This is a remote position but we are hiring only in Bogota, Colombia.
AgileEngine is an Inc.
5000 company that creates award-winning software for Fortune 500 brands and trailblazing startups across 17+ industries.
We rank among the leaders in areas like application development and AI/ML, and our people-first culture has earned us multiple Best Place to Work awards.
WHY JOIN US
If you're looking for a place to grow, make an impact, and work with people who care, we'd love to meet you!
ABOUT THE ROLE
As Director of Information Security, you’ll shape and lead the organization’s global security strategy, ensuring data protection, regulatory compliance, and resilience across all systems.
This role offers the opportunity to build and scale a world-class ISMS, influence cross-functional security initiatives, and foster a culture of proactive risk management.
You’ll make a lasting impact by aligning cutting-edge InfoSec practices with business growth and innovation.
WHAT YOU WILL DO
- Own and continuously improve the company’s Information Security Management System (ISMS) and associated frameworks, policies, and procedures.
- Oversee implementation of technical, administrative, and physical security controls across all environments.
- Lead risk management, incident response, and vulnerability management programs, ensuring timely detection, containment, and remediation of threats.
- Guide compliance initiatives, including maintenance of ISO/IEC 27001 certification.
- Partner with Engineering and IT to embed security-by-design practices in product development and infrastructure.
- Present security posture, risks, and key metrics to executive leadership and stakeholders.
- Promote a company-wide security awareness and training program to strengthen security culture.
MUST HAVES
- 8+ years of progressive experience in information security, including 3+ years in a senior leadership or management role;
- Proven experience building and scaling a security program in a cloud-first or SaaS environment;
- Strong knowledge of ISO/IEC 27001 and risk management methodologies;
- Excellent leadership, communication, and stakeholder management skills, with the ability to translate complex technical issues into business language;
- Hands-on understanding of cloud security and modern DevSecOps practices;
- Bachelor’s or Master’s degree in Information Security, Computer Science, or a related field; relevant certifications (CISSP, CISM, CISA, ISO 27001 Lead Implementer/Auditor) are a plus;
- Upper-intermediate or higher English proficiency.
NICE TO HAVES
- Experience implementing Privacy Information Management Systems (ISO/IEC 27701) or SOC 2 Type II.
- Background in application security, threat modeling, or red/blue team operations.
- Familiarity with security automation, SIEM/SOAR, and modern monitoring technologies.
PERKS AND BENEFITS
- Professional growth: Accelerate your professional journey with mentorship, TechTalks, and personalized growth roadmaps.
- Competitive compensation: We match your ever-growing skills, talent, and contributions with competitive USD-based compensation and budgets for education, fitness, and team activities.
- A selection of exciting projects: Join projects with modern solutions development and top-tier clients that include Fortune 500 enterprises and leading product brands.
- Flextime: Tailor your schedule for an optimal work-life balance, by having the options of working from home and going to the office – whatever makes you the happiest and most productive.