Director of Security/GRC

Company Background

Censys’ mission is to be the one place to understand everything on the internet. Frustrated by the lack of trustworthy Internet intelligence, we set out to create the industry’s most comprehensive, accurate, and up-to-date map of the Internet. Today, Censys delivers real-time Internet intelligence and actionable threat insights to global governments, over 50% of the Fortune 500, and leading threat intelligence providers worldwide.

Location: 

This position is remote within the United States. 

Role Summary

As the Director of Security & GRC, you will lead Censys’ corporate security function and its governance, risk, and compliance programs. You will be responsible for ensuring our systems are highly available, highly secure, and easy to use, while maintaining rigorous adherence to key compliance frameworks including ISO 27001, SOC 2 Type 2, UK NCSC Cyber Essentials+, and CMMC. You will also own our data loss prevention, insider threat, and security telemetry programs, ensuring Censys has the visibility and controls needed to detect and respond to threats effectively. This role requires a seasoned security leader who can operate at the intersection of hands-on technical security and strategic compliance management—building scalable systems and processes that act as force multipliers across the organization.

What you'll do:

• Own, build, and scale the team and systems for Censys’ corporate security infrastructure
• Own company security needs from endpoint provisioning to deploying tools that improve our overall security posture while keeping things simple for all employees
• Manage the Security team; delegate day-to-day workloads and ensure coverage of critical functions during PTO to maintain a high SLA
• Own the complete endpoint lifecycle including provisioning, application deployment, security controls, and asset retirement
• Work closely with internal teams to enforce compliance across endpoints and help users understand how security policies impact their daily work
• Manage and secure cloud environments and coordinate security configuration of software and tools
• Develop and deliver Security Awareness Training to internal users
• Collect and create documentation for security processes and build out a knowledge base for the team
• Design, implement, and manage the company’s Data Loss Prevention (DLP) program, including policies, tooling, and enforcement across endpoints, cloud, and email
• Own and operate the insider threat program, including behavioral monitoring, investigation workflows, and coordination with Legal, HR, and senior leadership as required
• Partner with engineering and infrastructure teams to ensure security telemetry and logging coverage meets both operational and compliance requirements
• Lead the development and implementation of Censys’ compliance strategy to achieve and maintain compliance with ISO 27001, SOC 2 Type 2, UK NCSC Cyber Essentials+, and CMMC, in partnership with the Security and Operations teams
• Develop, review, and update organizational policies and procedures to align with compliance and governance requirements
• Oversee timely responses to security questionnaires and other sales requests relating to organizational and product security and privacy
• Validate and respond to inbound legal process as required by federal law
• Assist in the procurement process to review proposed purchases for security and privacy concerns
• Manage control and process libraries
• Conduct ongoing risk assessments
• Other duties as assigned

Qualifications:

• 10+ years of progressive experience in cybersecurity, with at least 3 years in a senior leadership or Director-level role
• Demonstrated experience owning and operating enterprise security programs including DLP, insider threat, and detection and response
• Deep familiarity with compliance frameworks including ISO 27001, SOC 2 Type 2, CMMC, NIST, and GDPR
• Experience building and managing security telemetry, SIEM, and detection engineering programs
• Strong understanding of cloud security (AWS, GCP, or Azure), endpoint security, and identity and access management
• Proven ability to lead, mentor, and grow a high-performing security team
• Excellent written and verbal communication skills, with the ability to convey complex security concepts to executive leadership, legal, and non-technical stakeholders
• Experience managing security incident response, including coordination across Legal, HR, and executive leadership
• Background in security program development within a high-growth or scale-up environment

For high cost of living areas (Seattle, San Francisco Bay Area, and NYC Metro), the expected salary range for this position is $206,000 - $237,000, plus bonus eligibility and equity. 

For all other US locations, the expected salary range for this position is $180,000 - $220,000, plus bonus eligibility and equity. 

In addition to our great compensation package, our benefits are effective on day one and include but are not limited to: 401k match, health, vision, dental, and more! Please see our careers page for more details.

Our roots are in Ann Arbor, Michigan and our innovation is fueled by the team’s global perspectives. For this role, we are open to remote employees across the continental US.

We value diversity and are committed to creating an inclusive environment for all employees. Censys is an equal opportunity employer.

California Privacy Rights Notice

Pursuant to the California Consumer Privacy Act (CCPA), we are providing you with notice that we collect personal information from job applicants for business purposes, including evaluating your candidacy for employment, conducting interviews, and, if applicable, completing the hiring process. The categories of information we may collect include identifiers (such as name and contact information), professional or employment-related information (such as work history, education, and references), and other information you provide in your application. We do not sell or share your personal information. For more information on how we use and protect your personal information, and your rights under the CCPA, please refer to our Privacy Policy.