Job Overview
Location
Remote
Job Type
Full-time
Category
Cybersecurity
Date Posted
May 16, 2026
Full Job Description
đź“‹ Description
- • Lead and own the enterprise-wide information security, compliance, and business continuity program across Crete Professionals Alliance corporate and all 50+ member firms in a federated model.
- • Define and execute a multi-year security strategy and roadmap aligned to business risk, acquisition cadence, and the rapid scaling of partner accounting firms.
- • Establish and maintain a standardized security policy framework, minimum control baseline, and pragmatic exception handling processes tailored to varying maturity levels across independent control environments.
- • Build and sustain security operating rhythms, including executive reporting on KPIs, risk posture, incident trends, audit status, and program progress for corporate leadership and member firm stakeholders.
- • Partner with IT, data, and engineering teams to embed security into architecture decisions, change management, and operational workflows across the portfolio.
- • Lead security due diligence for mergers and acquisitions: conduct current-state control assessments, identify key risks, estimate remediation efforts, and create repeatable 30/60/90-day stabilization playbooks for post-close integration.
- • Drive the security integration of newly acquired firms by standardizing onboarding processes for identity, endpoint, email, logging/monitoring, and data protection across disparate environments.
- • Provide security architecture oversight for cloud and hybrid environments with primary focus on Microsoft Azure, Intune, and Defender; define secure patterns for privileged access, conditional access, PAM, RBAC, and separation of duties.
- • Oversee day-to-day security operations including vulnerability management, patch prioritization, endpoint and email security, tooling lifecycle management, and event triage across corporate and member firm ecosystems.
- • Manage third-party MDR/SOC providers by defining scope, SLAs, escalation paths, detection coverage, playbooks, and reporting metrics; drive continuous improvement in monitoring and response outcomes.
- • Own the end-to-end incident response program: maintain runbooks, conduct tabletop exercises, ensure ransomware preparedness, coordinate forensics, and lead post-incident reviews with documented corrective actions.
- • Implement consistent risk management practices across all firms through periodic assessments, control testing, remediation tracking, and third-party/vendor security risk evaluations for corporate and shared vendors.
- • Support member firms in fulfilling client-driven security and compliance mandates including NIST CSF, CIS, and SOC 2 Type II requirements by ensuring repeatable, accurate evidence collection.
- • Design and deliver tailored security awareness and training programs aligned with professional services workflows, with measurable adoption rates and behavioral impact.
- • Lead, coach, and develop a cybersecurity team; serve as the primary escalation point for complex security decisions, incidents, and risk tradeoffs.
- • Develop comprehensive documentation, playbooks, and implementation guides to enable consistent security outcomes across member firms and influence adoption by local leaders and teams.
🎯 Requirements
- • 10+ years of progressive experience in information security or cybersecurity
- • 3+ years leading and developing security teams
- • Demonstrated M&A, private equity, or roll-up experience
- • Strong understanding of cloud security principles with hands-on Azure and Microsoft security experience
- • Experience managing compliance standards including NIST CSF, CIS, and SOC 2 Type II
- • Professional services and/or accounting/CPA firm experience strongly preferred
🏖️ Benefits
- • Opportunity to shape security strategy for the fastest-growing accounting firm in the nation
- • Work with leading technology investors Thrive Capital and Bessemer Venture Partners
- • Influence the deployment of artificial intelligence and automation across 50+ regional offices
- • Lead security initiatives for a $500 million growth investment plan over two years
Skills & Technologies
See exactly how your profile matches this role — strengths, skill gaps, and what to do about them.
About Crete Professionals Alliance
Crete Professionals Alliance is a member-run organization that unites construction industry professionals, contractors, suppliers, and service providers across the concrete sector. It facilitates networking, training, and business development through events, certifications, and resource sharing. The alliance advocates for industry standards, safety, and sustainable practices while offering marketing support and project referrals to its members. Its mission is to strengthen professional relationships, advance technical knowledge, and promote best practices within the concrete and construction communities in the United States.
Subscribe to the weekly newsletter for similar remote roles and curated hiring updates.
Newsletter
Weekly remote jobs and featured talent.
No spam. Only curated remote roles and product updates. You can unsubscribe anytime.
Similar Opportunities
Arctic Wolf Networks, Inc.
2 months ago
Akaysha Energy Pty Ltd
4 months ago
Arctic Wolf Networks, Inc.
3 months ago
Arctic Wolf Networks, Inc.
1 month ago