Director of Cybersecurity

About The Position

Requirements

• Bachelor’s degree in Information Technology, Cybersecurity, or a related discipline, or equivalent professional experience
• Minimum of 8 years of experience in information technology, including:
• At least 5 years in cybersecurity and/or data security
• At least 3 years in data privacy or closely related risk domains
• Minimum of 3 years of experience leading cybersecurity or information security programs and teams
• CISSP required; CISM strongly preferred
• Demonstrated knowledge of cybersecurity frameworks such as NIST-CSF, ISO/IEC 27001, and COBIT

Nice To Haves

• Experience in scientific research, pharmaceutical, healthcare or other regulated industries
• Strong executive presence with the ability to influence, advise, and challenge constructively
• Excellent written and verbal communication skills, including the ability to translate technical risk into business impact
• Strong strategic and tactical project management capabilities
• Proven ability to collaborate across technical and non-technical teams
• Strong analytical, documentation, and problem-solving skills
• Experience facilitating committees, leading cross-functional initiatives, and managing vendor relationships

Responsibilities

• Cybersecurity Strategy & Leadership Develop, execute, and continuously refine VAI’s enterprise cybersecurity strategy and multi-year roadmap aligned with organizational risk tolerance and business priorities
• Serve as the Institute’s senior cybersecurity leader and subject matter expert, advising executives and stakeholders on risk, threats, and mitigation strategies
• Lead and chair the Cybersecurity Committee, including agenda development, facilitation, follow-through, and executive reporting
• Governance, Risk & Compliance Establish, maintain, and enforce cybersecurity policies, standards, and procedures aligned with NIST-CSF and other applicable frameworks
• Identify cybersecurity, data protection, and privacy risks; assess impact and likelihood; and implement pragmatic, risk-based controls
• Partner with internal stakeholders to understand regulatory, contractual, and research-related security obligations and ensure appropriate controls are in place
• Operational Security & Incident Management Oversee security operations, including threat detection, vulnerability management, and security monitoring capabilities
• Lead the development, testing, and execution of incident response, disaster recovery, and business continuity plans
• Ensure timely, clear communication during security incidents, including executive briefings and post-incident reviews
• Technology & Vendor Risk Evaluate, select, and implement security technologies that enhance VAI’s cybersecurity posture
• Review and assess vendor contracts and third-party relationships to manage cybersecurity and data privacy risk
• Collaborate with procurement, legal, and IT to embed security requirements into vendor lifecycle processes
• Project & Priority Management Translates cybersecurity strategy into executable roadmaps and ensures disciplined delivery across multiple concurrent initiatives
• Coordinates cybersecurity projects across IT, research, legal, and compliance stakeholders to ensure alignment and successful outcomes
• Plans, executes, and tracks cybersecurity projects from initiation through closure, ensuring on-time, on-budget delivery
• Manages project dependencies, risks, and milestones across security operations, infrastructure, compliance, and incident response efforts
• Collaboration & Communication Partner closely with IT leadership and project teams to embed security by design into systems, processes and initiatives
• Ability to translate strategic cybersecurity priorities into actionable project and support related deliverables
• Communicate cybersecurity posture, risks, and progress to executive leadership in clear, actionable terms
• Foster a culture of security awareness and shared accountability across the organization