Director of Security
Cybersecurity Leadership
Develop and execute a comprehensive cybersecurity strategy aligned with business objectives
Lead enterprise-wide security architecture, including network, cloud, application, and endpoint security
Oversee Security Operations (SOC), incident detection, response, and threat intelligence
Establish and maintain a proactive vulnerability management and penetration testing program
Drive zero-trust architecture and secure-by-design principles
Risk Management & Compliance
Identify, assess, and mitigate cybersecurity risks across the organization
Ensure compliance with frameworks such as NIST SP 800-171, ISO 27001, SOC 2 (System Organization Controls 2), CMMC (Cybersecurity Maturity Model Certification), and GDPR (General Data Protection Regulation; as applicable)
Lead internal and external security audits and certifications
Develop and maintain policies, standards, and procedures
Incident Response & Resilience
Own the incident response lifecycle, including detection, preparation, containment, eradication, and recovery
Lead crisis management for cybersecurity incidents and coordinate cross-functional response
Conduct tabletop exercises and continuously improve response readiness
Security Engineering & Operations
Oversee implementation and optimization of security tools (SIEM, EDR, IAM, DLP, etc.)
Partner with IT, DevOps, and Engineering to embed security into infrastructure and software development lifecycles (DevSecOps); minimize development cycles through continuous integration, continuous delivery (CI/CD)
Manage third-party security risks and supplier assessments
Leadership & Culture
Promote a culture of security awareness across the organization
Provide executive-level reporting on security posture, risks, and KPIs
Serve as a trusted advisor to senior leadership