Vice President, Cybersecurity

About the Opportunity

Cybersecurity is a strategic priority at Kilroy, and this role exists to own it at the highest level. With a solid security foundation in place, the company is ready to advance enterprise maturity and deepen cybersecurity alignment with business strategy.

The VP of Cybersecurity will step into a high-impact role with direct ownership of a growing team and an evolving platform, with a clear mandate to lead Kilroy's cybersecurity program end to end and deliver measurable outcomes for the business. This is a senior seat with real authority to shape what comes next.

If you are a cybersecurity leader ready to own the full scope of enterprise cybersecurity where the work genuinely matters, this is the role.
Candidate Profile

The Vice President of Cybersecurity embodies enterprise leadership combining strategic insight, technical depth, and decisive execution. This leader proactively identifies and mitigates risk, communicates with clarity, and ensures cybersecurity decisions align to business priorities.

The VP sets the standard for cybersecurity advisory excellence within IT, enabling teams to deliver structured assessments, actionable recommendations, and transparent risk insights. They are a collaborative leader who builds trust across functions, earns credibility with business partners, and drives outcomes through influence rather than authority alone. Their communication is proactive and transparent - stakeholders are never surprised. They close loops, follow through on commitments, and operate with confidence in complex, dynamic environments.
Key Responsibilities:
1) Cybersecurity Strategy & Governance

• Define and lead an enterprise cybersecurity strategy aligned to business, technology, and regulatory priorities, owning outcomes end to end.
• Establish risk-based governance frameworks that embed security into investment decisions, solution design, and operational workflows across hybrid environments.
• Serve as the company's top cybersecurity authority, aligning priorities across IT, Legal, Compliance, Risk, and business units.
• Deliver clear, actionable executive reporting on cyber risk, program maturity, investments, and readiness, ensuring no surprises for stakeholders.

2) Enterprise Advisory & Business Partnership

• Elevate IT's business advisory capability by delivering business-focused technology assessments, options and impact analyses, and process reviews that position IT and Cybersecurity as trusted internal consultants.
• Translate complex risk into simple, decision-ready narratives; influence technology roadmaps, architecture choices, and investment trade-offs.
• Drive a metric-driven operating rhythm that connects cyber posture to business outcomes and financial discipline.

3) Security Architecture & Operations

• Build and maintain a scalable, intentional cybersecurity architecture across cloud, on-premises, and operational technology (OT) environments.
• Oversee core platforms including EDR/MDR, Microsoft Defender, Azure AD / Entra ID and Azure native controls, and SIEM technologies; continuously optimize coverage, fidelity, and value realization.
• Set enterprise standards for IAM, endpoint protection, vulnerability management, network segmentation, OT/IoT security, and secure configuration baselines.
• Embed security into solution architecture, engineering, CI/CD, and service delivery through partnerships with infrastructure, networking, and application teams.
• Maintain a vendor and third-party risk management program that ensures security requirements extend to managed service providers, technology partners, and contractors with access to Kilroy systems or data.

4) Operational Risk, Resilience & Disaster Recovery

• Own Disaster Recovery (DR) readiness across enterprise systems by establishing system-specific Recovery Time Objective (RTO) and Recovery Point Objective (RPO) targets and controls, maintaining clear and actionable DR runbooks, conducting annual DR simulations to validate recovery capabilities, and integrating DR with the enterprise Business Continuity Plan (BCP) to ensure end-to-end continuity of operations.
• Ensure cybersecurity incident response processes include appropriate regulatory and disclosure readiness, including SEC reporting obligations and audit committee communication protocols consistent with Kilroy's obligations as a publicly traded company.
• Apply preemptive leadership principles to identify emerging risks early and drive mitigation before impact.

5) Culture, Talent & Organizational Accountability

• Build and mentor a high-performing cybersecurity team focused on ownership, transparency, collaboration, and measurable delivery.
• Own and drive enterprise security awareness as a core program - designing and delivering training, simulations, and communications that build a security-conscious culture across the organization. Measure adoption, track behavior change, and continuously improve program effectiveness to reduce human risk.
• Promote a culture of accountability and no surprises, ensuring leaders operate with clarity, accountability, and fiscal discipline.

Qualifications:

• 15+ years of progressive cybersecurity leadership experience, with 10+ years leading enterprise-scale programs at the Director/VP level.
• Proven success building or maturing security programs in complex, hybrid (cloud and on-premises) environments; experience with OT/IoT security preferred.
• Deep expertise in enterprise security architecture, cloud governance, identity frameworks, endpoint protection, and third-party risk management.
• Hands-on familiarity with enterprise EDR/MDR, email security, identity and access management, network detection, and SIEM platforms.
• Demonstrated experience leading cybersecurity incident response, including regulatory notification and executive disclosure processes.
• Proven ability to design and manage enterprise security awareness programs with measurable behavior change outcomes.
• Experience managing cybersecurity budgets, vendor contracts, and managed service relationships at enterprise scale.
• Track record of communicating cybersecurity risk and program performance to executive leadership and audit committees.
• Demonstrated ability to build trust across functions, influence without authority, and operate as a collaborative partner to IT, Legal, Compliance, Risk, and business leadership.
• Experience in regulated industries; real estate, financial services, or public company environments preferred.
• Exceptional executive communication skills.
• Strong understanding of NIST, ISO 27001, CIS Controls, and enterprise risk frameworks.
• Relevant certifications are strongly preferred (CISSP, CISM, CCSP, or equivalent).

What we offer
At Kilroy, base pay is one part of our total compensation package and is determined within a range. This provides the opportunity to progress as you grow and develop within the role. The base pay range for this role is between $235,000 and $295,000 and your base pay will depend on your skills, experience and training, knowledge, licensure and certifications, and other business and organizational needs. It is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. This role is eligible for an annual discretionary bonus as well.

Our comprehensive group health benefits program is built around your total health and provides employees and their families with care and coverage designed to help you thrive. Our health and wellness program offerings include medical, dental, vision, with FSA, HSA options, Group Life & Disability, LTD coverage and much more. Ancillary programs include a retirement savings plan with a competitive employer match, employee support programs like our parental leave coaching program, wellness, and commuter benefits, just to name a few. We invite you to visit our website at to learn more.

Equal Opportunity Employer
This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.