Job Title

CarltonOne is a global B2B technology leader, and part of the Goldman Sachs portfolio, helping organizations around the world reward and inspire exceptional people. Our solutions empower employees to be more productive, sales teams to perform at their best, and customers to stay engaged and loyal. Our platform powers the global engagement industry, enabling companies to deliver impactful employee recognition, customer loyalty, rewards, sales, and channel incentive programs. We partner with over 450 clients, 500 vendors, and serve 14 million members across 185 countries. Beyond engagement, every CarltonOne solution drives our ecoaction mission: funding tree planting to help restore the planet. To date, weve funded over 20 million trees and are on track to plant millions more each year. Learn more at carltonone.com. About the Opportunity CarltonOne is seeking a Director, Information Security & Cyber Risk to lead and operationalize our global security program. This role is responsible for executing CarltonOnes security strategy across information security, application security, cloud security, and cyber risk, ensuring strong protection of customer data, systems, and intellectual property. The Director will partner closely with Engineering, Product, IT, and Legal teams to embed security into technology and business processes. This is a handson leadership role focused on program maturity, operational excellence, regulatory compliance, and risk reduction within a growing global SaaS environment. Key Responsibilities Security Leadership & Program Execution Lead the execution and continuous improvement of CarltonOnes information security and cyber risk programs. Act as the primary security advisor to senior technology leadership. Implement and maintain security governance frameworks aligned with global regulations and industry best practices. Promote a strong security culture through awareness programs, training, and practical guidance across teams. Application & Information Security Lead secure software development lifecycle (SSDLC) practices, ensuring security is embedded throughout design, development, testing, and deployment. Partner with Engineering and Product teams on threat modeling, vulnerability management, secure code practices, and tooling. Own data protection programs including data classification, access controls, encryption standards, and incident response processes. Coordinate application security testing, penetration testing, and vulnerability remediation efforts. Implement cloud security controls and standards supporting CarltonOnes cloud infrastructure and services. Ensure secure architecture, identity and access management, and configuration best practices across cloud environments. Work closely with engineering teams to embed security into cloud design and deployment workflows. Manage enterprise cyber risk programs, including risk identification, assessment, prioritization, and mitigation. Maintain risk registers, metrics, and dashboards to support leadership decision-making. Ensure compliance with security and privacy frameworks including SOC 2, ISO 27001, PCIDSS, GDPR, and other applicable global regulations. Support and coordinate security audits, certifications, and customer assurance activities. Maintain and continuously improve incident response, security monitoring, and business continuity processes. Oversee security operations, including vulnerability management, threat detection, and incident response. Review and continuously improve incident management procedures and own the endtoend incident response and Security Operations (SecOps) lifecycle. Act as incident lead during security events, coordinating investigation, response, communication, and post incident reviews. Lead and develop a high performing security team across information security, application security, and risk functions. Set clear priorities, performance metrics, and development plans. Drive operational maturity through KPIs, process improvement, and regular reporting. Qualifications 812+ years of progressive experience in information security, with at least 35 years in a senior leadership or director''s level role. Strong expertise across information security, application security, cloud security, and governance, risk, and compliance (GRC). Proven experience implementing and maturing security programs within SaaS or highgrowth technology environments. Solid knowledge of regulatory and compliance frameworks including SOC 2, ISO 27001, PCIDSS, GDPR, CCPA, and similar standards. Experience supporting audits, certifications, and regulatory inquiries. Excellent communication skills with the ability to translate technical risk into business impact. Professional certifications such as CISSP, CISM, CISA, CCSP, or equivalent are strongly preferred. Here are some additional perks that we provide: Competitive salary and benefits package. Health, dental, and vision coverage. Access to our employee benefits portal for exclusive discounts. Monthly companywide events, celebrations, and team activities. Bravo reward points program for recognition and appreciation Convenient office location close to public transit. #J-18808-Ljbffr