Director, Cybersecurity & Compliance
Arctiq · Knoxville, TN · 2 wk ago
On-siteInformation TechnologyFull-time
Responsibilities
- Cybersecurity Operations
- Lead day-to-day cybersecurity operations and manage the security team.
- Serve as the senior escalation point for security incidents, vulnerabilities, and client risk concerns.
- Oversee managed security services including: Endpoint Detection & Response (EDR), Identity Threat Detection, Vulnerability Management, SIEM & Log Management, Email Security, DNS Filtering, Security Awareness Training.
- Maintain incident response procedures, operational playbooks, and security workflows.
- Monitor service performance, identify trends, and drive continuous improvement.
- Compliance & CMMC Leadership
- Lead the organization's cybersecurity compliance program with an emphasis on CMMC Level 2, NIST SP 800-171, and related regulatory frameworks.
- Develop operational processes that support audit readiness and defensible compliance.
- Translate compliance requirements into technical standards, operational controls, documentation, and evidence collection processes.
- Oversee control ownership, remediation tracking, policy development, and assessment readiness.
- Coordinate with external assessors, consultants, and compliance partners.
- Security Architecture & Standards
- Develop and maintain enterprise security standards and baseline configurations.
- Define secure technology standards across Microsoft 365, Microsoft Entra ID, Azure, endpoints, servers, firewalls, and cloud infrastructure.
- Evaluate new security tools and technologies for operational effectiveness, compliance value, and scalability.
- Partner with infrastructure, networking, cloud, and service teams to ensure consistent implementation of security standards.
- Threat & Vulnerability Management
- Lead vulnerability management and incident response activities.
- Develop remediation standards, severity classifications, and response playbooks.
- Coordinate investigations and communications during security incidents.
- Identify recurring security risks and implement long-term improvements through automation and process optimization.
- Governance, Risk & Compliance
- Maintain security policies, standards, risk registers, and governance documentation.
- Support SOC 2, HIPAA, CMMC, and other compliance initiatives.
- Conduct access reviews, control validation, and risk assessments.
- Support disaster recovery, business continuity, and tabletop exercises.
- Client Advisory & Strategic Initiatives
- Participate in executive-level client meetings, security assessments, and strategic planning discussions.
- Support business development through technical discovery, solution validation, and cybersecurity consulting.
- Review proposed security solutions for technical feasibility and compliance alignment.
- Stay current on evolving cybersecurity threats, regulatory changes, and industry best practices.
- Proven leadership experience managing cybersecurity operations and security teams.
- Strong background in managed security services, consulting, or enterprise cybersecurity.
- Hands-on experience with Microsoft security technologies, SIEM platforms, vulnerability management, identity security, and cloud security.
- Deep understanding of CMMC Level 2, NIST SP 800-171, DFARS, SOC 2, HIPAA, and related compliance frameworks.
- Experience building operational processes, security standards, and governance programs.
- Excellent communication skills with the ability to engage technical teams, executives, and clients.
- Preferred Certifications: CISSP, CISM, CSCP, CMMC CCP/CCA.