Comoto Holdings is America’s largest and fastest growing omnichannel platform in the powersports aftermarket-products industry; dedicated to advancing the experience of moto enthusiasts across the globe. Comoto’s brands, RevZilla, Cycle Gear, J&P Cycles, and now REVER, deliver premium products, dedicated expertise, engaging media, and passionate customer support of the rider community, through best-in-class e-commerce and retail experiences.

The Security & Compliance Director leads the security practice within the Technology organization and is responsible for ensuring IT controls, policies, and procedures are effectively communicated and implemented across corporate applications and infrastructure. This role will report to the VP, Technology, and assists internal teams with all aspects of IT security and compliance activities; including, but not limited to, PCI, access management, security configuration, vulnerability management, patch management, system logging, and event monitoring. The Director will also be expected to develop an in-depth understanding of the organization’s business and products by working with cross-functional teams across Comoto.

Our Security & Compliance Director Will:

• Review and monitor security control processes across multiple environments (both cloud and physical) and applications

• Identify and report security risks and exposures by monitoring security reviews, evaluations and risk assessments performed by IT control owners and external auditors

• Collaborate with systems administrators, technical development staff, and system operations on system and network infrastructure projects 

• Monitor, implement and verify all Data Protection requirements are met and Data retention policies are being performed 

• Lead the coordination of cross-functional security projects and internal assessments 

• Provide security process training and support for Comoto teams

• Develop and publish Information Security policies, procedures, standards and guidelines based on knowledge of best practices, industry standards (NIST 800-53, ISO27001, CIS, ect.) and compliance requirements

• Responsible for tracking all IT security issues and managing remediation efforts working closely with IT, internal and external auditors, and consultants

• Working closely with business and other organizational stakeholders to complete 3rd party RFI/RFP security questionnaires

• Provides metrics and indicators for information security and assurance

• Design of security policy education, conducting training and awareness activities

• Establish Security Roadmap and associated budget

Our Security & Compliance Director Has:

• 8+ years of technology experience ideally with 5+ years in IT Security

• IT Security leadership experience

• Candidate must have a solid understanding of web application secure coding practices (i.e. OWASP Top 10)

• 8+ years of technology experience ideally with 5+ years in IT Security

• Web application security control methodologies

• Experience managing the PCI audit process

• Experience working closely with external auditors

• IT background with an understanding of hybrid hosting architecture

• Strong skills in developing security processes and procedure documentation.

• Ability to build strong relationships with all levels of management

• One or more security certification CISA, CISM, CGEIT, CRISC, CISSP, GIAC

Software Skills:

• Database security controls (Microsoft SQL, Postgres)

• Operating System security controls (Windows and Linux servers)

• Cloud security 

• Experience with third-party monitoring solutions

• End-point protection software 

• Vulnerability scanning software (White Hat, Seeker, others)

All your information will be kept confidential according to EEO guidelines.