SonicJobs Logo
Left arrow iconBack to search
  1. Home
  2. 33180, Miami, FL
  3. Director of Security

Director of Security

Crete Professionals Alliance
Posted 13 days ago, valid for 6 days
Location

Miami, FL 33180, US

Salary

$187,000 - $225,000 per year

Contract type

Full Time

By applying, a Sonicjobs account will be created for you. Sonicjobs's Privacy Policy and Terms & Conditions will apply.

SonicJobs' Terms & Conditions and Privacy Policy also apply.

Sonic Summary

info
  • Crete Professionals Alliance (Crete PA) is seeking a candidate with over 10 years of progressive experience in information security or cybersecurity to lead their enterprise information security, compliance, and business continuity program.
  • The role requires at least 3 years of experience in leading and developing security teams, alongside strong expertise in cloud security principles, particularly with Azure and Microsoft security.
  • Key responsibilities include defining security strategies, establishing security policies, overseeing day-to-day security operations, and managing third-party security services.
  • The position offers a competitive salary of $200,000 per year, reflecting the candidate's extensive experience and expertise in the field.
  • Candidates with professional services or accounting firm experience are strongly preferred, and security certifications like CISSP are also advantageous.

About The Company

Founded in 2023, Crete Professionals Alliance (Crete PA) delivers big four firepower to local accounting firms. Our rapid growth has made us a magnet for leading firms nationwide, eager to join our revolution in accounting. We empower small to mid-market firms with PE-backed capital, strategic technology partnerships, and innovative workforce solutions—including national recruiting and offshore support—while preserving a personal, local touch. With a presence in over half the US, 50+ regional offices, 2,000+ dedicated professionals, and offshore operations in Asia, we're the fastest-growing accounting firm in the nation and well on our way to the top 20. At Crete PA, our culture and relationships are the cornerstone of our success, and we’re always looking for talented, ambitious people to join our team.

Since founding, Crete has partnered with 45 leading accounting firms to date, with significant growth anticipated through the remainder of the year. Our co-founders from ZBS Partners have a track record of launching four past successful companies, with combined enterprise value exceeding $3 billion, several now majority-owned by respected private equity firms. We plan to invest $500 million in the next two years to acquire accounting firms and equip them with artificial intelligence. In addition to ZBS, Crete is backed by leading technology investors Thrive Capital and Bessemer Venture Partners. Our partnership with Thrive and their recently launched Thrive Holdings strategy is accelerating our deployment of artificial intelligence, process automation, and advanced software into our partners companies.

About the Role

Own the enterprise information security, compliance & business continuity program across Crete (corporate) and all member firms. Build standardized, scalable security controls, governance, and operations across multiple independent control environments.

Key responsibilities

  • Define the multi-year security strategy and roadmap across Crete and member firms in a federated model, aligning priorities to business risk and acquisition cadence.

  • Establish and maintain the security policy framework, standards, and minimum control baseline across all firms; design pragmatic exception handling and remediation plans for varying maturity levels.

  • Build security operating rhythms and executive reporting: KPIs, risk posture, incident trends, audit/compliance status, and program progress for Crete leadership and firm leaders.

  • Partner with IT, data, and engineering leadership to embed security into operations, architecture decisions, and change management across the portfolio.

  • Lead security diligence for M&A: current-state control assessments, key risk identification, remediation estimates, and repeatable post-close stabilization playbooks (30/60/90-day plans).

  • Drive security integration of new firms (people/process/technology) across separate environments — identity, endpoint/email, logging/monitoring, data protection — with scalable onboarding playbooks and control alignment patterns.

  • Provide security architecture oversight for cloud and hybrid environments with emphasis on Azure, Intune, and Microsoft Defender; define secure patterns for privileged access, conditional access, PAM, RBAC, and separation of duties.

  • Oversee day-to-day security operations: vulnerability management, patch/risk prioritization, endpoint and email security, tooling lifecycle, and event triage across Crete and member firms.

  • Manage third-party MDR/SOC providers — scope, SLAs, escalation paths, detection coverage, playbooks, reporting — and drive continuous improvement of monitoring outcomes.

  • Own the incident response program end-to-end: runbooks, tabletop exercises, ransomware preparedness, forensics coordination, and post-incident reviews with corrective actions.

  • Implement consistent risk management across firms — periodic assessments, control testing, remediation tracking — and own third-party/vendor security risk management for corporate and shared vendors.

  • Support member firms with client-driven security and compliance requirements (NIST CSF, CIS, SOC 2 Type II); ensure evidence collection is repeatable and accurate.

  • Lead security awareness and training programs tailored to professional services workflows, with measurable adoption and behavioral outcomes.

  • Lead, coach, and develop the cybersecurity team; serve as escalation point for security decisions, incidents, and complex risk tradeoffs.

  • Build documentation, playbooks, and implementation guides that enable consistent security outcomes across firms; influence firm leaders and local teams to drive baseline control adoption.

Required experience / profile

  • 10+ years of progressive experience in information security or cybersecurity.

  • 3+ years leading and developing security teams.

  • Demonstrated M&A, private equity, or roll-up experience.

  • Strong understanding of cloud security principles with hands-on Azure and Microsoft security experience.

  • Experience managing and governing compliance standards (NIST, CSF, CIS, and SOC2 Type II preferred)

  • Experience managing business continuity programs and lifecycle

  • Microsoft Azure/Intune experience

  • Experience managing third-party security services (MDR/SOC, IR retainers, testing vendors).

  • Proven ability to design and run a complete enterprise security control program.

  • Excellent stakeholder management and executive communication skills.

  • Bachelor’s degree or equivalent experience; security certifications preferred (CISSP).

  • Professional services experience and /or accounting and CPA firm experience strongly preferred.



Learn more about this Employer on their Career Site

Apply now in a few quick clicks

By applying, a Sonicjobs account will be created for you. Sonicjobs's Privacy Policy and Terms & Conditions will apply.

SonicJobs' Terms & Conditions and Privacy Policy also apply.

Logo
SonicJobs
Your next career move. Sorted.
Search jobsbackground image

Contact us

© 2017 - 2026 SonicJobs Inc. All rights reserved

Terms & Conditions | Privacy Policy | Browse Jobs