[Hiring] VP, Information Security, Risk and Compliance @Direct Travel

Role Description

The Vice President of Information Security & Compliance is a strategic executive leader responsible for overseeing global information security, data protection, governance, and compliance programs. This leader will ensure that our products, infrastructure, and operations meet international standards—specifically targeting ISO 42001 (AI Management System) certification and PCI-QSA compliance within the next 18 months.

This position demands a forward-looking leader who blends deep technical expertise, regulatory insight, and operational pragmatism to protect customer trust while enabling innovation.

Reporting to: Chief Information Officer

Key Responsibilities

• Security & Compliance Strategy: Develop and execute a global security and compliance roadmap aligned with corporate goals, focusing on ISO 27001 and SOC2, and expanding to ISO 42001, PCI-DSS, GDPR, CCPA, and other emerging data privacy frameworks.
• AI Governance: Establish robust policies and risk models for secure and ethical AI adoption across products and platforms, ensuring adherence to future AI regulatory standards.
• Data Privacy & Protection: Lead initiatives to design privacy-first architectures supporting international data residency, cross-border transfer compliance, and encryption standards.
• DevSecOps Maturity: Partner with engineering and DevOps teams to build security into the product development lifecycle—deploy secure pipelines, automate compliance checks, and continuously monitor infrastructure health.
• Risk, Audit & Incident Response: Maintain enterprise risk management processes, lead internal audits, coordinate external assessments, and oversee incident response and recovery workflows.
• Team Leadership: Build, mentor, and scale a global security & compliance organization with capabilities spanning application security, cloud security, GRC, and data protection.
• Stakeholder Collaboration: Work cross-functionally with Sales, Product, Legal, Finance, and IT to align organizational practices and ensure security and compliance enable business growth—not constrain it.

Qualifications

• 12+ years of experience in information security or compliance, with at least 5 years in senior leadership driving enterprise-wide programs.
• Proven track record leading PCI-DSS, ISO, or SOC 2 compliance initiatives in a SaaS or financial/merchant-of-record context.
• Deep understanding of cloud architectures (AWS, Azure, or GCP), security platforms, secure software development, and modern DevSecOps tools and practices.
• Experience establishing AI governance, risk management, or model assurance frameworks preferred.
• Strong familiarity with data privacy regulations across EU, US, and APAC jurisdictions.
• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or equivalent credentials highly desirable.
• Exceptional communication, leadership, and change management skills.

Success in the Role

• Integration of the security team, processes and systems in our ATPI business unit.
• ISO 27001 and 42001 certification achieved within 18 months.
• PCI-QSA compliance achieved within 18 months.
• Embedded security-by-design across the product lifecycle.
• Demonstrable improvement in operational resilience and customer trust.