Director Cybersecurity

About The Position

Requirements

• Must be at least 18 years old and have the ability to obtain the appropriate license pursuant to the applicable statute, rules and regulations.
• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field degree preferred.
• 8+ years of progressive experience in cybersecurity or information security, including leadership roles in regulated environments.
• Strong knowledge of cybersecurity frameworks, risk management, and compliance standards (e.g., NIST, ISO, PCI DSS).
• Experience leading security operations, incident response, and regulatory audits.
• Proven ability to communicate complex security risks to executive leadership and non-technical stakeholders.

Nice To Haves

• Relevant certifications preferred (e.g., CISSP, CISM, CISA, CRISC).

Responsibilities

• Develop and execute a comprehensive cybersecurity strategy and roadmap aligned with business objectives, regulatory obligations, and enterprise IT initiatives.
• Lead enterprise security architecture, including network security, endpoint protection, identity and access management (IAM), cloud security, and application security.
• Oversee security operations, including threat monitoring, incident detection, investigation, response, and post-incident remediation.
• Establish and maintain cybersecurity governance, policies, standards, and procedures across all facilities.
• Ensure compliance with applicable regulations and frameworks, including NYSGC requirements, PCI DSS, ISO 27001, NIST, and data privacy laws.
• Serve as the primary cybersecurity liaison with regulators, auditors, and third-party assessors, supporting audits, risk assessments, and examinations.
• Lead incident response planning and execution, including tabletop exercises, breach simulations, and crisis communications coordination.
• Manage third-party and vendor security risk assessments, ensuring proper controls, attestations, and contractual safeguards are in place.
• Partner with IT Infrastructure, Applications, and PMO teams to embed security-by-design into all technology initiatives and system deployments.
• Oversee vulnerability management, penetration testing, and continuous risk assessments across on-premise and cloud environments.
• Develop and manage the cybersecurity budget, tools, and vendor relationships to maximize risk reduction and operational efficiency.
• Lead, mentor, and grow the cybersecurity team, fostering a culture of accountability, continuous improvement, and operational excellence.
• Drive organization-wide security awareness and training programs for employees, contractors, and third parties.
• Monitor emerging threats, technologies, and regulatory changes, proactively adjusting security posture as needed
• Strategic thinking and risk-based decision making
• Executive-level communication and stakeholder management
• Incident response and crisis leadership
• Regulatory and compliance expertise
• Team leadership and talent development