Sr. Director, Cyber Engineering

McKessonRichmond, VA
$172,000 - $286,600Onsite

About The Position

The Sr. Director of Cybersecurity Engineering is responsible for leading teams that engineer, implement, and continuously improve enterprise security controls and platforms across identity, endpoint, network, cloud, application, and data environments. This leader partners with the CISO organization, Technology Leadership, risk/compliance, and business stakeholders to prioritize investments, establish standards and guardrails, and ensure measurable improvements in control effectiveness, security resilience, and operational efficiency. This role requires strong technical depth in security engineering and the leadership maturity to operate at the executive level. The Director establishes cybersecurity engineering strategy, multi-year roadmaps, and success metrics; governs an operating rhythm for delivery and reliability; and ensures outcomes are achieved across multiple teams (often through influence).

Requirements

  • Degree or equivalent experience.
  • Typically requires 15+ years of professional experience and 10+ years of diversified leadership, planning, communication, organization, and people motivation skills or equivalent experience).
  • 15+ years of progressive cybersecurity/technology experience with demonstrated depth in building and operating security controls and platforms.
  • 10+ years leading engineering teams and/or enterprise programs, including setting strategy, defining metrics, managing budgets/vendors, and driving execution across multiple stakeholders.
  • Hands-on and leadership experience engineering security capabilities such as IAM/PAM, network security controls, endpoint security, vulnerability management, encryption/key management, secrets management, and cloud security controls.
  • Proven ability to deliver engineering outcomes at scale building standardized services, defining SLAs/SLOs, automating controls, and driving adoption across diverse technology stacks.
  • Executive-ready communication and stakeholder management skills, including the ability to present risk, progress, and investment needs to senior leadership and influence decisions.
  • Demonstrated ability to set strategy, secure organizational alignment/approvals, and deliver complex engineering outcomes through multiple stakeholders (Security, Infrastructure, Cloud, Application/Product, and business teams).
  • Deep understanding of security control engineering and platforms, including IAM/PAM, PKI/certificates, network security, endpoint security, cloud security controls, encryption/key management, secrets management, vulnerability management, and secure configuration baselines.
  • Strong risk and engineering communication skills: able to translate control gaps, reliability issues, and remediation tradeoffs into business impact, present to executives, and drive decisions to closure.
  • Experience establishing oversight metrics and operational rhythms (OKRs/KPIs, service reviews, delivery governance) and using data to improve engineering throughput, automation, and control effectiveness.
  • Working knowledge of governance and regulatory expectations (e.g., NIST, ISO 27001, HIPAA/HITECH, PCI DSS, SOX, GDPR, SOC 2) and the ability to partner effectively with audit/compliance to design controls and produce evidence.
  • Track record of building high-performing engineering teams and leading with integrity, accountability, and operational discipline; known for clear communication, sound judgment, and reliable execution.
  • Experience developing multi-year roadmaps and influencing investment decisions (people, tooling, automation) to improve enterprise security control coverage and reliability.
  • Proven capability managing vendor relationships and service contracts for security platforms and managed services, including defining requirements, budgeting, and measuring performance against SLAs/SLOs.
  • Strong understanding of privacy and data handling considerations; able to partner with Legal/Privacy and HR as needed to ensure controls and monitoring are appropriate and compliant.
  • Experience operating in hybrid/cloud environments and engineering security guardrails (e.g., CSPM, cloud IAM, network segmentation, encryption, logging) in partnership with platform teams.
  • Ability to drive secure-by-design practices through DevSecOps, infrastructure-as-code, and automation (policy-as-code, CI/CD controls, secrets management), reducing friction while raising the security baseline.
  • Experience partnering with detection/response and vulnerability teams to ensure engineered controls are measurable, testable, and improve incident outcomes; sponsor exercises and continuous improvement initiatives.
  • Trusted leader who builds credibility with executives and teams through transparency, follow-through, and a strong culture of engineering excellence.
  • Bachelors degree in computer science, information security/assurance, engineering, or a related field; advanced degree preferred or equivalent experience.

Nice To Haves

  • Relevant certifications (preferred): CISSP, CISM, GIAC/SANS, +, SSCP, or equivalent foundational security certification.
  • TDR/SecOps certifications (a plus): Google Cloud Professional Cloud Security Engineer and/or Associate Cloud Engineer, Google Professional Cloud DevOps Engineer, and/or GIAC certifications (e.g., GSEC, GCIH) depending on role focus.
  • and/or cloud/security engineering certifications aligned to the teams platforms.

Responsibilities

  • Define and own the cybersecurity engineering strategy and operating model (platform engineering, control implementation, automation, reliability) aligned to business risk, technology priorities, and security architecture.
  • Establish and report executive-level metrics and scorecards (e.g., control adoption, coverage, reliability, vulnerability and misconfiguration reduction, policy compliance, engineering throughput, automation impact) and drive continuous improvement based on outcomes.
  • Own the security engineering platform portfolio: select, integrate, and manage lifecycle for security tooling and services (e.g., IAM/PAM, PKI, EDR, CSPM, vulnerability management, secrets management, WAF, DLP, SIEM/SOAR integrations) with clear service models and reliability targets.
  • Partner with architecture, engineering, and product teams to embed security into delivery (DevSecOps): define engineering standards, reusable patterns, and automated guardrails; enable teams with reference implementations and self-service capabilities.
  • Lead engineering execution for prioritized risk-reduction initiatives: hardening, segmentation, encryption, identity modernization, secure configuration baselines, vulnerability remediation automation, and resilience improvements across hybrid and cloud environments.
  • Establish governance for engineering delivery: intake and prioritization, roadmaps, architecture/engineering reviews, change management, and exception processes; ensure solutions are compliant-by-design and supported with appropriate documentation and evidence.
  • Build and lead high-performing cybersecurity engineering teams through hiring, coaching, performance management, and career development; establish standards for engineering quality, critical review, and operational discipline.
  • Manage cross-functional stakeholder relationships (Technology leaders, risk/compliance, audit, legal/privacy, and vendors) and translate technical risk and engineering tradeoffs into business impact and investment decisions.
  • Ensure security engineering services are reliable and operationally mature: define SLAs/SLOs, partner with SOC/CSIRT during incidents for engineering response and hardening, and drive post-incident corrective actions into durable platform improvements.

Benefits

  • competitive compensation package
  • annual bonus
  • long-term incentive opportunities
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service