Job description

Sr. Director, Information Security

Aspira | IT Operations

About Aspira

For more than 40 years, Aspira has been the market-leading provider of software and services that help public agencies protect natural and cultural resources while making them accessible for all.

Our platform supports everything from campground reservations to hunting licenses, helping millions of people discover, enjoy, and care for the outdoors.

We share our client partners’ mission: to steward resources for future generations, create opportunities for genuine enjoyment of the outdoors today, and expand access so more people can experience its benefits.

Aspira is transforming its technology and service model to give agencies more capacity and insight—streamlined tools, smarter automation, and better connections with their communities.

Our goal is simple: make it easier for our clients to conserve what matters most and for their customers to enjoy it to the fullest.

The Ideal Candidate

The Director of Information Security is responsible for building and leading Aspira’s global information security program across cloud, on-premises, and hybrid environments.

Reporting to the VP of Technology Operations, this leader will manage the Security Analyst, Senior Security Cloud Network Engineer, and Senior Security System & Network Engineer roles.

This role offers significant influence in shaping Aspira’s security strategy and close partnership with the VP of Technology Operations and executive team.  It requires a hands-on executive technical leader who can both set strategic direction and dive deep into incident response, cloud security, and network defense.

The Director will mature Aspira’s monitoring, threat response, and compliance posture while partnering closely with Technology, Product, and Engineering teams.

Key Responsibilities

Security Strategy & Leadership

• Develop and execute Aspira’s enterprise information security strategy, aligned with business goals and regulatory requirements.

• Develop and execute Aspira’s information security roadmap, aligned with Tech Ops goals and enterprise strategy.


• Lead the design and enforcement of security standards across AWS, Azure integrations, and on-premises systems within the US and abroad


• Provide security risk reporting and metrics to VP Tech Ops and executive leadership


• Manage and mentor the security team (Analyst, Sr. Cloud Security Engineer, Sr. Network Security Engineer).


• Represent security within Aspira’s Technology Operations leadership team.

• Establish KPIs and metrics for security maturity, resilience, and incident response performance.

Cloud & Network Security Oversight

• Oversee cloud security architecture for AWS-native services (VPCs, Transit Gateway, Direct Connect, GuardDuty, WAF, Network Firewall).


• Direct firewall and VPN management across Palo Alto (Panorama), Cisco Meraki, and hybrid environments.


• Ensure secure hybrid connectivity across AWS, Azure, and global office sites.


• Champion zero-trust principles across endpoints, applications, and networks.

Security Operations & Incident Response

• Lead the monitoring and incident response program, integrating AWS CloudWatch, CloudTrail, Security Hub with Rapid7, LogRhythm, and log monitoring pipelines.


• Define incident response playbooks and coordinate Tier 2/3 escalations.


• Oversee forensic investigations, root cause analysis, and lessons learned after security events.


• Partner with IT Ops and DevOps to ensure timely remediation of vulnerabilities.

Governance, Risk & Compliance

• Ensure compliance with NIST, PCI DSS, CIS Benchmarks, SOC2, and insurer-driven security baselines (e.g., MFA enforcement).


• Drive risk assessments, security audits, and penetration testing.


• Own responses to customer/vendor security reviews, insurer security questionnaires, and regulatory audits.


• Maintain documentation for policies, controls, and audit reporting.


• Define and measure security KPIs, including Mean Time to Respond (MTTR) for incidents, percentage of assets onboarded into SIEM monitoring, and SLA compliance for vulnerability patching.

Automation & Continuous Improvement

• Lead automation of security operations using Terraform, Ansible, and CloudFormation.


• Implement CI/CD security integrations to support DevSecOps practices.


• Track KPIs for detection coverage, incident response times, and vulnerability remediation.

• Partner with DevOps and engineering to embed DevSecOps practices in the software lifecycle.


• Optimize SIEM and log ingestion pipelines to achieve full visibility across servers, endpoints, and laptops.

Qualifications

• 8+ years in IT and security, including senior leadership in cloud and network security.


• Proven expertise in AWS security services, SIEM platforms (Rapid7/LogRhythm), Palo Alto/Meraki firewalls, and hybrid connectivity.

• Proven experience securing AWS-first environments (VPCs, Security Hub, GuardDuty, WAF, Network Firewall) and hybrid global networks.

• Strong background in incident response, log analysis, and forensic investigation.


• Deep understanding of security frameworks and compliance standards (NIST, PCI DSS, SOC2, CIS).


• Hands-on automation/scripting experience with Terraform, Ansible, Python, or PowerShell.


• Certifications are strongly preferred: CISSP, CISM, AWS Security Specialty, PCNSE, CCNP Security.

Required Skill Profession

Computer Occupations