Director, Information Security Office

Shaw Systems is a national software development company that has an established record of solid financial performance and an excellent reputation for providing quality products.

Shaw Systems Associates is looking for a passionate and highly motivated Director, Information Security, to lead Shaw’s efforts in protecting our corporate information assets from unauthorized disclosure, accidental or intentional loss of data, and modification. This individual will lead and drive the efforts across all of the internal Shaw groups to proactively identify existing and emerging risks and threats and implement effective strategies and identify mitigations to corporate risks.

These responsibilities include providing security guidance to clients and product teams responsible for delivering business solutions. This role will provide security guidance, identify, and prioritize security-related requirements, promote secure-by-default designs, and facilitate the delivery of information services. This position will interact with a broad cross-section of personnel to explain and enforce information security and Information Security measures.

The person in this role determines security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments studying architecture/platform and identifying integration issues. Updates job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations: architects and implements solutions in conjunction with teams across the organization.


  • Managing Shaw’s SOC Partner and responding to our Incident Management procedures
  • Implementing Keeper Security to provide a Single Sign On solution for our staff and further secure our service and shared accounts
  • Assist in the re-architecture effort of our networks
  • Enhancing Shaw’s security policies and procedures to ensure that we are focused on the proper risks and are taking the appropriate steps to mitigate and risk
  • Efficiently analyze Shaw’s system and cloud architectures to develop appropriate security requirements which enforce Shaw policies and standards
  • Identify and communicate current and emerging security threats across security domains to Shaw’s internal teams
  • Create and automate solutions that balance business requirements with information and Information Security requirements
  • Manage multiple simultaneous fast-paced projects, covering diverse business initiatives
  • Collaborate with Shaw’s internal teams and third-party vendors to guide security controls for managing risk for Shaw
  • Perform risk assessments of information systems and infrastructure; develop appropriate risk treatment and mitigation options, and effectively articulate findings and recommendations to Shaw’s internal teams and management
  • Design security architecture elements to mitigate Threats as they emerge. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements
  • Maintain highly developed knowledge of security best practices and technologies
  • Communicate technical topics to diverse audiences, including technology teams, leaders, and business users without a technical background
  • Work with auditors, clients, and prospects to provide an overview of Shaw’s Information Security and Information Security program


  • Extensive years of relevant work experience in similar field and industry
  • A solid technical background with experience in system delivery including SDLC, DevOps, Infrastructure, working with security tools, technologies, and frameworks
  • At least five years architecting and securing applications and infrastructure in the Cloud, Azure (preferred) or AWS
  • Familiarity with standard network security technology solutions: e.g., firewall, router, VPN, IDS/IPS
  • Additional familiarity with the use of standard security technology solutions and processes such as access control, user provisioning, directory, MFA, SIEM, vulnerability management, Cloud Access Security Brokers, Data Loss prevention solutions, anti-virus, single sign-on, auditing, SAST, DAST, PKI, and Cryptography
  • Knowledge and understanding of network protocols, network topologies, virtual infrastructure, network segmentation, operating systems, databases, applications, Cloud security, and mobile security
  • Knowledge and experience in vulnerability and risk related security and regulatory frameworks, including ISO 27001, NIST, and OWASP Top 20
  • Understanding of FFIEC, GLBA and SOX and their applicability to technologies and applications and privacy laws
  • Exceptional communication skills with diverse audiences - Strong critical thinking and analytical skills
  • Strong leadership, project and team-building skills, including the ability to lead teams and drive projects and initiatives in multiple departments


  • Four-Year College Degree (BA or BS) or Advanced Degree. A degree in Information Technology, Computer Science, or related field is highly desirable
  • Certified Information Systems Security Professional (CISSP)
  • Certified Cloud Security Professional (CCSP) – preferred
  • Information Systems Security Architecture Professional (ISSAP) – preferred
  • Azure or AWS Cloud Certifications


This position may work from any of the following locations: Hybrid office schedule if within 75 miles of the Houston, TX or Richmond, VA office. Remote with the ability to travel at least 5% from the following states: Texas if more than 75 miles from the office location, Virginia if more than 75 miles from the office location, Florida, Georgia, Idaho, Louisiana, Michigan, New Jersey, Minnesota, North Carolina, Pennsylvania, Utah.

** Shaw Systems employees are not authorized to work in any state not listed above our outside of the US without specific written permission from their direct manager and approval from the Information Security Office.**

Work Environment and Physical Demands

This is a full-time position. Days of work are Monday through Friday. The daily schedule may vary from 7 am – 4 pm, 8 am – 5 pm or 9 am – 6 pm, and occasional afterhours or weekend work may be required. Hours may vary or exceed 40 in any given week depending on the needs of the business.

Please email your resume to: