Director, Cybersecurity Compliance & Governance

Job Description

Job Description

Company Overview

Qarbon Aerospace is a premier manufacturer of cutting-edge composite components and assemblies at all levels of complexity, with products installed on the industry’s most advanced commercial and military aircraft, and space vehicles. As a US-based company with a global footprint of more than 1,650,000 ft² of state-of-the-art facilities, Qarbon Aerospace has the capabilities and resources to solve the market’s toughest challenges with Quality Assured. With more than 100 years of experience, we build quality into every fiber, letting your ideas take flight.

The Director of Cybersecurity, Compliance & Governance is a senior leadership role responsible for establishing and maturing the organization's information security posture, regulatory compliance program, and governance frameworks. Reporting directly to the CIO with a dotted-line relationship to the General Counsel, this role serves as the enterprise authority on cybersecurity strategy, risk management, and compliance obligations across all business units.

This leader will partner closely with executive, legal, and operational stakeholders to build a culture of security and compliance, protect critical assets, and ensure the organization meets its obligations under applicable laws, regulations, and industry standards.

Principal Accountabilities

Cybersecurity Strategy & Operations

• Develop, own, and execute the enterprise cybersecurity roadmap aligned with business objectives and risk appetite
• Oversee security operations, threat intelligence, incident response, and vulnerability management programs
• Lead evaluation and deployment of security technologies including SIEM, EDR, CASB, PAM, and Zero Trust architecture
• Manage third-party and vendor risk assessments; enforce contractual security requirements
• Direct the organization's Security Operations Center (SOC) function, whether internal or managed

Governance, Risk & Compliance (GRC)

• Design and maintain the enterprise GRC framework, policies, standards, and control library
• Lead compliance programs for applicable regulations (e.g., NIST CSF, ISO 27001, SOC 2, HIPAA, CMMC, PCI-DSS, CCPA/CPRA, TX HB 3746) as applicable
• Coordinate internal and external audits; manage findings remediation and management reporting
• Maintain a comprehensive risk register; develop risk treatment plans and report risk posture to CIO and Board-level audiences
• Partner with Legal on data privacy obligations, contract review, and litigation holds involving electronic evidence

Leadership & Program Management

• Build, mentor, and retain a high-performing cybersecurity and compliance team
• Define team structure, hiring plans, and skill development roadmaps
• Manage departmental budget, vendor contracts, and technology investments
• Champion security awareness and training programs across the enterprise
• Serve as executive-level point of contact for cybersecurity inquiries from clients, partners, regulators, and board members

Legal & Cross-Functional Collaboration

• Serve as primary liaison to Legal for data breach notification obligations, regulatory inquiries, and e-discovery requests
• Advise on cybersecurity implications of M&A activity, new product launches, and third-party partnerships
• Collaborate with IT, HR, Finance, and Operations to embed security controls in business processes
• Represent cybersecurity interests in enterprise architecture, cloud strategy, and digital transformation initiatives

Experience and Other Requirements

• Bachelor’s degree in Computer Science, Information Security, Information Systems, or a related field; or equivalent experience
• 10+ years of progressive experience in cybersecurity, with at least 4 years in a leadership or management role
• Demonstrated expertise in GRC frameworks (NIST CSF/800-53, ISO 27001/27002, CIS Controls)
• Hands-on experience leading compliance initiatives and managing regulatory audits
• Strong understanding of data privacy laws including CCPA, GDPR, and applicable state/federal requirements
• Proven ability to communicate risk and security concepts to non-technical executives, legal counsel, and board members
• Experience managing security incident response, including coordination with legal, PR, and executive leadership

• Master’s degree in Cybersecurity, Information Assurance, or related field
• One or more certifications: CISSP, CISM, CISA, CRISC, CCSP, or equivalent
• Experience in a publicly traded, regulated, or multi-state enterprise environment
• Familiarity with OT/ICS security, cloud security (AWS, Azure, GCP), or DevSecOps practices
• Prior experience with CMMC, FedRAMP, or SOX IT general controls

What does Qarbon Aerospace have to offer?

• Company Paid Benefits available immediately upon employment.

• Basic Life Insurance
• Short-Term Disability (STD) & Long-Term Disability (LTD)
• 12 Paid Holidays
• Flex Time Off

• Medical/Prescription Insurance
• Dental & Vision Insurance
• Critical Illness Insurance / Hospital Indemnity Insurance / Accident Insurance
• Life Insurance and AD&D Insurance
• Savings and Spending Accounts

• Health Flexible Spending Account (FSA)
• Dependent Care FSA
• Health Savings Account (HSA)

• Immediate vesting on 401(k) Plans
• Educations Reimbursement Assistance