Director of Cybersecurity Operations

Job Description

The Director of Cybersecurity Operations leads the institution’s cybersecurity operations and risk management program to protect information assets and enable business objectives. This role owns the strategy and execution for security monitoring and detection, incident response (SIRT), vulnerability and exposure management, digital forensics, and cybersecurity governance and compliance. The Director partners with IT and business leaders to embed security‑by‑design across initiatives, defines operational playbooks and metrics, and continuously improves processes through automation and modern security practices.

This position provides people leadership for the cybersecurity team and manages the department budget, vendor/partner relationships, and executive reporting on cyber risk and security performance.

• Own and run day‑to‑day cybersecurity operations, including security monitoring, alert triage, and response.
• Lead incident response end‑to‑end—build playbooks, act as incident commander, and manage investigations and recovery.
• Own the vulnerability management program, prioritizing risk and driving remediation with IT teams.
• Remain hands‑on with security tools and engineering, especially in a mostly on‑prem environment with some growing cloud exposure.
• Write, maintain, and enforce security policies, standards, and governance, supporting audits and compliance needs.
• Lead and develop the cybersecurity team, balancing people leadership with hands‑on execution (initially ~70% hands‑on).
• Communicate cyber risk clearly to executives, IT leaders, and the parent company (CNG).
• Manage security vendors, budget, metrics, and program improvements over time.

$175,000 to $185,000 per year annual salary.

Benefit packages for this role may include healthcare insurance offerings and paid leave as provided by applicable law.

• Hands on cybersecurity operations leadership
• Incident Response ownership
• Vulnerability and Exposure management
• Security tooling experience
• On prem and hybrid security experience
• Policy, governance and communication
• Progressive experience in cybersecurity and/or technology risk
• 5+ years leading teams
• Crowd Strike Experience is a plus
• AI security experience
• PAM and Xero Trust depth
• Cloud growth experience
• Multi organization or subsidiary oversight
• Framework and compliance knowledge; NIST, ISO 27001, or similar frameworks
• Certifications:
  
  CISSP, CISM, CRISC, GIAC, or similar

We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances.