Director, Cyber Security

Position Title: Director, Cyber Security Ziply Fiber is a local internet service provider dedicated toelevating the connected livesof the communities we serve. We offer the fastest home internet in the nation, arefreshingly great customer experience,andaffordableplans that putcustomersin charge. As our state‑of‑the‑art fiber network expands, so does our need for team members who can help us grow and realize our goals. Benefits Medical, dental, vision, 401k, flexible spending account, paid sick leave and paid time off, parental leave, quarterly performance bonus, training, career growth and education reimbursement programs. Our Company Values Genuinely Caring: We treat customers and colleagues like neighbors, with empathy and full attention. Empowering You: We help customers choose whatisbest for them,andwesupport employeesin implementingnew ideasand solutions. Innovation and Improvement: We constantly seek ways to improve how we serve customers and each other. Earning Your Trust: We build trust through clear, honest,human communication. Job Summary The Director, Cyber Security is a senior technology leader responsible for defining, advancing, and operationalizing an enterprise cybersecurity strategy and multi-year roadmap that protects the organization’s digital assets, systems, and sensitive information against an increasingly complex threat landscape. This role provides both strategic direction and operational oversight of the cybersecurity function, ensuring alignment with business priorities, regulatory requirements, and risk tolerance. The Director partners closely with VP-level leadership and cross-functional stakeholders to embed cybersecurity into all aspects of the organization, enabling secure growth while maintaining a strong risk posture. The successful candidate brings deep cybersecurity expertise, executive presence, and a demonstrated ability to lead organizations, influence senior stakeholders, and drive measurable improvements in security maturity across a dynamic, fast‑paced environment. Essential Duties and Responsibilities The Essential Duties and Responsibilities listed below are a range of duties performed by the employee and not intended to reflect all duties performed. Build, lead, and scale a high-performing cybersecurity organization, including management of managers and senior individual contributors. Establish organizational priorities, operating models, and accountability frameworks to ensure consistent delivery of security outcomes. Create and sustain a culture of continuous learning, leadership development, and technical excellence across the cybersecurity function. Drive succession planning and long‑term talent strategy, ensuring depth of leadership capability across the organization. Partner with executive leadership and HR to attract, develop, and retain top‑tier cybersecurity leadership and technical talent. Cybersecurity Strategy, Governance & Program Management Own and continuously evolve the enterprise cybersecurity strategy, ensuring alignment with corporate objectives, risk tolerance, and business growth initiatives. Establish and report on KPIs, metrics, and maturity models to measure program effectiveness, risk reduction, and return on investment. Serve as a key advisor to VP-level leadership, translating cybersecurity risks into clear, actionable business decisions. Oversee the development, implementation, and governance of enterprise cybersecurity policies, standards, and frameworks aligned to industry best practices. Own cybersecurity financial planning, including budgeting, forecasting, and investment prioritization. Drive continuous optimization of cybersecurity investments while maintaining strong protection and scalability. Risk Management, Compliance & Third‑Party Security Oversee enterprise‑wide cyber risk management strategy, including risk identification, prioritization, and mitigation aligned to business objectives. Drive risk mitigation strategies embedded within business and technology processes. Ensure implementation and ongoing enforcement of security controls across infrastructure, cloud environments, and applications. Provide executive oversight of third‑party risk management programs, including vendor security reviews and contractual requirements. Set compliance strategy across applicable regulatory frameworks (e.g., NIST, ISO, SOX, PCI DSS), ensuring audit readiness and operational adherence. Act as the escalation point for high‑impact cybersecurity risks, partnering with senior leadership on mitigation decisions. Incident Response, Business Continuity & Disaster Recovery Oversee enterprise incident response capabilities, ensuring readiness, governance, and continuous improvement. Provide senior leadership during major cybersecurity incidents, coordinating across business and technology stakeholders. Drive executive‑level post‑incident reviews, including root cause analysis and long‑term remediation strategies. Partner with Technology leadership to integrate cybersecurity into enterprise business continuity and disaster recovery