Director, Cybersecurity Compliance & Governance

About The Position

Requirements

• BACHELOR’S DEGREE IN COMPUTER SCIENCE, INFORMATION SECURITY, INFORMATION SYSTEMS, OR A RELATED FIELD; OR EQUIVALENT EXPERIENCE
• 10+ YEARS OF PROGRESSIVE EXPERIENCE IN CYBERSECURITY, WITH AT LEAST 4 YEARS IN A LEADERSHIP OR MANAGEMENT ROLE
• DEMONSTRATED EXPERTISE IN GRC FRAMEWORKS (NIST CSF/800-53, ISO 27001/27002, CIS CONTROLS)
• HANDS-ON EXPERIENCE LEADING COMPLIANCE INITIATIVES AND MANAGING REGULATORY AUDITS
• STRONG UNDERSTANDING OF DATA PRIVACY LAWS INCLUDING CCPA, GDPR, AND APPLICABLE STATE/FEDERAL REQUIREMENTS
• PROVEN ABILITY TO COMMUNICATE RISK AND SECURITY CONCEPTS TO NON-TECHNICAL EXECUTIVES, LEGAL COUNSEL, AND BOARD MEMBERS
• EXPERIENCE MANAGING SECURITY INCIDENT RESPONSE, INCLUDING COORDINATION WITH LEGAL, PR, AND EXECUTIVE LEADERSHIP

Nice To Haves

• MASTER’S DEGREE IN CYBERSECURITY, INFORMATION ASSURANCE, OR RELATED FIELD
• ONE OR MORE CERTIFICATIONS: CISSP, CISM, CISA, CRISC, CCSP, OR EQUIVALENT
• EXPERIENCE IN A PUBLICLY TRADED, REGULATED, OR MULTI-STATE ENTERPRISE ENVIRONMENT
• FAMILIARITY WITH OT/ICS SECURITY, CLOUD SECURITY (AWS, AZURE, GCP), OR DEVSECOPS PRACTICES
• PRIOR EXPERIENCE WITH CMMC, FEDRAMP, OR SOX IT GENERAL CONTROLS

Responsibilities

• Develop, own, and execute the enterprise cybersecurity roadmap aligned with business objectives and risk appetite
• Oversee security operations, threat intelligence, incident response, and vulnerability management programs
• Lead evaluation and deployment of security technologies including SIEM, EDR, CASB, PAM, and Zero Trust architecture
• Manage third-party and vendor risk assessments; enforce contractual security requirements
• Direct the organization's Security Operations Center (SOC) function, whether internal or managed
• Design and maintain the enterprise GRC framework, policies, standards, and control library
• Lead compliance programs for applicable regulations (e.g., NIST CSF, ISO 27001, SOC 2, HIPAA, CMMC, PCI-DSS, CCPA/CPRA, TX HB 3746) as applicable
• Coordinate internal and external audits; manage findings remediation and management reporting
• Maintain a comprehensive risk register; develop risk treatment plans and report risk posture to CIO and Board-level audiences
• Partner with Legal on data privacy obligations, contract review, and litigation holds involving electronic evidence
• Build, mentor, and retain a high-performing cybersecurity and compliance team
• Define team structure, hiring plans, and skill development roadmaps
• Manage departmental budget, vendor contracts, and technology investments
• Champion security awareness and training programs across the enterprise
• Serve as executive-level point of contact for cybersecurity inquiries from clients, partners, regulators, and board members
• Serve as primary liaison to Legal for data breach notification obligations, regulatory inquiries, and e-discovery requests
• Advise on cybersecurity implications of M&A activity, new product launches, and third-party partnerships
• Collaborate with IT, HR, Finance, and Operations to embed security controls in business processes
• Represent cybersecurity interests in enterprise architecture, cloud strategy, and digital transformation initiatives

Benefits

• Company Paid Benefits available immediately upon employment.
• Basic Life Insurance
• Short-Term Disability (STD) & Long-Term Disability (LTD)
• 12 Paid Holidays
• Flex Time Off
• Medical/Prescription Insurance
• Dental & Vision Insurance
• Critical Illness Insurance / Hospital Indemnity Insurance / Accident Insurance
• Life Insurance and AD&D Insurance
• Savings and Spending Accounts
• Health Flexible Spending Account (FSA)
• Dependent Care FSA
• Health Savings Account (HSA)
• Immediate vesting on 401(k) Plans
• Educations Reimbursement Assistance