Director, Cybersecurity Compliance & Governance

Company Overview

Qarbon Aerospace is a premier manufacturer of cutting‑edge composite components and assemblies at all levels of complexity, with products installed on the industry’s most advanced commercial and military aircraft, and space vehicles. As a US‑based company with a global footprint of more than 1,650,000 ft2 of state‑of‑the‑art facilities, Qarbon Aerospace has the capabilities and resources to solve the market’s toughest challenges with Quality Assured.

With more than 100 years of experience, we build quality into every fiber, letting your ideas take flight.

The Director of Cybersecurity, Compliance & Governance is a senior leadership role responsible for establishing and maturing the organization’s information security posture, regulatory compliance program, and governance frameworks. Reporting directly to the CIO with a dotted‑line relationship to the General Counsel, this role serves as the enterprise authority on cybersecurity strategy, risk management, and compliance obligations across all business units.

This leader will partner closely with executive, legal, and operational stakeholders to build a culture of security and compliance, protect critical assets, and ensure the organization meets its obligations under applicable laws, regulations, and industry standards.

• Develop, own, and execute the enterprise cybersecurity roadmap aligned with business objectives and risk appetite
• Oversee security operations, threat intelligence, incident response, and vulnerability management programs
• Lead evaluation and deployment of security technologies including SIEM, EDR, CASB, PAM, and Zero Trust architecture
• Manage third‑party and vendor risk assessments; enforce contractual security requirements
• Direct the organization’s Security Operations Center (SOC) function, whether internal or managed

• Design and maintain the enterprise GRC framework, policies, standards, and control library
• Lead compliance programs for applicable regulations (e.g., NIST CSF, ISO 27001, SOC 2, HIPAA, CMMC, PCI‑DSS, CCPA/CPRA, TX HB 3746) as applicable
• Coordinate internal and external audits; manage findings remediation and management reporting
• Maintain a comprehensive risk register; develop risk treatment plans and report risk posture to CIO and Board‑level audiences
• Partner with Legal on data privacy obligations, contract review, and litigation holds involving electronic evidence

• Build, mentor, and retain a high‑performing cybersecurity and compliance team
• Define team structure, hiring plans, and skill development roadmaps
• Manage departmental budget, vendor contracts, and technology investments
• Champion security awareness and training programs across the enterprise
• Serve as executive‑level point of contact for cybersecurity inquiries from clients, partners, regulators, and board members

• Serve as primary liaison to Legal for data breach notification obligations, regulatory inquiries, and e‑discovery requests
• Advise on cybersecurity implications of M&A activity, new product launches, and third‑party partnerships
• Collaborate with IT, HR, Finance, and Operations to embed security controls in business processes
• Represent cybersecurity interests in enterprise architecture, cloud strategy, and digital transformation initiatives

• Bachelor’s degree in Computer Science, Information Security, Information Systems, or a related field; or equivalent experience
• 10+ years of progressive experience in cybersecurity, with at least 4 years in a leadership or management role
• Demonstrated expertise in GRC frameworks (NIST CSF/800‑53, ISO 27001/27002, CIS Controls)
• Hands‑on experience leading compliance initiatives and managing regulatory audits
• Strong understanding of data privacy laws including CCPA, GDPR, and applicable state/federal requirements
• Proven ability to communicate risk and security concepts to non‑technical executives, legal counsel, and board members
• E…