Director Cyber Security

About The Position

Requirements

• Minimum 10 years of progressive experience in cybersecurity architecture, security engineering, or a closely related discipline.
• 5+ years’ experience in Financial Services or Banking — familiarity with OCC, FFIEC, and SEC regulatory expectations required.
• 5+ years’ experience leading people managers and building high-performing technical teams.
• Advanced knowledge of security and control frameworks (NIST CSF, NIST 800-53, FFIEC CAT, COBIT, ITIL, CIS Benchmarks).
• Strong technical knowledge of enterprise SIEM platforms (e.g., Splunk, Microsoft Sentinel, Devo) and SOAR orchestration.
• Advanced knowledge of network security architecture — firewalls, IDS/IPS, WAF, DNS security, micro-segmentation, and Zero Trust network access (ZTNA).
• Deep experience with cloud security architecture across AWS and/or Azure — including landing zone design, cloud-native security services, CSPM, and workload protection.
• Strong knowledge of endpoint detection and response (EDR/XDR), vulnerability management platforms, and threat intelligence integration.
• Advanced ability to translate architectural requirements and security strategy into implementable engineering designs.
• Advanced ability to conduct risk assessments and vulnerability analysis to identify security gaps in proposed and existing architectures.
• Experience with infrastructure-as-code (Terraform, CloudFormation) and CI/CD security integration (SAST, DAST, SCA, container scanning).
• Advanced ability to influence and build relationships with LOB stakeholders, leadership, and internal partners.
• Advanced ability to obtain, analyze, and synthesize information from multiple sources, including performance and risk metrics.
• Advanced analytical mindset focused on results with critical thinking, research, problem-solving, and decision-making skills.
• Highly self-motivated with a strong sense of initiative.
• Strong ability to manage competing priorities across concurrent large, complex projects and deliverables.
• Strong verbal, written, and interpersonal communication skills — able to articulate complex technical architecture to both technical and non-technical audiences.
• Strong technical proficiency in the use of MS Office including Visio, PowerPoint, Excel, and Word for architecture diagrams, decision records, and executive communications.

Nice To Haves

• Preferred Bachelor’s degree in Information Security, Computer Science, Engineering, or related field.
• CISSP, CCSP, or CISM certification.
• Cloud security certification (AWS Security Specialty, AZ-500, or equivalent).
• Experience designing and defending security architectures under OCC or FFIEC examination.
• Hands-on experience with threat modeling methodologies (STRIDE, PASTA, MITRE ATT&CK-informed design).
• Familiarity with post-quantum cryptography standards (FIPS 203/204/205) and transition planning.
• Experience with secure software supply chain architecture (SBOM, code signing, artifact verification).

Responsibilities

• Own the enterprise cybersecurity reference architecture — define standards, patterns, and guardrails for network security, endpoint protection, cloud security, data protection, and application security.
• Lead a team of security architects and engineers; set clear performance expectations, mentor technical talent, and cultivate a culture of engineering excellence.
• Plan, execute, and manage the integration of new security technologies into existing systems and infrastructure throughout the enterprise.
• Design and maintain a defense-in-depth posture across hybrid cloud environments (AWS, Azure) including network segmentation, micro-segmentation, encryption in transit and at rest, and secrets management.
• Drive security automation and infrastructure-as-code strategies to improve detection coverage, reduce manual toil, and accelerate deployment of security controls.
• Present technology briefings and architecture decision records to the CISO, CIO, and business line leadership.
• Build and maintain relationships with development, cloud engineering, infrastructure, and operations teams to embed security into platform and application delivery pipelines.
• Evaluate, select, and manage security technology vendors — align vendor capabilities with enterprise strategy and ensure integration cohesion across the security stack.
• Ensure security architecture decisions align with regulatory frameworks including NIST CSF, NIST 800-53, Cyber Risk Institute, FFIEC, and other industry authoritative sources.
• Lead the architecture and engineering response during major security incidents — rapid containment design, forensic tooling deployment, and post-incident hardening.
• Perform technical risk assessments of new platforms, third-party integrations, and proposed architectural changes; provide security design review sign-off for enterprise projects.
• Maintain technology roadmaps for SIEM/SOAR, EDR/XDR, network detection, cloud security posture management (CSPM), and data loss prevention (DLP) capabilities among others.

Benefits

• health insurance coverage
• wellness program
• fertility and family building aids
• life and disability insurance
• retirement savings plans with a generous 401K match
• paid leave programs
• paid holidays
• paid time off (PTO)