Cyber Defense & Data Security Lead - Americas

Ralliant•Raleigh, NC

11h•$104,300 - $193,700•Hybrid

About The Position

The Cyber Defense & Data security Lead (Americas) is accountable for regional cyber defense operations across North and South America, with the primary goal to detect, prevent, and minimize business impacting security threats and events. This role leads day to day execution of 24x7 security operations, including incident response and incident management, threat intelligence, threat hunting focused on security and resilience and data loss prevention (DLP) response and engineering. This role also provides operational coverage for U.S. Government regulated environments and business, including CMMC aligned environments and customer requirements. The technical leader ensures incidents, investigations, and evidence handling are executed in a defensible manner, supporting audit readiness, customer reporting, and contractual obligations. The role operates in service to the enterprise and Operating Companies (OpCos), ensuring consistent operational outcomes while adapting execution to regional realities. The Americas Cyber Defense Lead partners closely with global Security Operations leadership, Cyber Defense Engineering, GRC, Audit, corporate IT shared services, Infrastructure and Cloud engineering, Identity teams, and engages Legal, HR, Privacy, and business leaders as required. The role embraces the Ralliant Business System (RBS) by embedding operational discipline, staff training, and continuous improvement into tools, workflows, and standard work so cyber defense is scalable, measurable, and repeatable. The role partners with technical and engineering teams to enhance resilience by reducing recurring operational weaknesses, improving recovery readiness, and strengthening controls that prevent repeat business disruption.

Requirements

Bachelor’s degree recommended; equivalent experience considered.
7+ years in security operations, incident response, or cyber defense roles with demonstrated leadership in operational execution.
Proven experience leading incident management, including coordinating responders, running incident bridges, and delivering clear, timely communications to senior stakeholders.
Experience supporting regulated or customer driven security requirements, including U.S. Government environments.
Experience building and running a DLP program across a global organization.
Hands-on experience with DLP response workflows and handling sensitive data loss scenarios with appropriate discretion and defensible documentation.
Working knowledge of security detection and response across endpoint, identity, cloud, SaaS, email, and network domains, with practical understanding of how telemetry becomes actionable outcomes.
Experience operationalizing threat intelligence and leading threat hunting activities that produce measurable improvements (new detections, closed gaps, validated controls, improved readiness).
Participation in exposure or vulnerability remediation workflows with infrastructure, cloud, identity, and application teams using risk based prioritization and service level discipline.
Strong documentation and communication skills, including the ability to translate technical situations into business impact, risk, and clear decision points.
Ability to operate effectively across enterprise and OpCo environments, balancing global consistency with local context across multiple time zones and cultures.
Alignment with Ralliant values and the Ralliant Business System (RBS), including continuous improvement, transparency, and ownership.

Nice To Haves

Familiarity with CMMC and NIST SP 800-171 aligned expectations is preferred.

Responsibilities

Lead Americas execution of 24x7 SOC operations, including monitoring, triage, case management, shift handoffs, and escalation to ensure reliable regional coverage and consistent outcomes.
Direct incident response execution and incident management for the Americas, including containment coordination, recovery support, stakeholder communications, and post incident reviews with tracked corrective actions.
Serve as incident commander for assigned events, driving rapid decision making, operational tempo, and clear executive ready updates focused on business impact and risk.
Provide operational oversight for U.S. Government and CMMC aligned environments, including incident handling expectations, evidence collection standards, and escalation pathways that support contractual and regulatory obligations.
Lead DLP response operations and engineering, including alert triage, investigation workflows, escalation criteria, documentation standards, and partnership with Legal, HR, and Privacy for sensitive cases.
Partner with Cyber Defense Engineering to improve detection coverage and fidelity across endpoint, identity, cloud, SaaS, email, and network telemetry, including tuning to reduce false positives and increase high confidence detections.
Operationalize threat intelligence by translating external and internal signals into prioritized detections, hunts, response actions, and targeted advisories for technical and business stakeholders.
Lead threat hunting focused on both security and resilience, identifying control gaps, validating defensive assumptions, and improving readiness for high impact scenarios.
Participate in exposure management response with technology owners, driving risk based prioritization, remediation execution, exception handling, and transparent reporting tied to business criticality.
Maintain regional metrics and reporting, including time to detect, time to contain, incident trends, alert quality, exposure remediation progress, and recurring driver analysis, using insights to drive measurable improvement.
Train and coach staff through playbook walkthroughs, simulations, tabletop exercises, and after action reviews; reinforce disciplined execution and consistent decision making under pressure.
Embed security operations standard work into RBS aligned tooling and workflows (runbooks, playbooks, checklists, evidence patterns, and automation) to improve consistency, efficiency, and auditability.
Manage relationships with regional service providers and support third party incident response engagements when activated, including coordination, evidence handling, and lessons learned closure.