Director, Security - Cosmos

About Cosmos

Cosmos is a new Infinity Constellation venture poised to redefine managed IT services for mid-market companies. By fusing human expertise with advanced AI automation, we deliver faster, smarter, outcome-based IT support that frees customers to focus on their core business. If you join as the CEO you will be helping us to start this company from day 1, you will be joining as the first member of the team with capital and support to grow a team and a business with us.

Infinity is seeking a Director, Security to design and oversee the security strategy for Cosmos. This leader will establish Cosmos foundational security program, implement scalable processes and controls, and ensure our companies consistently meet and exceed client security and compliance expectations.

The role requires both strategic vision and hands-on execution. You’ll be responsible for building the frameworks that unify Cosmos security posture, while also diving deep into individual portfolio companies to stand up policies, remediate gaps, and directly support client/vendor diligence reviews. Over time, this function may evolve into a dedicated security services offering within Infinity’s shared services ecosystem.

• Security Program Leadership

  • Build Infinity’s portfolio-wide security policies, standards, and controls.

  • Own certification/compliance programs (SOC 2, ISO 27001, HIPAA GDPR/CCPA alignment, etc.).

  • Maintain a central library of security documentation to support sales and client diligence.
    

• Governance, Risk & Compliance

  • Develop and oversee vendor/third-party risk management.

  • Implement data classification, retention, and destruction policies.

  • Ensure consistent incident response, access review, and audit cadences across companies.
    

• Hands-On Company Engagement

  • Partner with engineering and leadership teams at portfolio companies to establish secure practices from day one.

  • Lead security diligence with client and vendor teams, ensuring successful outcomes.

  • Standardize secure development lifecycles, access management, and cloud security baselines.
    

• Incident Response & Continuity

  • Implement an incident response framework with clear escalation paths.

  • Run tabletop exercises, penetration testing, and remediation tracking.

  • Build continuity/disaster recovery standards that scale across companies.
    

• Enablement & Culture

  • Lead company-wide security training and awareness programs.

  • Build a “secure by default” culture that supports, not slows, innovation.

  • Serve as the trusted advisor to leadership on risk, compliance, and client security expectations.
    

• 7+ years in security leadership roles, ideally spanning both startup and enterprise contexts.

• Track record of building and running SOC 2, HIPAA, ISO 27001, or equivalent programs.

• Experience in client facing roles interfacing directly with stakeholders and client security teams as a part of the sales process

• Strong technical understanding of cloud security (AWS/GCP), encryption, identity and access management, and secure SDLC practices.

• Experience successfully navigating client/vendor security diligence processes.

• Ability to operate both strategically (designing systems for scale) and tactically (closing gaps in fast-moving environments).
  

• High priority portfolio companies have established security programs

• High priority portfolio companies have established security documentation for use by client sales teams

• A portfolio-wide security program is established and documented.

• Core certifications (SOC 2 Type I/II or equivalent) underway or complete.

• Centralized security documentation package (“deal room”) created and in use.

• Client/vendor diligence reviews consistently passed with no material gaps.

• Security becomes a competitive advantage across the Infinity portfolio.