Corporate Director, CyberSecurity

About The Position

Requirements

• Demonstrated ability to architect and execute security strategy at scale in complex, distributed environments.
• Operational command of modern security tooling: XDR, SOAR, SIEM, PAM, CNAPP, and cloud-native security platforms.
• Proven ability to quantify and communicate cybersecurity risk in business terms — to board members, auditors, and frontline teams alike.
• Track record of advocating for security budgets, presenting risk assessments to executives, and influencing organizational priorities while keeping technical teams aligned.
• Deep understanding of the threat landscape including AI-augmented attacks, ransomware operations, supply chain compromise, insider threats, and identity-based intrusion.
• Experience governing AI tool adoption from a security and policy standpoint.
• Strong vendor management and contract negotiation skills; ability to hold third parties accountable to security SLAs.
• Experience conducting cybersecurity due diligence in M&A contexts and executing post-acquisition security integration.
• Familiarity with cyber insurance underwriting processes and coverage optimization.
• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related field required; Master’s degree or MBA preferred.
• 10–15 years of progressive cybersecurity experience, with a minimum of 5 years in a senior leadership role with direct budget and team ownership.
• Hands-on experience architecting or implementing Zero Trust, cloud security, and identity-centric security programs at scale.
• Demonstrated experience with NIST CSF, ISO 27001, SOC 2, and PCI-DSS compliance frameworks.
• Familiarity with modern detection and response platforms (e.g., CrowdStrike, Microsoft Sentinel, Palo Alto XDR, or equivalent).
• Experience managing third-party and supply chain risk programs.
• Ability to successfully pass a background check post-offer acceptance.

Nice To Haves

• Master’s degree or MBA preferred.
• Experience conducting M&A cybersecurity due diligence and/or leading post-acquisition security integration is strongly preferred.
• Relevant senior certifications required or strongly preferred: CISSP, CISM, or CRISC. Cloud-specific credentials (CCSP, AWS Security Specialty, or equivalent) are a meaningful differentiator. CDPSE is a plus given evolving data privacy obligations.

Responsibilities

• Security Strategy & Architecture: Own and continuously evolve a risk-based cybersecurity strategy aligned to business objectives, regulatory obligations, and the current threat landscape.
• Lead the design and implementation of a Zero Trust Architecture (ZTA) across identity, network, data, and endpoint domains, incorporating least-privilege access, continuous verification, and micro-segmentation.
• Direct cloud security posture across multi-cloud and hybrid environments, ensuring alignment with shared responsibility models and CNAPP/CSPM controls.
• Drive AI security governance — both leveraging AI-powered tooling for defense and establishing policy and controls around the organization’s use of AI/GenAI platforms, working alongside the AI steering committee.
• Assess and advance post-quantum cryptography readiness as part of long-range strategic planning.
• Security Operations & Engineering Oversee the full security operations function including a modern detection and response stack: SIEM, SOAR, XDR, and threat intelligence platforms.
• Drive an automation-first approach to Managed Detection and Response (MDR) — whether through internal capability, MSSP partnership, or a hybrid model — with a focus on reducing mean time to detect (MTTD) and mean time to respond (MTTR).
• Direct vulnerability management, penetration testing, threat hunting, and red team/purple team exercises with ongoing risk reporting.
• Champion Identity and Access Management (IAM) including phishing-resistant MFA, Privileged Access Management (PAM), and continuous access auditing as a foundational security control.
• Integrate DevSecOps practices into the software development lifecycle, embedding SAST, DAST, and SCA tooling across engineering and application teams, including externally facing platforms.
• Own and mature an insider threat program encompassing behavioral analytics, access monitoring, and policy enforcement across a geographically distributed workforce.
• Data Security & Classification Define and enforce a data classification framework across structured and unstructured data, including customer PII, payment data, supplier contracts, and internal operational data.
• Own and operate data loss prevention (DLP) controls across endpoints, email, cloud storage, and collaboration platforms.
• Ensure sensitive data handling policies are operationally enforced and regularly tested, not merely documented.
• M&A Security Due Diligence & Integration Own cybersecurity due diligence for M&A targets: assess security posture, identify material risk, and deliver findings to the executive team and deal team prior to close.
• Develop and maintain integration playbooks for acquired entities, including network segmentation, identity consolidation, endpoint compliance, and legacy platform risk assessment.
• Establish a defined security baseline that acquired organizations must reach within a specified post-close window, with measurable milestones and executive reporting.
• Maintain awareness of security debt inherited through acquisition and factor it into enterprise risk reporting and budget planning.
• Third-Party & Supply Chain Risk Establish and maintain a third-party and supply chain risk management program, including vendor security assessments, Software Bill of Materials (SBOM) practices, and continuous vulnerability scanning across vendor-managed components.
• Own vendor security SLAs and maintain accountability for third-party risk exposure.
• Governance, Risk & Compliance (GRC) Maintain compliance with applicable regulatory frameworks including SOC 2, NIST CSF 2.0, ISO 27001, PCI-DSS, and applicable state/federal data privacy requirements.
• Lead risk quantification efforts and translate security risk into financial exposure models for executive and board consumption, presented on a defined cadence to the CIO and, as appropriate, the audit committee.
• Own the cybersecurity budget including capital and operational spend, vendor contracts, and ROI measurement.
• Own the relationship with the company’s cyber insurance carrier, including annual underwriting reviews, coverage adequacy assessments, and claims coordination.
• Produce regular security metrics, KPIs, and executive dashboards that reflect organizational risk posture honestly and clearly.
• Incident Response & Resilience Own the enterprise incident response plan and tabletop exercise program; ensure plans are tested, current, and operationally rehearsed.
• Lead response to material security incidents including ransomware, data breaches, and business email compromise, including crisis communications and regulatory notification obligations.
• Work with the Lead of Infrastructure and HR to ensure business continuity and disaster recovery planning intersects appropriately with cybersecurity resilience.
• Team Leadership & Culture: Build, lead, and retain a high-performing cybersecurity team of 4 direct reports; establish clear career paths and invest in technical development.
• Foster a security-aware organizational culture through relevant, effective security awareness training — moving beyond checkbox compliance.
• Serve as an organizational authority on emerging threats and proactively brief executives and functional leaders on evolving risk.

Benefits

• Medical
• Dental
• Vision
• Tuition Reimbursement
• Pet
• Legal Insurance
• 401k
• Community Service Day
• Spotlight Awards
• National Sales Excellence Awards
• CFSP Prep Certification Program