Director, Cyber Threat Management

About The Position

Requirements

• Demonstrated experience leading cyber defense teams/programs (e.g., CTI, vulnerability management, attack surface reduction, detection engineering, security operations).
• Proven people leadership strength: hiring, mentoring, and developing cybersecurity professionals across multiple experience levels, including leading leaders/managers.
• Strong understanding of threat actor tracking and TTP-driven defense, and the ability to translate intelligence into practical defensive improvements (detections, controls, priorities).
• Hands-on familiarity with enterprise vulnerability management operating models, including integrating data from multiple security sources and driving risk-based remediation outcomes.
• Experience building repeatable, well-documented, auditable processes with measurable outcomes (e.g., remediation SLAs, KPIs/KRIs, risk reduction metrics).
• Ability to drive execution through influence and partnership across Security Operations, Security Engineering, Infrastructure, Application Development, Cloud, and Risk Management.
• Executive communication skills—able to deliver concise, business-relevant updates on threats, exposure, and risk posture.

Responsibilities

• Lead and grow a multidisciplinary cyber threat management organization, including Cyber Threat Intelligence, Enterprise Vulnerability Management, and Attack Surface Reduction
• Own Cyber Threat Intelligence (CTI) by monitoring open and closed sources, assessing relevance, and disseminating actionable intelligence to protect Thomson Reuters and its customers.
• Maintain and operationalize a robust IOC repository, ensuring intelligence integrates with detection and response technologies and aligns to operational use cases.
• Prioritize the threat actor landscape (including nation-state adversaries and their TTPs) and partner with Threat Detection Engineering to map, validate, and enhance detections and controls.
• Direct the Enterprise Vulnerability Management program, including deployment/optimization of vulnerability detection across infrastructure, applications, cloud, and other technology platforms, and correlation/normalization of findings across multiple sources.
• Build clear remediation guidance across vulnerability types and teams, driving a unified, risk-based prioritization model and practical playbooks that improve speed and consistency of remediation.
• Lead Attack Surface Reduction through external discovery and continuous monitoring, proactively identifying and driving remediation of exposures such as misconfigurations, shadow IT, and insecure service

Benefits

• Flexibility & Work-Life Balance: Flex My Way is a set of supportive workplace policies designed to help manage personal and professional responsibilities, whether caring for family, giving back to the community, or finding time to refresh and reset. This builds upon our flexible work arrangements, including work from anywhere for up to 8 weeks per year, empowering employees to achieve a better work-life balance.
• Career Development and Growth: By fostering a culture of continuous learning and skill development, we prepare our talent to tackle tomorrow’s challenges and deliver real-world solutions. Our Grow My Way programming and skills-first approach ensures you have the tools and knowledge to grow, lead, and thrive in an AI-enabled future.
• Industry Competitive Benefits: We offer comprehensive benefit plans to include flexible vacation, two company-wide Mental Health Days off, access to the Headspace app, retirement savings, tuition reimbursement, employee incentive programs, and resources for mental, physical, and financial wellbeing.
• Culture: Globally recognized, award-winning reputation for inclusion and belonging, flexibility, work-life balance, and more. We live by our values: Obsess over our Customers, Compete to Win, Challenge (Y)our Thinking, Act Fast / Learn Fast, and Stronger Together.
• Social Impact: Make an impact in your community with our Social Impact Institute. We offer employees two paid volunteer days off annually and opportunities to get involved with pro-bono consulting projects and Environmental, Social, and Governance (ESG) initiatives.
• Making a Real-World Impact: We are one of the few companies globally that helps its customers pursue justice, truth, and transparency.
• comprehensive benefits package to our employees. Our benefit package includes market competitive health, dental, vision, disability, and life insurance programs, as well as a competitive 401k plan with company match. In addition, Thomson Reuters offers market leading work life benefits with competitive vacation, sick and safe paid time off, paid holidays (including two company mental health days off), parental leave, sabbatical leave.
• optional hospital, accident and sickness insurance paid 100% by the employee; optional life and AD&D insurance paid 100% by the employee; Flexible Spending and Health Savings Accounts; fitness reimbursement; access to Employee Assistance Program; Group Legal Identity Theft Protection benefit paid 100% by employee; access to 529 Plan; commuter benefits; Adoption & Surrogacy Assistance; Tuition Reimbursement; and access to Employee Stock Purchase Plan.