Senior Director of Cybersecurity Assessments and Assurance

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Information Technology, Business Administration, or a related field (Master’s degree preferred).
• 10+ years of experience in cybersecurity, risk management, or compliance, with at least 5 years in a leadership role managing teams and programs.
• Strong experience in third-party risk management, cybersecurity assessments, and regulatory compliance.
• In-depth knowledge of cybersecurity frameworks and standards, including SOC 1, SOC 2, ISO 27001, NIST CSF, and CIS Controls.
• Strong understanding of IT regulatory compliance requirements, including HIPAA, PCI-DSS, GDPR, GxP, and other applicable standards.
• Proven experience managing third-party risk assessment programs, including vendor onboarding, continuous monitoring, and contract reviews.
• Expertise in leading infrastructure and application compliance assessments to ensure adherence to internal policies and external requirements.
• Strong project management skills, with the ability to coordinate complex assessments, audits, and certifications across multiple teams and stakeholders.
• Exceptional communication and interpersonal skills, with the ability to influence and collaborate with senior leaders, technical teams, and external partners.
• Strong analytical and problem-solving skills, with the ability to identify risks, recommend mitigations, and drive resolution.
• Leadership: Proven ability to inspire, lead, and develop teams while fostering a culture of accountability and excellence.
• Strategic Thinking: Ability to align cybersecurity assessments and assurance programs with organizational goals and evolving threats.
• Collaboration: Strong ability to work across departments and build consensus on risk and compliance priorities.
• Results-Oriented: Focused on achieving measurable improvements in cybersecurity posture and compliance adherence.
• Adaptability: Comfortable navigating the dynamic regulatory and cybersecurity landscape, proactively addressing emerging challenges.

Nice To Haves

• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)
• ISO 27001 Lead Auditor or Implementer
• Certified Third-Party Risk Professional (CTPRP)
• Governance, Risk, and Compliance (GRC) certifications (e.g., GRCP, GRCA)

Responsibilities

• Develop and lead a comprehensive cybersecurity assessments and assurance program to evaluate the security posture of the organization and its vendors.
• Oversee infrastructure and application compliance assessments to ensure alignment with security policies, frameworks, and regulatory standards.
• Design and execute annual critical assessments of key systems, applications, and processes, identifying gaps and driving remediation efforts.
• Manage the organization's third-party certifications (e.g., SOC 1, SOC 2, ISO 27001, NIST), ensuring timely attainment and renewal through effective coordination with internal teams and external auditors.
• Own the third-party risk assessment process, ensuring thorough onboarding, evaluation, and periodic reassessment of vendors.
• Oversee continuous monitoring of critical vendors to evaluate their adherence to contractual obligations, security requirements, and industry standards.
• Collaborate with procurement, legal, and vendor management teams to review and negotiate cybersecurity and data privacy clauses in contracts.
• Develop and maintain a risk-based methodology to prioritize and focus efforts on high-risk vendors and critical third-party relationships.
• Ensure compliance with applicable IT regulatory requirements, including but not limited to HIPAA, PCI-DSS, GxP, GDPR, and CCPA.
• Monitor the evolving landscape of cybersecurity regulations and standards, providing guidance to internal stakeholders on compliance obligations.
• Lead internal and external audits related to regulatory compliance, ensuring timely responses, remediation, and reporting.
• Collaborate with legal and compliance teams to address regulatory inquiries, assessments, and reporting needs.
• Implement and oversee a continuous monitoring program for critical systems, applications, and third-party relationships, leveraging tools and automation where possible.
• Establish and track key performance indicators (KPIs) and key risk indicators (KRIs) to measure the effectiveness of cybersecurity assessments, vendor management, and compliance programs.
• Provide regular reporting to senior leadership on the organization’s cybersecurity posture, highlighting risks, trends, and remediation progress.
• Lead and mentor a high-performing team of cybersecurity professionals responsible for assessments, assurance, and compliance activities.
• Foster collaboration with cross-functional teams, including IT, legal, procurement, internal audit, and business units, to align cybersecurity efforts with organizational objectives.
• Serve as the primary liaison with external auditors, regulators, and certification bodies, ensuring effective communication and coordination.
• Act as a trusted advisor to senior leadership, providing insights and recommendations on risk management, compliance, and assurance strategies.

Benefits

• We provide compensation, benefits, and resources that enable a highly inclusive culture and support our team members’ ability to live with purpose every day.
• In addition to traditional offerings like medical, dental, and vision care, we also provide a comprehensive suite of benefits that focus on the physical, emotional, financial, and social aspects of wellness.
• This encompasses support for working families, which may include backup dependent care, adoption assistance, infertility coverage, family building support, behavioral health solutions, paid parental leave, and paid caregiver leave.
• To encourage your personal growth, we also offer a variety of training programs, professional development resources, and opportunities to participate in mentorship programs, employee resource groups, volunteer activities, and much more.