Director, Cybersecurity Compliance & Governance
Qarbon Aerospace · Red Oak, TX · 1 mo ago
On-siteInformation TechnologyFull-time
Position Overview
The Director of Cybersecurity, Compliance & Governance is a senior leadership role responsible for establishing and maturing the organization's information security posture, regulatory compliance program, and governance frameworks. Reporting directly to the CIO with a dotted-line relationship to the General Counsel, this role serves as the enterprise authority on cybersecurity strategy, risk management, and compliance obligations across all business units. This leader will partner closely with executive, legal, and operational stakeholders to build a culture of security and compliance, protect critical assets, and ensure the organization meets its obligations under applicable laws, regulations, and industry standards.
Cybersecurity Strategy & Operations
- Develop, own, and execute the enterprise cybersecurity roadmap aligned with business objectives and risk appetite
- Oversee security operations, threat intelligence, incident response, and vulnerability management programs
- Lead evaluation and deployment of security technologies including SIEM, EDR, CASB, PAM, and Zero Trust architecture
- Manage third-party and vendor risk assessments; enforce contractual security requirements
- Direct the organization's Security Operations Center (SOC) function, whether internal or managed
Governance, Risk & Compliance (GRC)
- Design and maintain the enterprise GRC framework, policies, standards, and control library
- Lead compliance programs for applicable regulations (e.g., NIST CSF, ISO 27001, SOC 2, HIPAA, CMMC, PCI-DSS, CCPA/CPRA, TX HB 3746) as applicable
- Coordinate internal and external audits; manage findings remediation and management reporting
- Maintain a comprehensive risk register; develop risk treatment plans and report risk posture to CIO and Board-level audiences
- Partner with Legal on data privacy obligations, contract review, and litigation holds involving electronic evidence
Leadership & Program Management
- Build, mentor, and retain a high-performing cybersecurity and compliance team
- Define team structure, hiring plans, and skill development roadmaps
- Manage departmental budget, vendor contracts, and technology investments
- Champion security awareness and training programs across the enterprise
- Serve as executive-level point of contact for cybersecurity inquiries from clients, partners, regulators, and board members
Legal & Cross-Functional Collaboration
- Serve as primary liaison to Legal for data breach notification obligations, regulatory inquiries, and e-discovery requests
- Advises on cybersecurity implications of M&A activity, new product launches, and third-party partnerships
- Collaborate with IT, HR, Finance, and Operations to embed security controls in business processes
- Represent cybersecurity interests in enterprise architecture, cloud strategy, and digital transformation initiatives