Director of Engineering and Security

The Director of Engineering & Security is a transformational leader responsible for modernizing and scaling our engineering and security practices. This senior role sets the long-term vision while driving the cultural and technical changes needed to achieve it. The Director leads the shift from project-based delivery to a product-centric, agile organization, embedding secure-by-design principles across the software lifecycle, and professionalizing processes to achieve compliance readiness. This is a high-impact role with the mandate to shape the future of ISF’s engineering and security in support of ARRO’s mission. 

Transformation & Organizational Leadership 

• Lead the organization’s engineering and security transformation roadmap, aligning technology with product and business goals. 

• Coach and develop managers and senior technical leaders, fostering a culture of autonomy, accountability, and trust. 

• Drive hiring for critical roles (e.g., Software Architect) to strengthen technical depth and leadership capacity. 

• Represent engineering and security in executive-level strategy, planning, and governance discussions. 

Process & Professionalization

• Define and implement modern SDLC and Agile practices, with a focus on shortening delivery cycles and scaling DevSecOps maturity. 

• Establish and continuously improve engineering quality, security, and compliance benchmarks. 

• Approve and oversee high-level architectural direction in partnership with the Tech Lead and Software Architect. 

Security & Compliance 

• Own the organization’s security posture, embedding security into every stage of development and operations. 

• Lead the organization toward achieving and maintaining compliance with SOC 2, FedRAMP, and other frameworks. 

• Partner with external auditors, consultants, and internal leaders to ensure certification readiness and ongoing compliance. 

Culture & Continuous Improvement 

• Shape and reinforce an agile, product-oriented culture built on continuous learning, coaching, and psychological safety. 

• Anticipate organizational and technical risks, communicate transparently, and drive proactive solutions. 

• Serve as a visible champion for engineering and security best practices across the company.

• Improved team engagement, retention, and internal trust in engineering delivery. 

• Measurable improvements in deployment frequency and reduction in incident rates. 

• Compliance readiness for SOC 2 and/or FedRAMP within 12–18 months. 

• Implementation of automated, secure CI/CD pipelines and infrastructure-as-code practices. 

• Bachelor's Degree in a technical field or equivalent work experience is preferred.

• 7+ years in technology leadership roles, including experience managing managers. 

• Proven success leading engineering and security transformations in growth-stage or turnaround environments. 

• Strong hands-on expertise with DevSecOps practices: CI/CD pipelines, infrastructure as code (Terraform/ARM), automated testing, and security scanning. 

• Deep knowledge of modern cloud technologies (AWS, Azure, or GCP), containerization, serverless, and modern deployment patterns. 

• Experience embedding security into engineering lifecycles and working with compliance frameworks (SOC 2, FedRAMP). 

• Demonstrated ability to scale engineering organizations, transition from project-based to product-centric structures and build strong agile cultures. 

• Coaching-focused leadership style that develops managers and teams while earning trust across product, engineering, and executive stakeholders. 

• Excellent communication skills; able to engage and influence both technical and non-technical audiences.