Director, Cyber and Information Security

About The Position

Requirements

• 10+ years of cybersecurity/information security experience.
• Experience operating enterprise security tools across endpoint, email, cloud, awareness, and risk domains, including CrowdStrike Falcon Complete, Proofpoint, Microsoft Defender for Cloud, KnowBe4, Cisco Umbrella.
• Investigation and incident response experience.
• Experience with security policies, governance, and risk‑based practices.
• People management or senior technical leadership experience.
• Hands‑on technical depth with the ability to lead strategy and execution.
• Strong organization, prioritization, and communication skills.

Nice To Haves

• Experience in mission‑driven, nonprofit, association, or complex organizational environments.
• Comfort operating in risk‑based, business‑driven security environments (not compliance driven).
• Familiarity with common security frameworks, applied pragmatically.
• Certifications (e.g., CISSP, CISM, CCSP) a plus.

Responsibilities

• Take ownership of security tooling, alert triage, investigations, and incident response.
• Own vulnerability management and continuous control improvement (endpoint, email, cloud, awareness).
• Ensure that strategy, policies, metrics, and risk communication are aligned with business needs and risk tolerance.
• Facilitate cross‑functional delivery of security initiatives with IT, cloud, applications, and vendors.
• Support third-party risk management and security policy across the organization.
• Own vulnerability management and continuous improvement of key controls (endpoint, email, cloud posture, awareness).
• Lead alert triage, investigations, and incident response activities, including root cause, remediation planning, and post‑incident reviews.
• Partner with infrastructure, cloud, application, and workplace technology teams to embed security into systems and workflows.
• Lead security strategy and roadmap development in alignment with the vice president of IT and the CTO.
• Maintain policies, standards, and governance; assess and communicate risk in business terms. Communicate clearly with technical and nontechnical audiences.
• Evaluate and recommend security technologies and services based on risk reduction, value, and operational impact.
• Support third‑party and vendor risk efforts with legal, procurement, IT, and business partners.
• Define metrics and reporting that provide leadership visibility into security posture, progress, and priorities.
• Build a collaborative, pragmatic, and accountable security culture. Partner effectively across IT, business teams, and vendors.
• Partner with stakeholders to understand business processes, technology usage, and risk.
• Plan, prioritize, and deliver security initiatives with technology teams across competing timelines and resources.
• Manage security vendors and service providers to ensure expected outcomes and value.
• Manage and mentor two security team members; provide coaching and technical guidance. Set priorities, assign work, and drive execution across multiple concurrent initiatives.
• Balance strategic planning with hands‑on operational execution across competing priorities.
• Lead the security awareness and training program.
• Promote shared responsibility through practical guidance that supports secure behaviors with minimal friction.

Benefits

• health care
• vision
• dental
• retirement
• paid leave