Cybersecurity Engineering Service Lead

About The Position

Requirements

• 8+ years of experience in security engineering, risk management, or a related technical discipline within a large enterprise environment.
• Experience designing, building, and deploying scalable enterprise solutions while balancing risk, velocity, and stakeholder expectations.
• Demonstrated experience assessing the security of products, projects, or technology implementations, including identifying control gaps, design weaknesses, and areas of elevated risk.
• Strong process improvement experience, with the ability to break complex processes into component parts, identify inefficiencies or failure points, and drive continual improvement.
• Experience partnering effectively across technical and non-technical teams, balancing collaboration with independent challenge to ensure alignment with established policies, standards, procedures, and controls.

Nice To Haves

• Experience driving or supporting secure-by-design initiatives, embedding security and risk considerations into early stages of product development and technology adoption.
• Application Security and/or Configuration Management experience.
• Experience integrating security into the software development lifecycle (SDLC).
• Experience operating in a second line of defense (2LOD) role, providing independent oversight of first line technical teams while maintaining strong partnerships and accountability.
• Risk management experience aligned with frameworks such as NIST Cybersecurity Framework, COBIT 2019, and the NIST Privacy Framework.
• Previous leadership experience as a senior individual contributor, acting lead, or mentor/coach, providing guidance, influence, and direction without formal people management responsibilities.
• Strong interpersonal skills with the ability to establish relationships, build trust, and influence outcomes across teams to drive alignment with department and enterprise goals.
• Experience working in a global organization, partnering with stakeholders across multiple time zones.

Responsibilities

• Drive a secure-by-design approach across the enterprise by embedding Engineering oversight into organizational processes for new projects, purchases, and changes, ensuring security and risk considerations are addressed early and consistently.
• Continuously assess technologies for alignment with defined policies, standards, procedures, and controls, driving remediation, risk acceptance, or escalation where gaps and emerging risks are identified.
• Identify and drive improvement initiatives within the Engineering service that strengthen effectiveness, consistency, and scalability.
• Stay apprised of risk issues across Cyber, IT, and Third-Party domains, analyzing where earlier Engineering engagement could have improved risk identification, mitigation, or acceptance, and incorporating those learnings into future processes.
• Identify issues and opportunities within the broader OR&R organization where the Engineering service can deliver solutions, including product implementation, automation, or the application of emerging technologies such as generative AI.
• Provide second-line oversight of first-line (1LOD) technical functions, primarily Application Security and Configuration Management, to ensure activities are aligned with established policies, standards, procedures, and controls, and to build confidence in the consistency and quality of execution.
• Define service strategy, establish roadmaps, and create transparency into team performance, risks, and successes through meaningful metrics, reporting, and stakeholder communications.

Benefits

• Prioritization of your health and well-being including Medical, Dental, Vision, and Wellbeing Reimbursement Account that can be used on yourself or your eligible dependents
• Generous paid time off options including: Paid Time Off, Holiday Schedules, and Financial Planning Time Off
• Paid Parental Leave as well as an Adoption Assistance Program
• Competitive 401k savings plan with company match and an additional contribution regardless of participation