Director, Cyber Security

About The Position

Requirements

• High school diploma or GED.
• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a closely related field. Equivalent professional experience may be considered.
• Minimum of fifteen (15) years of progressive experience in cybersecurity, information security, or related technical fields.
• Minimum of seven (7) years of progressive leadership experience, including direct management of managers within a cybersecurity or technology function.
• Demonstrated experience leading enterprise-scale cybersecurity programs and influencing VP-level stakeholders.
• Proven experience balancing strategic planning with operational execution in a complex and evolving environment.
• Extensive experience securing IT infrastructure, managing vulnerability programs, and leading incident response.
• Experience implementing and managing security frameworks such as NIST CSF, ISO 27001, or CIS benchmarks.
• Strong knowledge of network security, cloud security platforms, and enterprise security operations tools (SIEM, IDS/IPS, EDR).
• Experience with identity management, system hardening, and emerging threat mitigation techniques.
• Familiarity with DevSecOps practices and secure software development lifecycle (SDLC).

Nice To Haves

• CISM, CISSP, CEH, or comparable cybersecurity certifications.
• Experience in telecommunications, ISP, or highly regulated industries.
• Experience leading cybersecurity transformation initiatives in a high-growth or scaling organization.
• Experience presenting cybersecurity strategy or risk posture to executive leadership or board-level stakeholders.

Responsibilities

• Build, lead, and scale a high-performing cybersecurity organization, including management of managers and senior individual contributors.
• Establish organizational priorities, operating models, and accountability frameworks to ensure consistent delivery of security outcomes.
• Create and sustain a culture of continuous learning, leadership development, and technical excellence across the cybersecurity function.
• Drive succession planning and long-term talent strategy, ensuring depth of leadership capability across the organization.
• Partner with executive leadership and HR to attract, develop, and retain top-tier cybersecurity leadership and technical talent.
• Own and continuously evolve the enterprise cybersecurity strategy, ensuring alignment with corporate objectives, risk tolerance, and business growth initiatives.
• Establish and report on KPIs, metrics, and maturity models to measure program effectiveness, risk reduction, and return on investment.
• Serve as a key advisor to VP-level leadership, translating cybersecurity risks into clear, actionable business decisions.
• Oversee the development, implementation, and governance of enterprise cybersecurity policies, standards, and frameworks aligned to industry best practices.
• Own cybersecurity financial planning, including budgeting, forecasting, and investment prioritization.
• Drive continuous optimization of cybersecurity investments while maintaining strong protection and scalability.
• Oversee enterprise-wide cyber risk management strategy, including risk identification, prioritization, and mitigation aligned to business objectives.
• Drive risk mitigation strategies embedded within business and technology processes.
• Ensure implementation and ongoing enforcement of security controls across infrastructure, cloud environments, and applications.
• Provide executive oversight of third-party risk management programs, including vendor security reviews and contractual requirements.
• Set compliance strategy across applicable regulatory frameworks (e.g., NIST, ISO, SOX, PCI DSS), ensuring audit readiness and operational adherence.
• Act as the escalation point for high-impact cybersecurity risks, partnering with senior leadership on mitigation decisions.
• Oversee enterprise incident response capabilities, ensuring readiness, governance, and continuous improvement.
• Provide senior leadership during major cybersecurity incidents, coordinating across business and technology stakeholders.
• Drive executive-level post-incident reviews, including root cause analysis and long-term remediation strategies.
• Partner with Technology leadership to integrate cybersecurity into enterprise business continuity and disaster recovery planning.
• Ensure ongoing testing, validation, and improvement of resilience capabilities through simulations and exercises.
• Provide strategic oversight of security operations, including SOC capabilities, monitoring, detection, and response maturity.
• Define and drive the cybersecurity technology roadmap, including evaluation and adoption of emerging solutions.
• Ensure alignment of cybersecurity architecture with enterprise infrastructure, cloud platforms, and application strategies.
• Establish and enforce security architecture standards across all environments, including network, endpoint, cloud, and data systems.
• Ensure implementation of data protection strategies, including encryption, DLP, and secure data handling practices.
• Direct the engineering, deployment, and lifecycle management of the enterprise security technology stack, including SIEM platforms, IDS/IPS, EDR/XDR, firewalls, VPNs, and vulnerability scanning and penetration testing tooling.
• Oversee the secure architecture and hardening of core infrastructure services — including DNS, DHCP, and identity and access management platforms such as LDAP and Active Directory — and enforce system hardening baselines such as CIS Controls, DISA STIGs, and USGCB.
• Drive the maturation of 24/7 SOC capabilities and the enterprise adoption of zero-trust architecture and AI-driven threat detection and response automation.
• Ensure secure configuration and protection across cloud platforms (AWS, Azure, and Google Cloud), IoT devices, and mobile endpoints.
• Sponsor and set the strategic direction for the enterprise AI governance program for the secure and responsible adoption of artificial intelligence and machine learning across the organization, providing executive oversight of the supporting policies, standards, and acceptable-use guidelines.
• Provide executive oversight of AI and machine-learning security risk assessments, including model integrity, training-data protection, and defenses against prompt injection, model evasion, and data-poisoning attacks.
• Partner with Legal, Privacy, and business leadership to align AI adoption with regulatory expectations and emerging AI-specific frameworks (e.g., NIST AI RMF and ISO/IEC 42001).
• Govern the secure use of generative AI and AI-enabled security tooling, balancing innovation and productivity with data protection, intellectual-property safeguards, and risk reduction.
• Monitor the evolving AI threat landscape and direct the responsible integration of AI-driven automation into detection, response, and operational workflows.
• Deliver executive-level reporting on cybersecurity posture, risk trends, and program performance.
• Oversee enterprise-wide cybersecurity awareness and training programs, driving cultural adoption and measurable risk reduction.
• Serve as a strategic partner across Technology, Legal, HR, Compliance, and business functions to embed cybersecurity into operations.
• Influence major business and technology initiatives by integrating cybersecurity considerations early in planning and execution.
• Promote a culture of shared accountability for cybersecurity across the organization.
• Must be available to work regular business hours Pacific Standard Time.
• Must also be available to work on-call, evenings and weekends as needed.
• Performs other duties as required to support the business and evolving organization.

Benefits

• Medical
• dental
• vision
• 401k
• flexible spending account
• paid sick leave
• paid time off
• parental leave
• quarterly performance bonus
• training
• career growth
• education reimbursement programs