Senior Director, Head of Information Security and Privacy:

Reporting to the Chief Information Officer, this role is a hands-on capable leader who will utilize their expertise to implement and operate information security for a dynamic, growing global organization. The role will be responsible for the protection of all products, information assets, and resources and developing policies and standards that ensure the highest level of protection and user awareness. In the privacy facet of the role, you’ll help us improve our management of potentially sensitive information, carry out regular internal security audits, and act as the main point of contact between Quest and the data protection authorities.

This is a full-time, on-site position requiring in-office presence Monday through Friday at our Austin office-Domain area.

***********Must currently reside in the Austin, TX region***********

• Security
  • Developing and implementing sustainable, strategic and long-term information and information security strategies.
  • Creating, leading the implementation of, communicating and managing information security policies and standards.
  • Developing, implementing and communicating and implementation of risk-based assessments and mitigations both internally and with external partners and vendors.
  • Identifying, evaluating and reporting on information security risks, practices and projects to leadership, the Board of Directors, and other stakeholders.
  • Implementing management practices of assessing information security risk tolerance and fostering a security-aware culture.
  • Partnering with leadership and stakeholders to determine acceptable levels of information security risk while ensuring security programs are following laws, regulations, contractual requirements and policies.
  • Being the organizational subject matter expert on a broad range of Information security standards and best practices.
  • Oversees the selection, implementation and updates of information security applications and devices that includes championing new products, services and approaches.
  • Leading the response and monitoring of information security incidents and events including external and emerging threats and advising stakeholders on appropriate courses of action.
  • Liaising with external agencies, such as law enforcement and other advisory bodies as necessary, to ensure that the organization maintains a strong information security posture.
  • Relates business requirements and risk to technology implementation for information security-related issues.
  • Assist with cyber insurance renewals
  • Lead AI governance to ensure Quest follows a commonly accepted risk management framework.
  • Establish and maintain a budget that addresses the highest risks first and propose amendments when risks are identified, when risk appetites reduce, or when threats increase.
  • Instill the need for repeatable, defensible processes that would satisfy audits of information security and IT General Controls

• Privacy
  • Act as the primary point of contact within the organization for members of staff, regulators, and any relevant public bodies on issues related to data protection
  • Ensure the company’s privacy policy is in accordance with CPRA, General Data Protection Regulation (GDPR), UK GDPR and all other relevant laws and codes of practice
  • Evaluate the existing data protection framework and identify areas of non or partial compliance and rectify any issues
  • Devise training plans and provide data protection advice and support for team members
  • Provide expert advice and educate employees on important data compliance requirements
  • Draft new and amend existing internal data protection policies, guidelines, and procedures, in consultation with key stakeholders
  • Hold training with staff members across different business units who are involved in data handling or processing
  • Proactively conduct audits to ensure compliance and address potential issues
  • Work with the Data governance team to maintain records of all data processing activities carried out by the company
  • Serve as the point of contact between the company and the data protection authorities

• Bachelor’s degree in information technology or related field; advanced degree preferred
• 15+ years broad-based information security related experience in global, distributed environments
• Minimum of 5 years’ experience working in data protection compliance or a related field within the public sector.
• Expertise in European data protection laws and practices including an in-depth understanding of the GDPR/UK GDPR
• 10 years in leadership and project management. You are analytical and a hands-on leader in project management who finds problem solving and implementing process improvements exciting.
• Proven background in developing, implementing and managing information security strategies, policies and procedures, KPI’s and Key Risk Indicators (KRI’s)
• Expert knowledge in IT security threats, control strategies and related best practices
• Strong communication and presentation skills with the proven ability to influence, build consensus and drive decision-making
• Ability to develop and maintain collaborative relationships and partner and communicate across all levels of an organization
• CISSP, CISM, CISA, and/or other related professional development/certifications

Company Overview

Quest Software builds the foundation for enterprise AI with solutions in data governance, cybersecurity, and platform modernization. More than 45,000 companies — including 90% of the Fortune 500 — trust Quest to solve their most critical IT challenges. From securing identities and modernizing platforms to preparing data for AI, we help enterprises unlock their full potential.

Why Quest

At Quest, your work makes an impact. You’ll help organizations get AI-ready while building your career with a global team of innovators. We offer:

• Competitive pay, annual bonuses, and top-performer recognition.
• Comprehensive health, family, and retirement benefits.
• Flexible work options, generous PTO, and wellness programs.
• Professional growth through learning platforms, mentorship, and leadership programs.
• Inclusive teams that reflect the world we serve, supported by Employee Resource Groups and our Equality & Inclusion Council.

Quest is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances.  

Come join us. For more information, visit us on the web at Quest Careers | Where next meets now. Join Quest.

Job seekers should be aware of fraudulent job offers from online scammers and only apply to roles listed on quest.com/careers using our applicant system. Note: We do not use text messaging or third-party messaging apps like Telegram to communicate with applicants, so please exercise caution if you are approached in this way and only interact with people claiming to be Quest employees if they have an email address ending in @quest.com or @oneidentity.com You can report job scams to the FTC (ReportFraud.ftc.gov) or your state attorney general.

#LI-NM1