Director of Cybersecurity & Compliance

Recruitment Team•New York, NY

1d•$170,000 - $190,000

About The Position

At L+M Development Partners, working together to build stronger communities is our mission. Our double bottom line philosophy means that we measure success not only in financial returns but also by the positive impacts we make in the communities we serve. Founded in 1984, L+M is a full-service real estate development firm that develops, invests, constructs, and manages properties with industry-leading innovation in a variety of urban markets nationwide, primarily in the New York Tristate Area. Recognized as one of the top affordable housing developers in the country, L+M and its affiliate companies are responsible for approximately $20 billion in development and investment, and combined have over 57,000 high-quality residential units in construction or that have been acquired, preserved, or completed. L+M Development Partners is seeking a hands-on Director of Cybersecurity & Compliance to lead and execute the company's information security strategy. This is a practitioner-level role — not a purely advisory or oversight position — requiring someone who can configure controls, manage platforms, and drive real security outcomes alongside the IT team. The Director will own the day-to-day operation of L+M's security stack, manage MDR vendor relationships, lead the company's response to cyber security incidents, build a formal governance and compliance program, and serve as the internal security authority for staff, leadership, and vendors.

Requirements

7+ years of progressive experience in cybersecurity, with at least 3 years in a senior or lead technical role
Hands-on, practitioner-level expertise — this role requires the ability to configure, operate, and troubleshoot security tools directly
Deep expertise with Microsoft 365 security, Entra ID / Azure AD, Conditional Access, and Defender suite
Experience managing or overseeing Managed Email Security and MDR engagements
Experience with email security platforms.
Strong working knowledge of PII handling obligations, data breach notification laws, and multi-state regulatory requirements
Familiarity with NIST Cybersecurity Framework and the ability to translate it into practical operational controls
Experience developing and enforcing security policies, vendor security requirements, and employee training programs

Nice To Haves

CISSP, CISM, CISA, or equivalent professional certification
Experience in real estate, property management, affordable housing, or regulated industries with PII-intensive operations
Familiarity with property management platforms and their data security considerations
Experience working with outside legal counsel and cyber insurance carriers
Background conducting or managing external cybersecurity assessments
Exposure to DLP tools, SIEM/SOAR platforms, and network access control within a Microsoft-heavy environment

Responsibilities

Administer and optimize Microsoft 365 / Entra ID security configurations, including Conditional Access, MFA policies, and re-authentication session controls.
Manage and tune email security platforms, MDR and firewalls for threat detection and PII content filtering.
Oversee email security and MDR engagement for 24/7 threat monitoring; serve as primary internal contact for escalation and incident triage.
Administer firewall and other network security controls and access policies.
Manage restrictions on personal email access, personal device access to SharePoint/company resources, and shared drive to OneDrive/SharePoint migration security controls.
Implement and maintain DLP policies to prevent PII from being transmitted via email, with programmatic deletion of historical PII from employee mailboxes.
Own incident response, remediation and data breach management and reporting.
Investigate and document security incidents; produce post-incident reports for leadership and the board.
Build and maintain a NIST-aligned cybersecurity governance framework, incorporating the findings from third-party pen tests, cyber assessment and governance strategy engagement.
Develop and enforce company-wide information security policies, including acceptable use, data classification, PII handling, and vendor security requirements.
Create a vendor security program with tiered controls based on risk level; ensure new and high-risk vendors meet MFA, cybersecurity training, and contractual security requirements.
Manage PII data handling policies for all company platforms; define retention, access, and deletion procedures.
Coordinate with legal counsel on multi-state regulatory compliance, notification windows, and data privacy obligations.
Support cyber insurance renewals and carrier requirements; work with the Insurance team to assess and close coverage gaps.
Design and operate an employee security awareness training program; manage phishing simulation campaigns and track employee performance.
Help develop and enforce consequences for repeat security policy violations, including integration of phishing test results into annual performance review processes.
Provide advance training prior to new policy enforcement.
Communicate clearly with non-technical staff on security changes that affect daily workflows.
Serve as the internal subject matter expert on cybersecurity for the CTO, executive team, and board.
Prepare and present cybersecurity metrics, risk posture updates, and strategic recommendations to leadership.
Manage vendor relationships and procurement for security tools; evaluate and recommend platforms.
Define and track a cybersecurity roadmap aligned with NIST maturity milestones.