planning. Ensure ongoing testing, validation, and improvement of resilience capabilities through simulations and exercises. Security Operations, Architecture & Technology Enablement Provide strategic oversight of security operations, including SOC capabilities, monitoring, detection, and response maturity. Define and drive the cybersecurity technology roadmap, including evaluation and adoption of emerging solutions. Ensure alignment of cybersecurity architecture with enterprise infrastructure, cloud platforms, and application strategies. Establish and enforce security architecture standards across all environments, including network, endpoint, cloud, and data systems. Ensure implementation of data protection strategies, including encryption, DLP, and secure data handling practices. Direct the engineering, deployment, and lifecycle management of the enterprise security technology stack, including SIEM platforms, IDS/IPS, EDR/XDR, firewalls, VPNs, and vulnerability scanning and penetration testing tooling. Oversee the secure architecture and hardening of core infrastructure services — including DNS, DHCP, and identity and access management platforms such as LDAP and Active Directory — and enforce system hardening baselines such as CIS Controls, DISA STIGs, and USGCB. Drive the maturation of 24/7 SOC capabilities and the enterprise adoption of zero‑trust architecture and AI‑driven threat detection and response automation. Ensure secure configuration and protection across cloud platforms (AWS, Azure, and Google Cloud), IoT devices, and mobile endpoints. AI Governance & Emerging Technology Risk Sponsor and set the strategic direction for the enterprise AI governance program for the secure and responsible adoption of artificial intelligence and machine learning across the organization, providing executive oversight of the supporting policies, standards, and acceptable‑use guidelines. Provide executive oversight of AI and machine‑learning security risk assessments, including model integrity, training‑data protection, and defenses against prompt injection, model evasion, and data‑poisoning attacks. Partner with Legal, Privacy, and business leadership to align AI adoption with regulatory expectations and emerging AI‑specific frameworks (e.g., NIST AI RMF and ISO/IEC 42001). Govern the secure use of generative AI and AI‑enabled security tooling, balancing innovation and productivity with data protection, intellectual‑property safeguards, and risk reduction. Monitor the evolving AI threat landscape and direct the responsible integration of AI‑driven automation into detection, response, and operational workflows. Awareness, Cross‑Functional Partnership & Reporting Deliver executive‑level reporting on cybersecurity posture, risk trends, and program performance. Oversee enterprise‑wide cybersecurity awareness and training programs, driving cultural adoption and measurable risk reduction. Serve as a strategic partner across Technology, Legal, HR, Compliance, and business functions to embed cybersecurity into operations. Influence major business and technology initiatives by integrating cybersecurity considerations early in planning and execution. Promote a culture of shared accountability for cybersecurity across the organization. Other Duties Must be available to work regular business hours Pacific Standard Time. Must also be available to work on‑call, evenings and weekends as needed. Performs other duties as required to support the business and evolving organization. Required Qualifications High school diploma or GED. Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a closely related field. Equivalent professional experience may be considered. Minimum of fifteen (15) years of progressive experience in cybersecurity, information security, or related technical fields. Minimum of seven (7) years of progressive leadership experience, including direct management of managers within a cybersecurity or technology function. Demonstrated experience leading enterprise‑scale cybersecurity programs and influencing VP‑level stakeholders. Proven experience balancing strategic planning with operational execution in a complex and evolving environment. Extensive experience securing IT infrastructure, managing vulnerability programs, and leading incident response. Experience implementing and managing security frameworks such as NIST CSF, ISO 27001, or CIS benchmarks. Strong knowledge of network security, cloud security platforms, and enterprise security operations tools (SIEM, IDS/IPS, EDR). Experience with identity management, system hardening, and emerging threat mitigation techniques. Familiarity with DevSecOps practices and secure software development lifecycle (SDLC). Preferred Qualifications CISM, CISSP, CEH, or comparable cybersecurity certifications. Experience in telecommunications, ISP, or highly regulated industries. Experience leading cybersecurity transformation initiatives in a high‑growth or scaling organization. Experience presenting cybersecurity strategy or risk posture to executive leadership or board‑level stakeholders. #J-18808-Ljbffr