Director, Information Security & IT

Location: Denver, Colorado. This is a hybrid role in which employees are expected to work 3 days in-office and 2 days at home.

Do you love building the security and IT foundations that mission-critical software runs on, and do you want to know that your work helps keep communities safer? Kaseware builds case management and investigations software trusted by law enforcement, government, and corporate security teams. The trust those customers place in us – and our continued ability to operate in the most demanding compliance environments – depends on a strong information security and IT foundation. That is where you come in.

We are looking for a Director of Information Security & IT to lead Kaseware’s combined security, compliance, and enterprise IT functions. Reporting to the VP of Product & Technology, you will be the designated Information Security Officer (ISO) for the company and accountable for the controls, audits, and continuous monitoring that keep us authorized to serve our customers. You will lead a small but dynamic team and own the day-to-day health of our enterprise IT environment endpoints, identity, Microsoft 365, and the corporate network, alongside the security and compliance program.

Job Type: Full-time, Exempt

Responsibilities and Duties:

Information Security Officer (ISO) Role:

• Serve as the named Information Security Officer (ISO), with delegated authority for control implementation, evidence collection, and ongoing attestation
• Partner with the executive team on overall security strategy, risk posture, and executive reporting to the leadership team

Compliance & Audit Program:

• Own the compliance program for Kaseware’s active certifications and pursuits, including but not limited to:

1. FedRAMP
2. SOC 2 Type II
3. ISO/IEC 27001
4. State and federal CJIS
5. StateRAMP and TxRAMP

• Manage 3PAO and external auditor engagements end to end; planning, evidence collection, walkthroughs, findings, and remediation tracking
• Maintain the System Security Plan (SSP), Plan of Action & Milestones (POA&M), and continuous monitoring artifacts
• Author and maintain company security policies, standards, and procedures; perform technical writing as needed
• Review customer contracts, RFP responses, and partner agreements for compliance and security obligations

Enterprise IT:

• Support the execution of enterprise IT operations across endpoint management (Mac and Windows, MDM, patching, lifecycle), identity and access management (Entra ID, SSO, SCIM, joiner/mover/leaver), Microsoft 365, and the corporate network
• Support the execution of employee onboarding and offboarding, IT support, and SaaS administration for the corporate environment
• Drive secure-by-default IT engineering – configuration baselines, vulnerability management, asset and license management, and access governance – in alignment with FedRAMP, CJIS, and ISO 27001 control requirements

Risk & Incident Response:

• Own the security incident response program – playbooks, tabletop exercises, communications, and post-incident review – for both security events and compliance violations
• Coordinate cross-functional response during security incidents, breaches, and compliance escalations; document outcomes and report to leadership and regulatory bodies as required
• Use lessons learned from incidents to evolve policies, controls, and tooling; integrate findings into continuous monitoring and the POA&M
• Partner with Engineering on application security findings (penetration tests, SAST/DAST, container scans) where corporate or compliance reporting is required; AppSec ownership remains with Engineering

Team Leadership:

• Lead, mentor, and develop a four-person team
• Recruit and onboard new team members as the program grows; conduct performance reviews and career development planning
• Lead company-wide security awareness, new-hire training, and role-specific training programs
• Present compliance posture, audit results, and risk findings to executive leadership and, where appropriate, customers and regulators
• Support the Sales team on customer-facing security and compliance requirements in RFPs, security questionnaires, and customer audits

Required Education:

• Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, Engineering, or a related field, or equivalent professional experience.

Required Skills & Experience:

• 10+ years of progressive experience in information security, IT, or compliance roles, with at least 4+ years in a leadership role managing people
• Demonstrated experience as a named ISO, security lead, or equivalent on a FedRAMP package
• CISSP required (CISM or CISA accepted as equivalent); CCEP, CRISC, or comparable compliance/risk certifications are a plus
• Hands-on experience implementing and operating control frameworks: NIST SP 800-53 R5, FedRAMP, DoD IL5, SOC 2, ISO 27001:2022, ISO 27701, and CJIS
• Working knowledge of StateRAMP, TxRAMP, CMMC, GDPR, and U.S. state privacy laws (CCPA/CPRA), with the ability to build a program that addresses applicable obligations across multiple frameworks
• Enterprise IT leadership experience – endpoint management (Windows and Mac, MDM tooling such as Intune or Jamf), identity (Microsoft Entra ID, SSO/SCIM/MFA), Microsoft 365 administration, and corporate networking
• Vulnerability management experience – running scan programs, triaging findings, maintaining a POA&M, and partnering with engineering teams on remediation
• Strong vendor and customer-facing skills , supporting RFPs, security questionnaires, customer audits, and external auditor engagements
• Excellent written and verbal communication; strong technical writing skills with a track record of authoring policies, procedures, and audit documentation
• Working knowledge of software development practices and the security implications of cloud-native architectures (Azure preferred)
• Self-starter who can operate without close supervision; strong attention to detail and judgment under pressure
• Other duties as needed.

Other Requirements:

• Language: English
• Citizenship: U.S. citizenship is required for this role due to FedRAMP and DoD environment access
• Clearance: Eligibility to obtain a DoD Secret clearance is required; an active Secret clearance is preferred

Benefits:

• Salary Range: $185,000 – $225,000 annually DOE
• Excellent health, dental, and vision insurance with generous company contribution
• Flex Spending Accounts
• Unlimited paid vacation
• 12 paid company holidays
• Paid Sick Time
• Paid Parental Leave
• 401k with company matching
• EcoPass provided for Colorado-based employees

About Kaseware:

Kaseware is a rapidly growing start-up located in the Denver metro area. We build state-of-the-art software for law enforcement and corporate security customers. We serve those that serve our communities and make our world safer.

Due to the nature of our business, you must be able to pass a full CJIS compliant fingerprint based background check, which is required for individuals needing access to criminal justice information (CJI).

We expect this role to be open until June 30th or until filled.