About the CompanyAt Current, everything starts with people. We believe that when you invest in talent through opportunity, development, and support, you unlock growth for individuals, firms, and clients alike. That’s why we’ve built a platform designed to give our people access to more: more learning, more collaboration, and more ways to grow their careers than any single firm could offer on its own.Founded in 2023, Current has rapidly become one of the fastest-growing accounting platforms in the country, partnering with more than 40 leading accounting firms across the United States. Today, our community includes over 2,000 professionals, 30+ offices nationwide, and a growing global workforce that supports clients around the world. Backed by Thrive Capital, Bessemer Venture Partners, and Springdale Industries, Current is investing heavily in technology, artificial intelligence, and workforce innovation to help modernize the profession. Our leadership team has a proven track record of building and scaling successful businesses, with prior ventures generating more than $3 billion in combined enterprise value.We’re building something bigger than a traditional accounting firm: a platform where talented people can grow faster, learn more, and do more meaningful work. Whether you join Current, one of our partner firms, or our global team, you’ll be part of a community shaping the future of the profession.About the RoleOwn the enterprise information security, compliance & business continuity program across Crete (corporate) and all member firms. Build standardized, scalable security controls, governance, and operations across multiple independent control environments.Key responsibilitiesDefine the multi-year security strategy and roadmap across Crete and member firms in a federated model, aligning priorities to business risk and acquisition cadence.Establish and maintain the security policy framework, standards, and minimum control baseline across all firms; design pragmatic exception handling and remediation plans for varying maturity levels.Build security operating rhythms and executive reporting: KPIs, risk posture, incident trends, audit/compliance status, and program progress for Crete leadership and firm leaders.Partner with IT, data, and engineering leadership to embed security into operations, architecture decisions, and change management across the portfolio.Lead security diligence for M&A: current-state control assessments, key risk identification, remediation estimates, and repeatable post-close stabilization playbooks (30/60/90-day plans).Drive security integration of new firms (people/process/technology) across separate environments — identity, endpoint/email, logging/monitoring, data protection — with scalable onboarding playbooks and control alignment patterns.Provide security architecture oversight for cloud and hybrid environments with emphasis on Azure, Intune, and Microsoft Defender; define secure patterns for privileged access, conditional access, PAM, RBAC, and separation of duties.Oversee day-to-day security operations: vulnerability management, patch/risk prioritization, endpoint and email security, tooling lifecycle, and event triage across Crete and member firms.Manage third-party MDR/SOC providers — scope, SLAs, escalation paths, detection coverage, playbooks, reporting — and drive continuous improvement of monitoring outcomes.Own the incident response program end-to-end: runbooks, tabletop exercises, ransomware preparedness, forensics coordination, and post-incident reviews with corrective actions.Implement consistent risk management across firms — periodic assessments, control testing, remediation tracking — and own third-party/vendor security risk management for corporate and shared vendors.Support member firms with client-driven security and compliance requirements (NIST CSF, CIS, SOC 2 Type II); ensure evidence collection is repeatable and accurate.Lead security awareness and training programs tailored to professional services workflows, with measurable adoption and behavioral outcomes.Lead, coach, and develop the cybersecurity team; serve as escalation point for security decisions, incidents, and complex risk tradeoffs.Build documentation, playbooks, and implementation guides that enable consistent security outcomes across firms; influence firm leaders and local teams to drive baseline control adoption.Required experience / profile10+ years of progressive experience in information security or cybersecurity.3+ years leading and developing security teams.Demonstrated M&A, private equity, or roll-up experience.Strong understanding of cloud security principles with hands-on Azure and Microsoft security experience.Experience managing and governing compliance standards (NIST, CSF, CIS, and SOC2 Type II preferred)Experience managing business continuity programs and lifecycleMicrosoft Azure/Intune experienceExperience managing third-party security services (MDR/SOC, IR retainers, testing vendors).Proven ability to design and run a complete enterprise security control program.Excellent stakeholder management and executive communication skills.Bachelor’s degree or equivalent experience; security certifications preferred (CISSP).Professional services experience and /or accounting and CPA firm experience strongly preferred.Compensation & BenefitsThe total rewards package at Current includes base salary and benefits.Our salary ranges are competitive within the accounting industry and are updated regularly using the most reliable compensation survey data for our industry. New hire offers are made based on a candidate’s experience, expertise, geographic location, and internal pay equity relative to peers.We provide a robust benefits package, including:Health, Dental, and Vision Insurance (with options for fully paid employee only coverage for health and dental)Company-Paid Life and Long-Term Disability InsuranceAncillary Benefits such as supplemental life insurance and short-term disability optionsClassic Safe Harbor 401(k) Plan with employer contributionsOpportunities for professional growth, learning, and development including access to Becker and LinkedIn LearningEqual OpportunityWe are an equal opportunity employer, and we do not discriminate on the basis of race, religion, color, national origin, sex, sexual orientation, age, veteran status, disability, genetic information, or any other applicable legally protected characteristic.
