Director IT Security | Security Strategy & Transformation

The Director of Security Strategy & Transformation is a senior leader responsible for shaping, operationalizing, and governing the enterprise security strategy in alignment with business objectives, regulatory expectations, and technology evolution. This role reports to the CISO and partners closely with enterprise technology leaders and executive stakeholders to translate security vision into measurable outcomes, scalable operating models, and sustained risk reduction.

The role is highly cross‑functional, blending security strategy, program leadership, resource and operating model design, and executive advisory, with a strong emphasis on enabling business velocity while managing risk in complex, high‑growth environments.

• Drive CISO strategy and partner with senior technology leaders to define and evolve the enterprise security strategy, multi‑year roadmap, and investment priorities.
• Establish security OKRs, KPIs, and maturity models that align risk reduction, regulatory readiness, and business enablement.
• Translate emerging risk trends (cyber, insider, privacy, AI, regulatory) into actionable strategic initiatives and decision frameworks.

• Design and lead the security operating cadence, including strategic planning, portfolio governance, and execution oversight across cybersecurity, privacy, and technology risk domains.
• Build and mature enterprise PMO and portfolio management frameworks spanning identity and access management, vulnerability management, cloud security, insider risk, and resilience.
• Drive large‑scale, cross‑functional security transformation programs from concept through sustained adoption.

• Support CISO with materials and artifacts designed for Board members, executive leadership, producing clear, data‑driven materials on security posture, risk exposure, program ROI, and operating maturity.
• Prepare and deliver board‑level reporting on cybersecurity strategy, investment outcomes, and regulatory posture.
• Enable informed decision‑making through concise narratives that connect security risk to business impact.

• Operationalize regulatory and compliance obligations (e.g., privacy, data protection, financial services oversight) into measurable roadmaps that balance innovation and control.
• Partner with legal, compliance, and risk teams to integrate security strategy into broader enterprise risk management frameworks.
• Ensure consistent visibility into risk, assurance, and response metrics through unified reporting and analytics.

• Guide the strategic adoption of cloud, AI/ML, automation, and observability capabilities to modernize security operations and enterprise technology platforms.
• Evaluate and govern emerging technologies (e.g., AI agents, semantic search) to ensure security, privacy, and data protection by design.
• Promote scalable, user‑centric security solutions that reduce friction while strengthening control effectiveness.

• Lead through influence in highly matrixed environments, aligning engineering, operations, product, and business teams.
• Drive organizational change through clear communication, empathy, and structured change management.
• Build communities of practice and centers of excellence that elevate security strategy, execution discipline, and continuous improvement.

• Bachelor’s degree in computer science, information technology, or risk and governance or equivalent.
• 15+ years of experience in security strategy, enterprise transformation, technology risk, or program leadership, with increasing scope and complexity.
• Proven experience partnering with CISO, CIO, CTO, or equivalent executives in large, global organizations.
• Demonstrated success designing and scaling enterprise security programs (e.g., IAM, insider risk, vulnerability management, privacy, cloud security).
• Strong background in operating model design, portfolio governance, and KPI‑driven management.
• Experience producing executive‑ and board‑level communications on security, risk, and…