Cybersecurity Director

About The Position

Requirements

• Bachelor's or Master's degree in Computer Science, Information Security, or a related field.
• 10+ years of relevant industry experience in Information Security, with 5+ years of managerial and strategic leadership experience.
• Knowledge of data protection, privacy regulations, and cybersecurity governance frameworks.
• Expertise in cloud security, including AWS and Azure, as well as cybersecurity architecture, application security, identity management, and Zero Trust.
• Experience in data encryption, access controls, code reviews, and secure coding practices.
• Expertise in building and implementing GRC frameworks and risk management processes.
• Familiarity with regulatory compliance requirements, including PCI DSS, SOC 2, and ISO 27001.
• Strong leadership and team-building skills.
• Excellent written and verbal communication skills with external and internal stakeholders and executives, and the ability to simplify complex cybersecurity topics. Ability to deliver constructive & encouraging feedback.
• Proactive, organized, analytical, detail-oriented, and persistent.
• Experience managing and overseeing external security service providers or technology partners.

Nice To Haves

• Certified Information Systems Security Professional (CISSP) or equivalent certification is a plus.

Responsibilities

• Develop and maintain cybersecurity and GRC strategy and long-term roadmap, with the goal of enhancing overall strategy in alignment with business objectives.
• Make continuous improvements to our security strategies to protect critical assets and data.
• Provide strategic decision-making and problem-solving to navigate complex security and regulatory landscapes.
• Manage a comprehensive Governance, Risk, and Compliance program in support of corporate audits, client assessments, and regulatory standards such as PCI DSS, SOC 2, and ISO 27001; ensure that our company meets all internal and external audit requirements.
• Conduct regular risk assessments and periodic penetration testing and vulnerability assessments to identify and mitigate potential threats to the organization's infrastructure, applications, and data.
• Manage the timely creation and dissemination of security-related communications including security awareness and training announcements, security compliance policies and processes, security alerts, and event messaging.
• Provide oversight in maintaining a successful collaborative relationship with our external cyber defense partner, including evaluation of service delivery performance and in alignment with BW’s cybersecurity priorities.
• Provide strategic leadership during cybersecurity incidents, coordinating with IT, Legal, HR, Privacy, Communications, and other stakeholders, and act as executive-level point-of-contact.
• Offer senior-level guidance in developing and improving cybersecurity governance programs, policies, standards, and secure architecture guidelines.
• Oversee enterprise cybersecurity risk assessments and ensure corrective actions are prioritized and implemented effectively; provide direction for privacy and data protection initiatives.
• Provide leadership, guidance, and mentorship to cybersecurity and GRC team members, drive strong performance across all initiatives and support individual and team development.
• Act as a trusted advisor to senior leadership on cybersecurity risk, architecture decisions, and strategic measures.
• Use metrics to evaluate and track effectiveness of security, governance, and compliance initiatives.
• Leverage exceptional communication skills to translate technical requirements into actionable business solutions.

Benefits

• Ability to work remotely
• Excellent health benefits that begin on your first day of employment
• $100 monthly fitness allotment
• tuition reimbursement program
• enhanced mental health resources
• 401(k) plan with generous company match
• annual profit sharing contribution (subject to company performance)
• PTO
• Floating Holidays
• Wellness Day Off
• Birthday Day Off