Why GLS?
Purpose: Access to affordable, reliable transportation is essential to leading productive work and personal lives, caring well for oneself, one’s family, and the needs of others. Through advanced analytics and technology, we can more accurately predict credit risk and provide more people with an affordable auto financing option for their next vehicle. That’s what GLS has done for over 10 years, helping more than half a million families meet and improve their transportation needs.
People: Join a culture of over 1,000 employees who Care Deeply and Think Boldly, driving innovation in an adaptive and positive culture that celebrates successes. We empower and reward individuals and teams who make direct, positive impacts to the business and each other, who take pride in their work and are ever-raising the bar.
Growth: Recognized by Inc 5000 as one of the fastest-growing private companies in America. Join GLS to grow with us!
Benefits: GLS offers the below great benefits for your amazing work!
o Competitive base pay and performance bonuses, dependent on role
o Medical, dental, vision, telemedicine, supplemental insurance benefits, long-term and short-term disability
o 401K with employer match and 100% immediate vesting
o Paid Time Off (PTO) and paid company holidays to help you balance work and personal life
o Paid Volunteer Time Off (VTO) Annually
o Tuition Reimbursement
o Parental Leave
o Business casual work environment
What does it mean to be a Senior Director, IT Security at GLS?
The Senior Director, IT Security is responsible for the development, implementation, and oversight of the company's information security program, including cybersecurity operations, technology risk management, regulatory compliance, security controls, and related governance activities. This position partners with business and technology leaders to identify, assess, and mitigate information security risks while supporting organizational objectives, regulatory requirements, and operational effectiveness. The role provides oversight for security initiatives, audit activities, incident response, vendor risk management, and security awareness efforts to help ensure the confidentiality, integrity, and availability of company information assets.
How will you drive value within the organization as a Senior Director, IT Security?
Develop and maintain the enterprise cybersecurity strategy, operating model, control framework, and multi-year security roadmap aligned to business objectives
Establish and maintain enterprise security governance processes, standards, policies, risk assessments, control evaluations, and remediation programs
Provide cybersecurity governance reporting, risk metrics, annual program updates, and material cyber-risk reporting to senior leadership, regulators, auditors, and other external stakeholders
Lead enterprise cybersecurity incident response, crisis management, investigations, post-incident remediation, and coordination of third-party security events
Oversee vulnerability management, threat detection, threat intelligence, security monitoring, and security operations capabilities
Direct implementation and management of security technologies including SIEM, EDR, DLP, IAM, PAM, cloud security, and related cybersecurity platforms
Serve as the primary security liaison for regulatory examinations, external audits, compliance assessments, and cybersecurity reviews, including evidence collection, artifact management, response coordination, and remediation tracking
Maintain compliance with applicable regulatory and industry frameworks including GLBA, NYDFS, FTC Safeguards Rule, PCI DSS, NIST CSF, CIS Controls, and other applicable requirements
Oversee third-party cybersecurity risk management, vendor security assessments, critical service-provider monitoring, and regulatory vendor-risk reporting; prepare audit reports and methodologies as needed
Establish governance, security, approval, monitoring, and risk management requirements for artificial intelligence, automation platforms, integrations, and emerging technologies
Partner with infrastructure, cloud, data, and application development teams to integrate security-by-design principles into architecture, DevSecOps, Infrastructure as Code, and technology modernization initiatives
Oversee cybersecurity awareness, policy communication, role-based security training, business continuity, disaster recovery, cyber resilience planning, testing, and reporting
Lead special projects and perform additional responsibilities as required by the needs of the company or as directed by management
What should you already know to be successful as a Senior Director, IT Security?
Minimum of Bachelor’s degree in Information Security, Cybersecurity, Information Technology, or related field required; Master’s degree preferred.
Minimum eight (8) years of progressive experience in cybersecurity, technology risk, audit, compliance, or information security leadership roles
Minimum six (6) years of leadership experience managing security teams, security programs, or enterprise risk functions
Strong working knowledge of cybersecurity frameworks including NIST CSF, CIS Controls, ISO 27001, and related industry standards
Experience supporting regulatory examinations, external audits, compliance reviews, and risk assessments
Experience managing third-party risk management, vendor assessments, and supply chain security programs
Knowledge of cloud security architectures, identity and access management, security operations, incident response, and vulnerability management practices
Experience supporting secure software development, DevSecOps practices, Infrastructure as Code, and modern application security principles
Strong verbal and written communication skills
Excellent analytical and problem-solving skills
Demonstrated ability to motivate and lead a team - provide quality training, guidance, performance coaching and feedback to assigned staff
Team player that can adapt in a fast pace and changing environment
Ability to handle sensitive and confidential materials in a professional manner
Excellent organizational skills with high attention to detail and demonstrated ability to effectively set and manage multiple conflicting priorities
Ability to think strategically and deliver tactically
Commitment to exemplifying the organizational core values and key competencies
Work Conditions: The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- This job operates in a professional office environment, primarily indoors
- The noise level in the work environment is usually moderately quiet
- The position requires travel, up to 10%
Schedule:
This position is full-time
- This is an exempt level position whereby business need will dictate the exact work schedule which should be expected to vary at times. Generally, days and hours of work are Monday through Friday between the hours of 8:00am-6:00pm
- Regular, predictable attendance is required, including overtime hours as business demands dictate
- Evening and weekend work may be required as job duties demand
GLS participates in the
E-Verify program to confirm the employment eligibility of all newly hired employees
Please visit
www.glsauto.com for information about our great company and other amazing opportunities
Applicants have rights under Federal Employment Laws