Cyber Defense & Data Security Lead - Americas

Cyber Defense & Data Security Lead (Americas)

Location: Raleigh/hybrid

The Cyber Defense & Data Security Lead (Americas) is accountable for regional cyber defense operations across North and South America, with the primary goal to detect, prevent, and minimize business impacting security threats and events. This role leads day to day execution of 24x7 security operations, including incident response and incident management, threat intelligence, threat hunting focused on security and resilience and data loss prevention (DLP) response and engineering. This role also provides operational coverage for U.S. Government regulated environments and business, including CMMC aligned environments and customer requirements. The technical leader ensures incidents, investigations, and evidence handling are executed in a defensible manner, supporting audit readiness, customer reporting, and contractual obligations. The role operates in service to the enterprise and Operating Companies (OpCos), ensuring consistent operational outcomes while adapting execution to regional realities. The Americas Cyber Defense Lead partners closely with global Security Operations leadership, Cyber Defense Engineering, GRC, Audit, corporate IT shared services, Infrastructure and Cloud engineering, Identity teams, and engages Legal, HR, Privacy, and business leaders as required. The role embraces the Ralliant Business System (RBS) by embedding operational discipline, staff training, and continuous improvement into tools, workflows, and standard work so cyber defense is scalable, measurable, and repeatable. The role partners with technical and engineering teams to enhance resilience by reducing recurring operational weaknesses, improving recovery readiness, and strengthening controls that prevent repeat business disruption.

Key Responsibilities

• Lead Americas execution of 24x7 SOC operations, including monitoring, triage, case management, shift handoffs, and escalation to ensure reliable regional coverage and consistent outcomes.
• Direct incident response execution and incident management for the Americas, including containment coordination, recovery support, stakeholder communications, and post incident reviews with tracked corrective actions.
• Serve as incident commander for assigned events, driving rapid decision making, operational tempo, and clear executive ready updates focused on business impact and risk.
• Provide operational oversight for U.S. Government and CMMC aligned environments, including incident handling expectations, evidence collection standards, and escalation pathways that support contractual and regulatory obligations.
• Lead DLP response operations and engineering, including alert triage, investigation workflows, escalation criteria, documentation standards, and partnership with Legal, HR, and Privacy for sensitive cases.
• Partner with Cyber Defense Engineering to improve detection coverage and fidelity across endpoint, identity, cloud, SaaS, email, and network telemetry, including tuning to reduce false positives and increase high confidence detections.
• Operationalize threat intelligence by translating external and internal signals into prioritized detections, hunts, response actions, and targeted advisories for technical and business stakeholders.
• Lead threat hunting focused on both security and resilience, identifying control gaps, validating defensive assumptions, and improving readiness for high impact scenarios.
• Participate in exposure management response with technology owners, driving risk based prioritization, remediation execution, exception handling, and transparent reporting tied to business criticality.
• Maintain regional metrics and reporting, including time to detect, time to contain, incident trends, alert quality, exposure remediation progress, and recurring driver analysis, using insights to drive measurable improvement.
• Train and coach staff through playbook walkthroughs, simulations, tabletop exercises, and after action reviews; reinforce disciplined execution and consistent decision making under pressure.
• Embed security operations standard work into RBS aligned tooling and workflows (runbooks, playbooks, checklists, evidence patterns, and automation) to improve consistency, efficiency, and auditability.
• Manage relationships with regional service providers and support third party incident response engagements when activated, including coordination, evidence handling, and lessons learned closure.

Qualifications

• Bachelor's degree recommended; equivalent experience considered.
• 7+ years in security operations, incident response, or cyber defense roles with demonstrated leadership in operational execution.
• Proven experience leading incident management, including coordinating responders, running incident bridges, and delivering clear, timely communications to senior stakeholders.
• Experience supporting regulated or customer driven security requirements, including U.S. Government environments; familiarity with CMMC and NIST SP 800-171 aligned expectations is preferred.
• Experience building and running a DLP program across a global organization.
• Hands-on experience with DLP response workflows and handling sensitive data loss scenarios with appropriate discretion and defensible documentation.
• Working knowledge of security detection and response across endpoint, identity, cloud, SaaS, email, and network domains, with practical understanding of how telemetry becomes actionable outcomes.
• Experience operationalizing threat intelligence and leading threat hunting activities that produce measurable improvements (new detections, closed gaps, validated controls, improved readiness).
• Participation in exposure or vulnerability remediation workflows with infrastructure, cloud, identity, and application teams using risk based prioritization and service level discipline.
• Strong documentation and communication skills, including the ability to translate technical situations into business impact, risk, and clear decision points.
• Ability to operate effectively across enterprise and OpCo environments, balancing global consistency with local context across multiple time zones and cultures.
• Alignment with Ralliant values and the Ralliant Business System (RBS), including continuous improvement, transparency, and ownership.

Ralliant, originally part of Fortive, now stands as a bold, independent public company driving innovation at the forefront of precision technology. With a global footprint and a legacy of excellence, we empower engineers to bring next-generation breakthroughs to life — faster, smarter, and more reliably. Our high-performance instruments, sensors, and subsystems fuel mission-critical advancements across industries, enabling real-world impact where it matters most. At Ralliant we're building the future, together with those driven to push boundaries, solve complex problems, and leave a lasting mark on the world.

We Are an Equal Opportunity Employer. Ralliant Corporation and all Ralliant Companies are proud to be equal opportunity employers. We value and encourage diversity and solicit applications from all qualified applicants without regard to race, color, national origin, religion, sex, age, marital status, disability, veteran status, sexual orientation, gender identity or expression, or other characteristics protected by law. Ralliant Corporation and all Ralliant Companies are also committed to providing reasonable accommodations for applicants with disabilities. Individuals who need a reasonable accommodation because of a disability for any part of the employment application process, please contact us at View email address on click.appcast.io.

This position is also eligible for bonus as part of the total compensation package.

The salary range for this position (in local currency) is 104300.00-193700.00

This role is subject to ITAR. Candidates must either be U.S. Persons (i.e., U.S. citizens, U.S. lawful permanent residents, or protected individuals as defined by 8 U.S.C. 1324b(a)(3)) or be prepared to collaborate with the company in securing the necessary U.S. government export authorizations. While the company encourages all interested applicants to apply, please be aware that ongoing employment is dependent upon obtaining the appropriate government export authorizations.