Senior Director of Security Configuration Management & Cyber Governance

About The Position

Requirements

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Engineering, or related field.
• 8 years of progressive experience in cybersecurity, information security, risk management, governance, or technology leadership roles.
• 8+ years of leadership experience managing large teams and senior-level managers.
• Demonstrated experience leading enterprise-scale security configuration management, cyber governance, risk, compliance, or security engineering programs.
• Deep understanding of cybersecurity frameworks, standards, and regulations including NIST CSF, NIST 800-53, CIS Controls, ISO 27001, COBIT, and relevant regulatory requirements.
• Deep knowledge of cloud security, infrastructure security, endpoint security, security configuration management, and security operations.
• Experience presenting cybersecurity strategies, risks, and performance metrics to executive leadership and executive committees.
• Proven ability to lead organizational change and drive adoption of enterprise security initiatives.
• Bachelor's degree in Information Security, Cybersecurity, Computer Science, Information Systems, Risk Management, or related field.
• Strong understanding of regulatory requirements applicable to financial services or highly regulated industries.
• Shows curiosity and adaptability in learning and responsibly applying new technologies, including artificial intelligence, to reimagine how we work.

Nice To Haves

• Master's degree in Cybersecurity, Information Security, Business Administration, or related discipline.
• Industry certifications such as CISSP, CISM, CRISC, CGEIT, CISA, or equivalent.
• Experience within highly regulated industries such as financial services, government, healthcare, or critical infrastructure.
• Experience implementing governance and security configurations and controls across hybrid cloud and modern technology environments.
• Knowledge of DevSecOps, Infrastructure as Code (IaC), automated compliance monitoring, and security orchestration technologies.

Responsibilities

• Develop and execute the enterprise strategy for security configuration management and cyber governance.
• Provide executive-level reporting on cyber risk, control effectiveness, compliance posture, and configuration management maturity aligned with risk appetite.
• Partner with business, technology, risk, legal, compliance, and audit stakeholders to ensure consistent governance practices across the Information Security organization.
• Drive continuous improvement initiatives that enhance operational resilience, security effectiveness, and regulatory readiness.
• Monitor emerging cyber threats, vulnerabilities, and industry trends to proactively address risks.
• Establish enterprise security configuration standards, baselines, and hardening requirements across Cloud, SaaS and On Prem software services.
• Ensure secure configuration controls are integrated into system development, deployment, and operational processes.
• Oversee configuration compliance monitoring, risk prioritization, remediation governance and executive reporting.
• Lead initiatives to automate configuration management, compliance validation, and security configuration enforcement.
• Define key performance indicators (KPIs), key risk indicators (KRIs), and metrics to measure security configuration compliance and risk reduction outcomes.
• Ensure alignment with industry frameworks such as NIST, CIS Benchmarks and relevant regulatory requirements.
• Drive continuous improvement of configuration compliance, and security control effectiveness.
• Ensure timely remediation of security misconfigurations across the enterprise.
• Lead security configuration management assessments and audits conducted by internal audit, regulators, and external parties.
• Ensure effective remediation of audit findings and regulatory observations.
• Lead cyber assurance governance program, partnering with Information Security Standard owners to define key requirements and monitors.
• Lead development of governance dashboards, scorecards, and metrics that provide transparency into control performance, compliance posture, risk trends, and remediation progress.
• Present cybersecurity risks, trends, and remediation status to executive leadership, risk committees, and governance forums.
• Monitor emerging cybersecurity threats, regulatory developments, and industry trends to proactively evolve governance practices.
• Ensure alignment with enterprise risk management frameworks and regulatory expectations.
• Build, lead, mentor, and develop high-performing teams focused on security governance, security configuration management, and cyber risk oversight.
• Foster a culture of accountability, innovation, collaboration, and continuous learning.
• Establish clear goals, performance expectations, and development plans for leaders and team members.
• Drive workforce planning, succession planning, talent acquisition, and leadership development initiatives.
• Manage budgets, vendor relationships, and strategic initiatives.
• Influence and inspire cross-functional teams without direct authority to achieve strategic cybersecurity objectives.
• Promote strong partnerships across technology, security operations, engineering, architecture, risk, compliance, and business functions.
• Serve as a key cybersecurity representative to executive leadership committees and governance forums.
• Communicate complex technical and risk topics in clear business terms appropriate for executive and board-level audiences.
• Build strong relationships with regulators, auditors, industry peers, and external partners.
• Influence strategic technology decisions through cybersecurity governance and risk management expertise.

Benefits

• Health, Life, Voluntary Lifestyle, and other benefits and perks that enhance an employee's physical, mental, emotional, and financial well-being.
• Fannie Mae incentive program