Position Summary
The Director, Cyber Security is a key leader in identifying, managing, and mitigating enterprise-wide security risks and threats. This role is responsible for maintaining a comprehensive global information security management program that protects the organization's information assets. Responsibilities include developing and maintaining policies, standards, and procedures to ensure the confidentiality, integrity, and availability of information. The Director also leads the analysis of security events and incidents, investigates breaches, and directs appropriate response and recovery activities.
This position reports directly to the CIO and partners closely with executive leadership, IT teams, and business units to align security with organizational priorities.
Key Responsibilities
Strategic Leadership
- Develop, implement, and manage a robust enterprise information security strategy and program.
- Align security initiatives with business goals and integrate security policies and practices throughout the organization.
- Ensure compliance with regulatory requirements and internal governance standards.
- Advise senior management and the Board of Directors on cybersecurity risks, threats, and best practices.
Risk Management
- Lead enterprise-wide risk identification, assessment, and mitigation initiatives.
- Conduct security audits and assessments to validate the effectiveness of controls.
- Oversee third-party risk management, ensuring secure partnerships across the vendor ecosystem.
- Direct remediation efforts following external cybersecurity assessments.
Governance and Compliance
- Maintain compliance with global regulatory frameworks, including GDPR, HIPAA, SOX, PCI-DSS, NERC, CMMC, and ITAR.
- Monitor and address data sovereignty and residency requirements across all operational jurisdictions.
- Define and enforce information security policies and governance standards.
- Manage internal and external audits and ensure audit readiness.
Incident Response and Threat Management
- Design and maintain incident response and disaster recovery plans.
- Lead investigations and responses to cybersecurity incidents.
- Oversee the Cyber Incident Response team to ensure readiness and rapid recovery.
Security Operations
- Supervise security operations, including threat detection, monitoring, and response.
- Design and implement appropriate security technologies.
- Lead the company's Security Operations Center (SOC).
Team Management
- Recruit, develop, and lead a high-performing cybersecurity team.
- Promote security awareness through training and organizational engagement.
- Cultivate a security-conscious culture across the enterprise.
Innovation and Technology
- Stay current on emerging cyber threats and evolving technologies.
- Recommend and implement tools and technologies to enhance security posture.
- Drive continuous improvement of security systems, processes, and architecture.
Qualifications
Education And Experience
- Bachelor's or Master's degree in Cybersecurity, Information Security, IT, or a related discipline.
- 15+ years of progressive experience in cybersecurity roles, with at least 7 years in executive leadership.
- Prior experience in a global, regulated manufacturing or industrial environment.
- Proven success in designing and leading enterprise security programs.
- Industry-recognized cybersecurity certifications (e.g., CISSP, CISM, CISA, GIAC).
Skills and Competencies
- Expertise in security frameworks, including NIST, ISO 27001, and CMMC.
- Deep knowledge of compliance regulations, including GDPR, HIPAA, PCI-DSS, ITAR, and NERC.
- Strong background in security architecture, threat and vulnerability management, and incident response.
- Exceptional leadership and communication skills.
- Ability to influence stakeholders at all levels, including executives.
- Analytical mindset with a strong grasp of current and emerging cybersecurity trends.
