Senior Director, IT Security

Purpose: Access to affordable, reliable transportation is essential to leading productive work and personal lives, caring well for oneself, one’s family, and the needs of others. Through advanced analytics and technology, we can more accurately predict credit risk and provide more people with an affordable auto financing option for their next vehicle. That’s what GLS has done for over 10 years, helping more than half a million families meet and improve their transportation needs.

People: Join a culture of over 1,000 employees who Care Deeply and Think Boldly, driving innovation in an adaptive and positive culture that celebrates successes. We empower and reward individuals and teams who make direct, positive impacts to the business and each other, who take pride in their work and are ever-raising the bar.

Growth: Recognized by Inc 5000 as one of the fastest-growing private companies in America. Join GLS to grow with us!

Benefits: GLS offers the below great benefits for your amazing work!

o Competitive base pay and performance bonuses, dependent on role

o Medical, dental, vision, telemedicine, supplemental insurance benefits, long-term and short-term disability

o 401K with employer match and 100% immediate vesting

o Paid Time Off (PTO) and paid company holidays to help you balance work and personal life

o Paid Volunteer Time Off (VTO) Annually

o Tuition Reimbursement

o Parental Leave

o Business casual work environment

What does it mean to be a Senior Director, IT Security at GLS?

The Senior Director, IT Security is responsible for the strategic leadership, governance, risk management, compliance, and operational execution of the enterprise information security program. This position provides oversight of cybersecurity operations, security architecture, technology risk management, regulatory compliance, third-party risk management, incident response, business continuity, disaster recovery, and emerging technology governance, including artificial intelligence initiatives. The role serves as a trusted advisor to executive leadership, regulators, auditors, and business stakeholders to ensure the confidentiality, integrity, and availability of company information assets while enabling business growth, innovation, and regulatory compliance.

• Develop and maintain the enterprise cybersecurity strategy, operating model, control framework, and multi-year security roadmap aligned to business objectives.
• Establish and maintain enterprise security governance processes, standards, policies, risk assessments, control evaluations, and remediation programs.
• Provide cybersecurity governance reporting, risk metrics, annual program updates, and material cyber-risk reporting to executive leadership, board committees, regulators, auditors, and external stakeholders.
• Lead enterprise cybersecurity incident response, crisis management, investigations, post-incident remediation, and coordination of third-party security events.
• Oversee vulnerability management, threat detection, threat intelligence, security monitoring, and security operations capabilities.
• Direct implementation and management of security technologies including SIEM, EDR, DLP, IAM, PAM, cloud security, and related cybersecurity platforms.
• Serve as the primary security liaison for regulatory examinations, external audits, compliance assessments, and cybersecurity reviews, including evidence collection, artifact management, response coordination, and remediation tracking.
• Maintain compliance with applicable regulatory and industry frameworks including GLBA, NYDFS, FTC Safeguards Rule, PCI DSS, NIST CSF, CIS Controls, and other applicable requirements.
• Oversee third-party cybersecurity risk management, vendor security assessments, critical service-provider monitoring, and regulatory vendor-risk reporting.Establish governance, security, approval, monitoring, and risk management requirements for artificial intelligence, automation platforms, integrations, and emerging technologies.
• Partner with infrastructure, cloud, data, and application development teams to integrate security-by-design principles into architecture, DevSecOps, Infrastructure as Code, and technology modernization initiatives.
• Oversee cybersecurity awareness, policy communication, role-based security training, business continuity, disaster recovery, cyber resilience planning, testing, and reporting.
• Develop departmental objectives, performance metrics, staffing strategies, succession plans, and talent development programs for security personnel.
• Lead special projects and perform additional responsibilities as required to support the organization’s strategic objectives.

• Bachelor’s degree in Information Security, Cybersecurity, Information Technology, Computer Science, Risk Management, Business Administration, or related field required; Master’s degree preferred.
• Minimum ten (8) years of progressive experience in cybersecurity, technology risk, audit, compliance, or information security leadership roles.
• Minimum five (5) years of leadership experience managing security teams, security programs, or enterprise risk functions.
• Demonstrated experience leading enterprise cybersecurity programs within a regulated industry environment.
• Strong working knowledge of cybersecurity frameworks including NIST CSF, CIS Controls, ISO 27001, and related industry standards.
• Experience supporting regulatory examinations, external audits, compliance reviews, and risk assessments.
• Experience managing third-party risk management, vendor assessments, and supply chain security programs.
• Knowledge of cloud security architectures, identity and access management, security operations, incident response, and vulnerability management practices.
• Experience supporting secure software development, DevSecOps practices, Infrastructure as Code, and modern application security principles.
• Understanding of artificial intelligence governance, technology risk management, and emerging technology security considerations.
• Professional certifications such as CISSP, CISM, CRISC, CISA, or equivalent certifications preferred.
• Exceptional analytical, problem-solving, communication, and executive presentation skills.
• Demonstrated ability to influence business leaders, build cross-functional partnerships, and drive organizational change.
• Proven ability to think strategically, execute tactically, manage competing priorities, and lead high-performing teams in a fast-paced environment.

Work Conditions: The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• This job operates in a professional office environment, primarily indoors

• The noise level in the work environment is usually moderately quiet

• The position requires travel, up to 10%

Schedule:

This position is full-time

• This is an exempt level position whereby business need will dictate the exact work schedule which should be expected to vary at times. Generally, days and hours of work are Monday through Friday between the hours of 8:00am-6:00pm
• Regular, predictable attendance is required, including overtime hours as business demands dictate
• Evening and weekend work may be required as job duties demand

GLS participates in the E-Verify program to confirm the employment eligibility of all newly hired employees

Please visit www.glsauto.com for information about our great company and other amazing opportunities

Applicants have rights under Federal Employment Laws

Family and Medical Leave Act (FMLA)

Equal Employment Opportunity (EEO)

Employee Polygraph Protection Act (EPPA)