Director, Exposure Management (Cybersecurity Defense)

About The Position

Requirements

• Ideally targeting individuals with 10+ years of experience in cybersecurity, with a focus on vulnerability management, cloud security, endpoint security, or data protection.
• Deep expertise in exposure management practices, including vulnerability assessment, configuration management, and risk-based prioritization.
• Strong understanding of cybersecurity frameworks (e.g., NIST CSF, ISO 27001) and regulatory requirements.
• Experience leading security engineering and operational teams focused on exposure reduction and risk mitigation.
• Demonstrated ability to collaborate with cross-functional teams and influence technical and business stakeholders.
• Strong leadership, analytical, and problem-solving skills.

Nice To Haves

• Experience in highly regulated industries, a plus.
• Experience with modern cloud security, network security, and data protection technologies, a plus.

Responsibilities

• Develop and lead the exposure management strategy aligned with cybersecurity, risk management, and business objectives.
• Define governance frameworks and processes to identify, assess, prioritize, and remediate security exposures across the organization.
• Collaborate with cybersecurity leadership to align exposure management initiatives with broader cyber defense and risk reduction strategies.
• Serve as an advisor to leadership on exposure trends, risk posture, and mitigation priorities.
• Oversee enterprise vulnerability management capabilities, including identification, assessment, prioritization, and remediation tracking.
• Define risk-based prioritization methodologies to evaluate vulnerabilities based on threat intelligence, exploitability, and business impact.
• Oversee vulnerability scanning, reporting, and remediation processes across infrastructure, applications, and cloud environments.
• Oversee vulnerability management tooling and engineering strategy (e.g., Rapid7) to support exposure visibility and remediation workflows.
• Lead cloud security monitoring and posture management processes to detect misconfigurations, vulnerabilities, and anomalous activity across cloud environments.
• Oversee CNAPP and CASB tooling strategies to monitor, control, and secure cloud applications and infrastructure.
• Define firewall monitoring standards and rule configurations in collaboration with security architecture to ensure alignment with security policies.
• Manage firewall and network security tooling to detect misconfigurations, policy violations, and anomalous activity.
• Ensure alignment of cloud and network security controls with enterprise architecture and risk requirements.
• Oversee endpoint security capabilities, including configuration management, drift detection, and enforcement of secure baselines.
• Lead endpoint hardening, and monitoring strategies to reduce endpoint-related risks.
• Direct mobile security initiatives to protect devices and applications through policy enforcement and monitoring.
• Oversee endpoint and mobile security tooling strategy to enable consistent protection and compliance across the enterprise
• Lead enterprise data protection capabilities, including endpoint, network, and cloud DLP programs.
• Oversee design, implementation, and optimization of DLP tooling to monitor and prevent unauthorized data access, use, or exfiltration.
• Establish and manage Data Security Posture Management (DSPM) capabilities to discover, classify, and assess sensitive data across environments.
• Ensure alignment of data protection controls with regulatory requirements, privacy standards, and enterprise policies.
• Define and enforce security configuration standards across systems, infrastructure, and endpoints.
• Oversee configuration drift detection and remediation processes to maintain secure and compliant baselines.
• Collaborate with IT and engineering teams to ensure secure configurations are embedded into system builds and deployment pipelines.
• Drive continuous improvement of configuration management practices to reduce exposure and improve resilience.
• Lead engineering and optimization of exposure management tools, including vulnerability management, CNAPP, CASB, DLP, and endpoint security platforms.
• Define use cases, technical requirements, and configurations to enhance detection, monitoring, and remediation capabilities.
• Drive automation of exposure detection, prioritization, and remediation workflows to improve efficiency and scalability.
• Ensure integration of exposure management tools with broader cybersecurity platforms and processes.
• Collaborate with cybersecurity, IT, engineering, and business teams to integrate exposure management into enterprise processes and initiatives.
• Partner with risk and compliance teams to align exposure management activities with enterprise risk frameworks and regulatory requirements.
• Provide actionable insights and reporting to leadership on exposure trends, remediation progress, and risk reduction outcomes.
• Support audit and regulatory activities by providing documentation and evidence related to exposure management practices.
• Define and track KPIs and KRIs related to vulnerability management, configuration compliance, and exposure reduction.
• Provide regular reporting to leadership on security posture, exposure trends, and remediation effectiveness.
• Identify opportunities to enhance exposure visibility, prioritization accuracy, and remediation efficiency.
• Drive continuous improvement initiatives to mature exposure management capabilities.
• Build and lead a high-performing exposure management team with capabilities across vulnerability management, cloud security, endpoint security, and data protection.
• Develop team capabilities through training, mentoring, and structured career development initiatives.
• Foster a culture of accountability, collaboration, and continuous improvement.
• Ensure alignment of team capabilities with evolving threat landscape and organizational needs.

Benefits

• Medical, dental and vision coverage
• Paid time off plan
• Health savings account (HSA)
• 401k savings plan
• Access to wages before pay day with myFlexPay
• Flexible spending accounts (FSAs)
• Short- and long-term disability coverage
• Work-Life resources
• Paid parental leave
• Healthy lifestyle programs