Sr. Director - Cybersecurity (Secure By Design) - Onsite

Key Responsibilities:

• Cybersecurity Strategy and Leadership:

• Own and drive the overall cybersecurity strategy, ensuring alignment with organizational goals and risk management priorities.


• Lead the cybersecurity program with a focus on securing custom development solutions and integrated technologies.


• Provide leadership and direction for cybersecurity initiatives, ensuring effective implementation throughout the SDLC from design to deployment and maintenance.


• Mentor and develop cybersecurity teams, fostering a culture of continuous learning, innovation, and collaboration.

• Custom Development / Secure By Design:

• Work directly with development teams to identify and mitigate security vulnerabilities in custom-built solutions and applications.


• Ensure security best practices are embedded throughout the SDLC, from requirements gathering and design to testing and deployment.


• Collaborate with developers and engineers to resolve critical security vulnerabilities and manage security incidents in custom applications.

• Collaboration and Stakeholder Engagement:

• Build strong relationships with cross-functional teams, including product management, engineering, operations, and executive leadership, to ensure cybersecurity objectives are integrated into all aspects of the business.


• Influence stakeholders at all levels to prioritize cybersecurity needs and secure buy-in for necessary security measures and resource allocation.


• Provide clear communication to non-technical stakeholders, ensuring they understand the security posture and associated risks.

• Risk and Compliance Oversight:

• Oversee the cybersecurity aspects of risk management and compliance strategy, ensuring alignment with industry standards, regulatory requirements, and organizational policies.


• Collaborate with the risk and compliance team (including the manager of this function) to ensure that security risks are appropriately identified, assessed, and mitigated.


• Provide guidance on the implementation of cybersecurity frameworks, controls, and audits.

• Incident Response and Continuous Improvement:

• Lead the response to cybersecurity incidents, conducting root cause analysis and implementing corrective actions to prevent recurrence.


• Continuously evaluate and improve cybersecurity processes, tools, and techniques to stay ahead of evolving threats.

• Team Development:

• Recruit, manage, and mentor a high-performing team of cybersecurity professionals.


• Provide technical guidance and foster an environment of innovation, ensuring teams are well-equipped to address evolving threats and challenges.

Qualifications:

• Experience:

• Hands-on experience in cybersecurity, particularly within the context of custom application development and the SDLC.


• Proven expertise in managing and resolving critical vulnerabilities in custom development environments, including web applications, APIs, and other bespoke solutions.


• Strong background in securing the software development lifecycle, including threat modeling, secure coding practices, code reviews, vulnerability assessments, and penetration testing.


• Experience leading and mentoring cybersecurity teams, with the ability to collaborate across multiple departments and influence at senior levels.


• Knowledge of risk management frameworks (NIST, ISO, etc.) and the ability to work closely with risk and compliance teams, though deep expertise in risk and compliance is not required.

• Technical Skills:

• In-depth understanding of common web and application vulnerabilities (e.g., OWASP Top 10) and mitigation strategies.


• Familiarity with common cybersecurity tools and platforms (e.g., vulnerability scanners, SIEM, DLP solutions, etc.).


• Experience with cloud security practices and securing modern DevOps environments is a plus.

• Leadership and Communication:

• Exceptional leadership and people management skills, with a track record of building and scaling high-performing cybersecurity teams.


• Strong interpersonal and communication skills, with the ability to present complex technical information to non-technical stakeholders and executives.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.