber insurance relationship and renewals.
Operational strategy & execution
- Improve processes for productivity, scalability, and audit readiness.
- Use automation to streamline workflows and strengthen compliance reporting.
- Develop and manage the operational budget across people, technology, and vendors.
- Work with Customer Success to ensure service delivery and operational excellence.
Team leadership & development
- Build, mentor, and retain effective, engaged InfoSec and TechOps teams.
- Define clear career paths, performance objectives, and development plans.
- Foster a blameless, learning-oriented culture.
- Manage on-call rotations and ensure sustainable, healthy workloads.
Cross-functional leadership & customer trust
- Collaborate across Sales, Customer Success, Product, and Engineering.
- Own responses to customer security questionnaires (SIG, CAIQ), RFPs, and audit requests; maintain a customer-facing trust center.
- Act as security executive sponsor in enterprise sales cycles.
- Partner with Legal and Product on data residency, classification, retention/deletion, and DSAR fulfillment.
- Establish KPIs (uptime, MTTD/MTTR, audit closure, remediation SLAs, CSAT) and report to execs and the Board.
What you'll bring
Core experience
- Significant experience in Information Security and/or IT Operations, including leading multiple teams.
- Leading SOC 2 Type II and ISO 27001 audits end-to-end.
- Operating production SaaS infrastructure at scale on AWS and GCP; strong cloud/network/app security and DevSecOps.
- Hands-on with SIEM, EDR, vulnerability scanners, and CSPM platforms.
- Leading incident response in production SaaS.
- Strong, clear executive communication — comfortable with the Board, customers, and auditors.
- Bachelor's in CS, Engineering, or related field — or equivalent professional experience.
Nice to have
- CISSP, CISM, CISA, AWS Security Specialty, or ISO 27001 Lead Auditor/Implementer.
- Scaling InfoSec at a high-growth B2B SaaS company.
- HIPAA, PCI-DSS, or FedRAMP experience.
- AI/ML governance (NIST AI RMF, ISO 42001) and securing AI-enabled products.
- Defining and operating customer-facing trust programs.
JRNI is an equal opportunity employer. We welcome applicants of every background, identity, and experience, and evaluate candidates on merit and potential.