Job Description:
• Drive the cybersecurity program: Partner daily with stakeholders to align activities to company security/compliance posture; champion secure-by-design and secure-by-default across the company.
• Own threat & vulnerability management: Baseline, monitor, and assess risk across OT/IT/data environments; triage and resolve security events, control gaps, policy questions, and technical risks.
• Build scalable security operations: Create repeatable frameworks to detect events, quantify feasibility, document risk, and model blast radius; project-manage implementation of security controls.
• Lead compliance & posture management: Administer CSPM platforms; run automated evidence collection; develop, communicate, and assess compliance vs. internal/external policies; advance certifications/attestations (SOX, ISO, NERC-CIP, NIST CSF 2.0).
• Secure the ecosystem: Stand up and run a Third-Party Cyber Risk Management (TPRM) program to mitigate vendor and software supply-chain risk.
• Elevate governance & reporting: Publish executive-ready cyber/risk metrics; partner with Legal & Compliance to operationalize controls and meet laws/regulations; collaborate with External Relations on proposed cyber legislation.
Requirements:
• Proven impact: 8+ years identifying vulnerabilities and deliver mitigation plans in fast-paced settings; juggle multiple priorities while operating independently or as part of a team.
• Security certs (e.g., CISSP, CISM, CRISC, CISA, GIAC, EC-Council) desired
• Deep technical breadth: Hands-on expertise in 2+ areas (e.g., network or embedded/hardware security, cryptography, web/network protocols, SBOM, threat modeling, pen testing, vulnerability assessment); OT familiarity preferred.
• Automation & measurement: Use Python/Rust to automate security workflows; establish and track KPIs/metrics that quantify security and risk performance.
• Audit & compliance leadership: Run audits and certification programs end-to-end—scope, control design, testing, risk mapping, and reporting—across SOC 2, ISO 27001, NIST frameworks; experienced in SOX environments.
• Stack fluency: Working knowledge of Email Security, DLP, CSPM, ZTNA, EDR/XDR and adjacent security technologies to strengthen enterprise posture.
• Credentials & communication: BS/MS in IS/CS/SE (or related); strong written/verbal communicator with cross-functional teams (technical & non-technical); proficient with Microsoft Word, Excel, PowerPoint, Outlook
• Solid exposure to cybersecurity best practices for software development and distributed architecture systems.
Benefits:
• competitive base salary
• open PTO policy
• flex work hours
• benefits
• opportunity to work with a transparent Executive Leadership Team