Associate Director, Cybersecurity

About The Position

Requirements

• Bachelor's degree or combination of education and work experience
• 8+ years administering technology in widely distributed or decentralized organizations
• 5+ years in a cybersecurity leadership role with direct stakeholder engagement responsibilities
• 5+ years managing teams in complex, cross-functional environments
• Demonstrated experience operating in public sector, non-profit, or highly regulated settings
• Proven ability to lead and influence implementation of new cybersecurity policies and procedures across diverse teams
• Strong hands-on experience with vulnerability management, network security, and systems security
• Familiarity with building and scaling cybersecurity programs from both strategic and operational perspectives
• Deep knowledge of NIST, ISO, or similar cybersecurity frameworks and how to apply them in real-world business contexts
• Experience navigating regulatory compliance, public sector governance, and politically sensitive environments
• Track record of leading cross-functional initiatives with multiple stakeholders, including boards, government agencies, and community partners

Nice To Haves

• Exceptional written and verbal communication skills; able to tailor complex security topics for technical teams, business stakeholders, and executive leadership
• Strong critical thinking and problem-solving abilities, with a track record of delivering solutions under tight budget and resource constraints
• Deep understanding of risk management with pragmatic, business-aligned remediation strategies
• Demonstrated ability to influence without authority across complex organizational structures
• High emotional intelligence and the ability to navigate organizational dynamics and manage change
• Skilled at building consensus among diverse stakeholder groups with competing priorities
• Experience translating technical risk into business impact for non-technical audiences, including executives and board members
• Familiarity with public sector environments, including political and community considerations
• Broad hands-on expertise across core Information Security domains, including Incident Response, BCP/DR, Endpoint protection (AV/MDR), Security monitoring and SIEM, Log aggregation, WAF and firewall management, Patch and vulnerability management, Penetration testing and incident response coordination

Responsibilities

• Develop and enforce cybersecurity policies, procedures, and standards
• Lead threat detection, investigation, and response efforts across the organization
• Administer and optimize NYPL's cybersecurity tools, including EDR, NDR, and phishing defense platforms
• Analyze security alerts and threat intel to drive real-time response and containment
• Conduct hands-on technical reviews of security events, response workflows, and emerging risks
• Coordinate audits, tabletop exercises, and maturity assessments
• Report on cybersecurity posture, risk trends, and incidents to senior leadership
• Build alignment with stakeholders to balance security and operations
• Liaise with NYC Cyber Command, Physical Security, and law enforcement
• Advance cybersecurity awareness across the organization
• Partner with IT and business leads to close security gaps
• Lead complex, cross-functional cybersecurity initiatives
• Maintain trust through clear, timely communication during incidents