Director of IT & Security

About the role

ARE YOU READY TO TAKE YOUR CAREER TO NEW HEIGHTS? ARE YOU SEEKING A NEW CHALLENGE IN A DYNAMIC SECTOR? This is a very exciting and highly innovative time here at Outside. OUR TRUE NORTH:Outside Interactive, Inc., the premier hub for active lifestyle enthusiasts, offers best-in-class content and experiences to more than 70 million of the world's most passionate outdoor, wellness, and endurance enthusiasts every month. We inspire a broad and diverse audience to do the activities they love with greater enjoyment, inspiration, and knowledge and are dedicated to making real change in the outdoor and fitness industries. The Director of IT & Security is a senior strategic leader who serves as the organization's senior security leader, partnering with technical stakeholders to drive program strategy and business alignment , technology policy, and enterprise software governance. This role goes beyond traditional IT management-it is designed for a leader who can scale and champion a continually maturing security program, driving organizational adoption and executive alignment , drive software lifecycle decisions, and function as a trusted executive partner across the C-suite and business units. The ideal candidate brings deep InfoSec expertise, a policy-builder's rigor, and the executive presence to champion security culture at every level of the organization. They will extend and evolve established security frameworks, identifying gaps and leading continuous improvement, lead cross-functional alignment, and translate complex technical risk into clear business language for senior leadership. Core Responsibilities 1. Information Security Leadership Drive organizational maturity and adoption of the enterprise information security program, including threat intelligence, vulnerability management, and incident response. Champion and communicate the organization's security posture across on-prem, cloud, SaaS, and hybrid environments. Maintain executive visibility into security operations, including SIEM, penetration testing, and incident readiness programs. Serve as a senior strategic advisor on InfoSec, partnering with technical leads on architecture decisions, vendor selection, and product development. Partner with the security engineering team to amplify training programs, phishing simulations, and security awareness initiatives across the organization. Own executive communication and stakeholder coordination during security incidents, working in close partnership with technical leads on response execution. 2. Policy Creation & Governance Develop, own, and maintain the full library of IT and security policies, including AI and Agentic Use, Acceptable Use, Data Classification, Access Control, Incident Response, Business Continuity, and Disaster Recovery. Maintain and evolve existing governance frameworks, ensuring policies remain enforced, current, and responsive to regulatory changes and emerging threats. Deep understanding and expertise in leading compliance programs: SOC 2 Type II, SOX ITGC, ISO 27001, NIST CSF, GDPR, CCPA, and other applicable standards. Build and chair a cross-functional IT Governance Committee to align technology policy with business needs. Drive policy adoption through communication, training, and accountability mechanisms across all departments. 3. AI Security, Governance & Enablement Maintain and evolve the organization's established AI security policy and governance framework, ensuring it remains current across acceptable use, data handling, model risk, and third-party AI vendor assessment. Continuously assess and mitigate AI-specific security risks, including prompt injection, data leakage through LLMs, model poisoning, and shadow AI adoption across business units. Partner with business and product teams to evaluate and approve AI tools and integrations, ensuring data privacy, IP protection, and compliance requirements are met before deployment. Extend and deliver an AI literacy and security training program for all staff-covering safe and responsible AI use, recognition of AI-generated threats (deepfakes, AI-assisted phishing), and data hygiene when interacting with AI tools. Leverage AI and automation to enhance security operations-including AI-assisted threat detection, anomaly detection, and automated incident triage-while maintaining human oversight for high-stakes decisions. Stay current on the evolving AI regulatory landscape (EU AI Act, emerging NIST AI RMF guidance) and advise leadership on compliance obligations and strategic positioning. 4. Security Strategy & Roadmap Build and execute a multi-year information security and IT strategy aligned with organizational goals, risk appetite, and growth trajectory. Enhance and evolve the existing security roadmap that prioritizes initiatives by risk reduction impact, resource requirements, and business enablement. Leverage existing Business Impact Analysis findings to refine and advance the organization's risk-ba

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at outside? Share your experience