Director of Enterprise Cybersecurity

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or related field (Master’s degree preferred).
• 10+ years of leadership roles in information security governance, risk management, and compliance, with at least 5 years leading enterprise cybersecurity teams.
• Current CISSP, CISM, or equivalent DoD 8570 certifications
• Experience with CMMC requirements and auditing
• Strong technical expertise in implementing security frameworks (e.g., NIST 800-171, CIS, ISO, ITIL) and risk management methodologies.
• Deep knowledge of enterprise IT systems, cloud infrastructure security, and secure network architecture.
• Demonstrated success in building operational cybersecurity teams and fostering a collaborative culture.
• Experience leading security incident response efforts, including hands-on involvement in detection, analysis, containment, and recovery phases.
• Knowledge of emerging trends, technologies, and threats in cybersecurity.
• Must possess an active Secret clearance or ability to obtain a clearance, which requires U.S. Citizenship.

Nice To Haves

• Master’s degree in Cybersecurity, Business, or related field.
• Experience in the aerospace, defense, or government contracting environment.
• Expertise in supply chain risk management for secure systems and products.
• Familiarity with cloud security models, such as AWS GovCloud, Microsoft GCC High, Google Cloud, and other cloud applications.
• Proven ability to develop and deliver executive-level metrics, dashboards, and reports to inform risk-based decisions.

Responsibilities

• Refine our comprehensive, forward-looking enterprise cybersecurity strategy that aligns with STR’s mission, business goals, and compliance requirements.
• Define and monitor key performance indicators (KPIs) to measure security program effectiveness and ROI.
• Partner with executive leadership to advise on security investments, risk mitigation strategies, and incident response readiness.
• Manage cybersecurity risk as part of the enterprise risk management program, and update and present changes to the risk committee.
• In collaboration with the Director of Enterprise Infrastructure, oversee the implementation and monitoring of technical and operational security controls to protect STR’s assets across on-premises and cloud environments.
• Review enterprise vulnerability management programs, including proactive scanning, risk prioritization, and remediation tracking.
• Working with the Director of Enterprise Infrastructure, oversee the implementation and continuous improvement of security technologies such as firewalls, intrusion detection/prevention systems, endpoint protection, cloud security controls, and data loss prevention solutions.
• Partner with the Director of Enterprise Infrastructure, to optimize network and perimeter security strategies to include secure network design and best practices for multi-platform environments (Windows, Linux, Mac, etc.).
• Ensure company-wide compliance with NIST 800-171, DFARS, CMMC, and other applicable DoD/federal cybersecurity regulations.
• Lead internal and third-party IT audits, including tracking findings, managing resolutions, and driving continuous improvements.
• Develop, review, and implement cybersecurity policies, procedures, and standards to maintain security integrity while enabling business growth.
• Serve as a primary point of contact for customers, regulators, and compliance bodies regarding enterprise cybersecurity audits and inquiries.
• Oversee the ongoing improvement and operation of STR’s Enterprise Incident Response Plan and lead the team in managing and mitigating security incidents, including phishing, malware outbreaks, and breaches.
• Direct threat intelligence and risk assessment activities to evaluate emerging vulnerabilities and proactively implement preventive controls.
• Build, mentor, and lead a high-performing, cross-functional cybersecurity team, fostering a culture of innovation and accountability.
• Work effectively across departments, including IT, Engineering, procurement, contracts, and legal, to ensure security requirements are met.
• Assess and optimize relationships with external cybersecurity partners.
• Conduct regular briefings on the status of security programs, emerging threats, and risk mitigation actions.
• Identify and deploy cutting-edge cybersecurity tools and technologies for continuous improvement.