Director of Cybersecurity Governance (Hybrid)

Job Description

Primary Purpose

Responsible for overall governance of enterprise-wide cybersecurity activities. Advises senior management on identifying and minimizing new threats and vulnerabilities.

Collaborates with operating company stakeholders responsible for cybersecurity operations. Helps formulate strategies to reduce the probability of material impact to the company due to a cybersecurity event.

Stay well-informed of evolving cybersecurity best practices. Develops and maintains cybersecurity policies and standards as well as metrics to provide visibility into key risk areas.

Advances the company's compliance with applicable laws, and regulations, including the newly-adopted Securities and Exchange Commission (SEC) cybersecurity disclosure rules.

Duties and Responsibilities

Keeps senior management, business peers, and all stakeholders informed on threats, vulnerabilities, and action plans to minimize or mitigate cybersecurity risk.

Other responsibilities include : Provides cybersecurity governance across operating companies, including metrics and dashboarding.

Coordinates and maintains enterprise-wide incident response standards across operating companies.Works with the employee investigation teams within legal, HR, risk management, and other cybersecurity stakeholders.

Coordinates and maintains effective relationships with internal stakeholders (e.g., Audit, Legal, HR, and Risk Management, etc.

Builds and maintains relationships with federal government stakeholders (e.g., FBI, CISA / DHS, DOE).Knowledge of all applicable laws and frameworks related to cybersecurity (NIST CSF, CIS, ISO 27001, IEC 64223).

Provides leadership and develops staff responsible for cybersecurity education, data privacy, client consultations, and drives appropriate business and culture change utilizing skills including : Communication and presentation expertise to be both the subject matter expert and advocate for risk management with senior leadership.

Development of appropriate enterprise-level cybersecurity policies and standards.Leadership, collaboration, and conflict resolution.

Develops and maintains metrics and dashboards that provide visibility to key cyber risk areas.Collaborates with leadership across multiple companies to help manage cyber risk.

Develops and presents leadership-level cyber-risk materials / presentations.

• Champions compliance with all regulations, laws, policies, and keeps abreast of industry and government best-practices regarding information protection, and security.
• Performs other duties as assigned (no more than 5% of duties).

Qualifications

Qualifications

Education

• Bachelor's Degree in Cybersecurity, Computer Science, Telecommunications, Engineering, Criminal Justice, or related discipline, required.
• Master's Degree, preferred.

Experience

• 10-15 years of information technology management experience, required.
• 10-15 years in a Fortune 500 company with an emphasis on cybersecurity, preferred.

Skills and Abilities

• Requires financial acumen in security investments, risk analysis and budgets.
• Demonstrated track record of interacting and communicating highly technical information with top levels of management, developing and executing information security strategic plans.
• Broad knowledge of various information systems and technologies, including applications, networks, network topologies, communications protocols, software, hardware.
• Successful track record driving enterprise wide cyber transformation programs with appreciation for the many facets involved, including communication of a clear vision to technology systems integration, employee education, leadership development, business operations coordination, etc.
• Must reside in Southern California or be willing to relocate upon hire.
• We offer a hybrid work environment. Although the schedule may vary, typically this will allow you to work from the office three days per week and work remotely on the remaining workdays.

Licenses and Certifications

Professional certifications such as CISSP, GIAC, CEH or CISM, preferred.

Work Schedule

HYBRID : Work a combination of onsite and remote days each week, typically 2-3 days per week.