Director of Enterprise Cybersecurity Security Clearance

Position: Director of Enterprise Cybersecurity with Security Clearance
We are seeking a strategic and results-driven Director of Cybersecurity to lead all aspects of STR's enterprise cybersecurity programs, policies, and implementation. The Director will oversee the development, implementation, and continuous improvement of strategies to safeguard critical information systems and ensure compliance with Department of Defense (DoD) regulations and industry best practices. In this high-impact role, the Director of Cybersecurity will serve as a leader, advisor, and innovator responsible for building a proactive security organization capable of identifying, mitigating, and responding to threats while integrating technology and process solutions that keep STR secure and resilient.

This position requires exceptional leadership skills, deep technical expertise, and the ability to collaborate across teams to align security posture with business objectives.

Location:

Woburn, MA, on-site, hybrid, (minimum 3 days/ week in Woburn office)

Key Responsibilities:

Strategic Leadership
* Refine our comprehensive, forward-looking enterprise cybersecurity strategy that aligns with STR's mission, business goals, and compliance requirements.
* Define and monitor key performance indicators (KPIs) to measure security program effectiveness and ROI.
* Partner with executive leadership to advise on security investments, risk mitigation strategies, and incident response readiness.
* Manage cybersecurity risk as part of the enterprise risk management program , and update and present changes to the risk committee. Cybersecurity Operations
* In collaboration with the Director of Enterprise Infrastructure, oversee the implementation and monitoring of technical and operational security controls to protect STR's assets across on-premises and cloud environments.
* Review enterprise vulnerability management programs, including proactive scanning, risk prioritization, and remediation tracking.
* Working with the Director of Enterprise Infrastructure, oversee the implementation and continuous improvement of security technologies such as firewalls, intrusion detection/prevention systems, endpoint protection, cloud security controls, and data loss prevention solutions.
* Partner with the Director of Enterprise Infrastructure , to optimize network and perimeter security strategies to include secure network design and best practices for multi-platform environments (Windows, Linux, Mac, etc.). Governance, Risk, and Compliance (GRC)
* Ensure company-wide compliance with NIST 800-171 , DFARS , CMMC , and other applicable DoD/federal cybersecurity regulations.
* Lead internal and third-party IT audits , including tracking findings, managing resolutions, and driving continuous improvements.
* Develop, review, and implement cybersecurity policies, procedures, and standards to maintain security integrity while enabling business growth.
* Serve as a primary point of contact for customers, regulators, and compliance bodies regarding enterprise cybersecurity audits and inquiries. Incident Response and Threat Management
* Oversee the ongoing improvement and operation of STR's Enterprise Incident Response Plan and lead the team in managing and mitigating security incidents, including phishing, malware outbreaks, and breaches.
* Direct threat intelligence and risk assessment activities to evaluate emerging vulnerabilities and proactively implement preventive controls. Collaboration and Team Development
* Build, mentor, and lead a high-performing, cross-functional cybersecurity team , fostering a culture of innovation and accountability.
* Work effectively across departments, including IT, Engineering, procurement, contracts, and legal, to ensure security requirements are met. Additional Responsibilities
* Assess and optimize relationships with external cybersecurity partners.
* Conduct regular briefings on the status of security programs, emerging threats, and risk mitigation actions.
* Identify and deploy cutting-edge cybersecurity tools and technologies for continuous improvement.

Required Qualifications
* Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or related field (Master's degree preferred).
* 10+ years of leadership roles in information security governance, risk management, and compliance, with at least 5 years leading enterprise cybersecurity teams.
* Current CISSP, CISM, or equivalent DoD 8570 certifications
* Experience with CMMC requirements and auditing
* Strong technical expertise in implementing security frameworks (e.g., NIST 800-171 , CIS, ISO, ITIL) and risk management methodologies.
* Deep knowledge of enterprise IT systems, cloud infrastructure security, and secure network architecture.
* Demonstrated success in building operational cybersecurity teams and fostering a collaborative culture.
* Experience leading security incident response efforts, including hands-on involvement in detection, analysis, containment, and recovery phases.
* Knowledge of emerging trends, technologies, and…