Director, Cybersecurity

The Director of Cybersecurity is responsible for managing and maturing the cybersecurity program for the company. Reporting to the Vice President, Technology Infrastructure & Cybersecurity, the scope of the role includes cybersecurity governance and compliance, security controls and policies, network security, endpoint protection, vulnerability management, security awareness and training, security information and event management (SIEM), and security operations.

• Leading the company's cybersecurity program, developing a roadmap to mature security capabilities, and hardening foundational controls to mitigate risk.
• Assessing and managing cybersecurity risk as part of Enterprise Risk Management.
• Designing, developing, implementing, and maintaining processes, tools, and services for cybersecurity.
• Developing and managing the cybersecurity team.
• Ensuring the security of IT systems, data, and infrastructure.
• Aligning cybersecurity efforts with the company’s overall business objectives.
• Collaborating with other departments and business units to evaluate system, application, and data security compliance.
• Advising leadership on security matters and making improvements.
• Identifying potential security issues in an organization’s systems using a mix of your knowledge and special programs.
• Establishing security standards, policies, and controls.
• Managing cybersecurity awareness and training program.
• Developing and implementing a comprehensive plan to secure the computing network.
• Monitoring network usage to ensure compliance with security policies.
• Keeping up to date with developments in IT security standards and threats.
• Establishing and leading vulnerability management, working with internal teams and third parties to assess, remediate, and monitor risks.
• Investigating security breaches and other cybersecurity incidents and managing the incident response and recovery plans.
• Installing security measures and operating software to protect systems and information infrastructure, including firewalls and data encryption programs.

• A strong understanding and knowledge of computer, network, and security systems.
• Have subject matter expertise in information security, governance, risk management, and compliance.
• Demonstrate solid organizational skills and the ability to multi-task, prioritize workloads, and delegate responsibilities.
• Effectively manage stress in a constantly changing environment.
• Demonstrate excellent judgment and the ability to make quick decisions and think outside the box when working with complex situations.
• Possesses a high level of integrity, trustworthiness, and confidence and represents the company at the highest level of professionalism.
• Demonstrate strong analytical skills and effectively interprets and applies applicable regulations and requirements.
• Knowledge and familiarity with common security frameworks such as National Institute of Standards and Technology (NIST), International Organization for Standardization (ISO), and Service Organization Control (SOC).
• Knowledge and experience with Microsoft Active Directory and cloud computing including Microsoft 365, Azure, and AWS.
• Knowledge and experience with network security including architecture, Security Information and Event Management (SIEM), Intrusion Detection System (IDS), and Firewalls solutions and services.
• Knowledge and experience with anti-virus, Managed Detection and Response (MDR), and Endpoint Detection and Response (EDR) solutions and services.
• Knowledge and experience with Data Loss Prevention.

• Bachelor’s degree in computer science, information technology, cybersecurity or a related field.
• Certifications in information systems security professional (CISSP) or certified information security manager (CISM) or other relevant certifications.
• 10 years of experience in IT and/or cybersecurity, with at least 5 years in a leadership role overseeing security programs, risk management, and compliance.

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential…