Sr. Director, Cyber Threat Detection & Response
McKesson
Sr. Director, Cyber Threat Detection & Response
Location: Richmond, VA, USA - 9954 Mayland Drive (on-site)
The Opportunity
The Sr. Director, Threat Detection and Response (TDR) is responsible for leading a comprehensive enterprise capability that designs, implements, and operates scalable detection and response mechanisms while driving remediation of security gaps across technology environments (cloud, endpoints, identity, network, applications, and data platforms). This leader partners closely with the CISO organization, Technology Leadership, risk/compliance, and business stakeholders to prioritize investments, set standards, and ensure measurable improvements in detection fidelity, response readiness, and remediation throughput.
This role requires strong technical depth in threat detection and response as well as the leadership maturity to operate at the executive level. The Director establishes TDR strategy, roadmaps, and success metrics; governs an operating rhythm for detection coverage and remediation execution; and ensures outcomes are delivered across multiple teams (often via influence).
Key Responsibilities
- Define and own the enterprise TDR strategy and operating model (detection engineering, alerting standards, response readiness, and remediation governance) aligned to business risk and technology priorities.
- Establish and report executive-level metrics and scorecards (e.g., detection coverage, alert quality, MTTD/MTTR, response readiness, remediation SLAs, risk reduction) and drive continuous improvement based on outcomes.
- Lead selection, adoption, and lifecycle management of detection and response tooling and telemetry (SIEM, EDR/XDR, SOAR, UEBA, threat intel integrations, cloud logging, and case management), including integration standards and data quality requirements.
- Partner with Security Operations (SOC/CSIRT), threat intelligence, vulnerability management, and platform teams to ensure detections map to prioritized threats and that response playbooks and automation are effective and current.
- Establish remediation governance to drive closure of systemic security gaps identified through incidents, threat hunting, purple teaming, and control validation; ensure clear ownership, prioritization, timelines, and exception processes.
- Drive enterprise telemetry and logging strategy in partnership with engineering and infrastructure: ensure critical systems are instrumented, logs are retained appropriately, and detections can be built and tuned against reliable data sources.
- Lead and develop TDR talent (leaders, detection engineers, analysts) through hiring, coaching, performance management, and capability development; ensure teams have the training, tools, and operating discipline required for success.
- Manage cross-functional stakeholder relationships and communications (Technology leaders, risk/compliance, audit, legal/privacy as needed), translating technical risk into business impact and driving alignment on funding, priorities, and delivery commitments.
- Provide governance for incident and post-incident remediation: ensure lessons learned translate into durable control improvements, and conduct regular exercises/tabletops to validate readiness and benchmark progress.
Minimum Requirements
- Degree or equivalent experience. Typically requires 15+ years of professional experience and 10+ years of diversified leadership, planning, communication, organization, and people motivation skills (or equivalent experience).
Skills and Qualifications:
- 15+ years of cybersecurity experience with significant depth in threat detection, incident response, and security operations, including 10+ years leading teams and/or enterprise programs.
- Hands-on and leadership experience with detection and response platforms and practices (SIEM content engineering, EDR/XDR, SOAR automation, threat intel integration, logging/telemetry pipelines, and case management).
- Proven ability to drive remediation outcomes at scale establishing SLAs, clarifying ownership, prioritizing backlogs, and closing systemic gaps surfaced by incidents, hunts, and assessments.
- Executive-ready communication and stakeholder management skills, including the ability to present risk, progress, and investment needs to senior leadership and influence decisions
- Demonstrated ability to set strategy, secure organizational alignment/approvals, and deliver outcomes through multiple stakeholders (Security, Infrastructure, Cloud, Application/Product, and business teams).
- Deep understanding of detection engineering, telemetry pipelines, and security analytics: SIEM content engineering, EDR/XDR detections, SOAR automation, threat intelligence integration, alert triage models, and case management workflows.
- Strong risk communication skills: able to translate detection gaps and remediation tradeoffs into business impact, present to executives, and drive decisions to closure.
- Experience establishing oversight metrics and operational rhythms (OKRs/KPIs, reporting, service reviews) and using data to improve alert quality, reduce noise, and accelerate remediation throughput.
- Working knowledge of relevant governance and regulatory expectations and the ability to partner effectively with audit/compliance and privacy stakeholders while operating an effective detection and response capability.
- Track record of building high-performing teams and leading with integrity, accountability, and operational discipline; known for clear communication, sound judgment, and reliable execution.
- Experience developing multi-year roadmaps and influencing investment decisions (people, tooling, telemetry, automation) to improve enterprise detection and remediation outcomes.
- Proven capability managing vendor relationships and service contracts for security tooling and managed services, including defining requirements and measuring performance against outcomes.
- Strong understanding of privacy considerations and appropriate monitoring practices; able to partner with Legal/Privacy and HR as needed and ensure monitoring and investigations remain within policy and regulatory boundaries.
- Experience operating in hybrid/cloud environments and partnering with platform teams to instrument systems (cloud logging, identity signals, endpoint telemetry, network data) for reliable detections.
- Strong strategic and tactical decision-makingable to balance speed and risk, define compensating controls, and drive complex remediation decisions across multiple owners.
- Experience leading or sponsoring purple team activities, tabletop exercises, and control validation to continuously improve detection coverage and response playbooks.
- Trusted leader who builds credibility with executives and teams through transparency, follow-through, and a strong culture of operational excellence.
Education Requirements
- Bachelors degree in computer science, information security/assurance, engineering, or a related field; advanced degree preferred or equivalent experience.
Certification Requirements
- Relevant certifications (preferred): CISSP, CISM, GIAC/SANS, +, SSCP, or equivalent foundational security certification. TDR/SecOps certifications (a plus): Google Cloud Professional Cloud Security Engineer and/or Associate Cloud Engineer, Google Professional Cloud DevOps Engineer, and/or GIAC certifications (e.g., GSEC, GCIH) depending on role focus. and/or cloud/security engineering certifications aligned to the teams platforms.
$66.9k - $82.1k
...Overview The Cybersecurity Incident Response Engineer, Mid supports the detection, containment, and recovery of... ...infrastructure and application teams to contain threats while preserving evidence and... ...platforms integrated with SOC and cyber defense functions....CyberContract workWork experience placementWork at office- ...Ernst & Young Oman is seeking a Cyber Triage and Forensics Incident Analyst in Richmond, Virginia. The role involves investigating... ...a related field and at least 5 years of experience in incident response. Excellent skills in programming and understanding SIEM technologies...CyberSeniorFlexible hours
- ...Key Responsibilities War‑Room Facilitation: Structure/facilitate major incident bridges; maintain restoration focus; assign actions/owners... ...Coordinate with Problem, Change, Release, Service Continuity, and SOC/Cyber IR where service impact/security intersects; support PIRs and...CyberSeniorContract workWork experience placementWork at officeShift work
$114.6k - $234.6k
...Job Description The Director for Global Defense - Japan is responsible for leading and growing strategic defense and national security business in Japan,... ...solutions (e.g., cloud, data platforms, AI/analytics, cyber). Ensure proposals and delivery plans align to customer...CyberContract workTemporary workFor contractorsLocal areaFlexible hours$52k - $56k
...Shift: TBD Travel: As needed Essential Duties and Responsibilities: Provide technical support in the following areas:... ...Senior Finance Manager, HR Partner Support, Opex Sr. Risk Manager, HR Risk Management- Tech and Cyber Risk Rad Tech Specialist Supervisor - New Kent - Days...CyberFull timeTemporary workWork at officeLocal areaShift work$125k - $144.06k
...everything we do in support of our vision of a safe and secure cyber world. Our globally recognized, award-winning portfolio of certifications... .... Position Summary The Senior Project Manager will be responsible for leading and driving the successful execution of large-scale...CyberSeniorWork experience placementWork at officeRemote workShift workNight shift$94.49k - $120k
...everything we do in support of our vision of a safe and secure cyber world. Our globally recognized, award-winning portfolio of... ...Summary As Senior Sales Enablement Specialist, your primary responsibility is to for provide quality, cost effective ISC2 Sales Learning...CyberSeniorWork experience placementWork at officeRemote work- ...security architecture, and drive incident response and risk mitigation. The role manages and... ..., Trellix, Splunk, and Zscaler. Lead threat hunting and vulnerability assessments to... ...and drive decisions. Identify gaps in cyber operations and implement improvements....CyberSeniorHourly payPermanent employmentContract workLocal areaRemote work
$87.2k - $142.7k
...Cyber Security Specialist 134805 SpearTip, a Company of Zurich is hiring a Cyber Security Specialist to join our Security... ..., with a specific focus on Stellar Cyber, Identity Threat Detection and Response, and Network Detection and Response. The Cyber Security...CyberFull timeTemporary workApprenticeshipLocal areaRemote workVisa sponsorship- ...Competencies: Cyber Security - 4-6+ years experience required Role Description: Design Implementation... ..., and authorization. Security Monitoring Detecting and responding to unauthorized access or security threats. Troubleshooting Resolving network access issues...Cyber
- ...Sr. Associate, Process Manager - Treasury Management Implementation The Small Business Bank Senior Associate, Process Manager -... ...effective management of client implementations. The individual will be responsible for implementing and directing all aspects of Treasury...Senior
- ...Sr. Director, Cybersecurity Engineering The Sr. Director of Cybersecurity Engineering is responsible for leading teams that engineer, implement, and continuously improve enterprise... .... ~ Experience partnering with detection/response and vulnerability teams to ensure...CyberSenior
$88.8k - $101.3k
...Sr. Associate, Process Manager - Treasury Management Implementation The Small Business Bank Senior Associate, Process Manager... ...effective management of client implementations. The individual will be responsible for implementing and directing all aspects of Treasury...SeniorFull timePart timeLocal area- ...Sr Data Analyst Job location-NYC city/Mclean VA/Richmond VA /Plano TX (Hybrid) Deep dive in database Python, SQL and spark... ...of outliers Ability to communicate with stakeholders LOB is Cyber - identity and access mgmt. team Hiring a DA for audit issues...CyberSenior
- ...Job Description This job is responsible for building and leading a team to deliver technology products and services that meet business outcomes. Key responsibilities include developing a technology strategy, ensuring technology solutions comply with applicable standards...SeniorFlexible hoursShift workDay shift
- ...The Incident Response Coordinator supports the end-to-end response to IT incidents and service disruptions, helping restore normal operations... ...Use monitoring/ITSM data to route incidents; engage infra/app/cyber/vendor dependencies. Communications & Handoffs: Provide...CyberContract workWork experience placementWork at officeShift work
$229.9k - $262.4k
...cybersecurity solutions based on threat, data, and design thinking.... ...and/or procure effective cyber solutions Maintain... ...including telemetry-driven detection and response, forensics, insider threat,... ...VA: $229,900 - $262,400 for Sr Manager, Cyber Technical...CyberSeniorFull timePart timeLocal area$3,600 per month
...protecting organizations from evolving cyber threats? Join Kinsale Insurance, a leading excess... ..., security monitoring, and threat detection initiatives across the enterprise. You’... ...— keeping Kinsale at the forefront of responsible, secure innovation. You’ll work alongside...CyberSeniorImmediate start$200.7k - $229.1k
Sr. Manager, Tech & Cyber Risk As a Senior Manager of Tech & Cyber Risk within Capital One’s Business Risk Office, you will be a strategic risk... ...on the front lines of technology innovation, specifically responsible for designing and governing the responsible implementation...CyberSeniorFull timePart timeWork at officeLocal area$177.7k - $202.8k
...both. The first-line CISO has operational responsibilities and reports to the CIO. The second-line... ...of defense such as the Technology and Cyber organizations, Enterprise Data, Divisional... .... McLean, VA: $177,700 - $202,800 for Sr. Risk Manager New York, NY: $193,800 - $...CyberSeniorFull timePart timeLocal area$60 - $65 per hour
...) plan, and paid sick leave (depending on work location). Key Responsibilities: Responsible for creating and maintaining a roadmap for digital platform including infrastructure, well managed, cyber risk and resiliency initiatives. Responsible for breaking down...CyberContract workLocal areaImmediate start$229.9k - $262.4k
...businesses. We are looking for an experienced Sr. Manager ISO to support the AIML Division... ...related to AI-driven cybersecurity threats. We are looking for individuals who are adept... ...experience providing guidance and oversight of cyber security concepts At least 5 years of...CyberSeniorFull timePart timeH1bWork at officeLocal area- ...Sr. Risk Manager Our client, a financial company, is looking for a Sr. Risk Manager... ...for their Richmond, VA location. Responsibilities: ~ This role will partner closely with... ...risks with a primary focus on data risk and cyber risk. The ideal candidate will...CyberSenior
$88.8k - $101.3k
Sr. Associate Process Manager, Incident Management - Hybrid The Enterprise Payments organization is at the core of how we move money... ...Management monitoring, analysis and reporting. You will be responsible for assessing data to provide top notch recommendations, enabling...SeniorFull timePart timeWork at officeLocal area3 days per week$164.3k - $273.8k
...we want to hear from you. Position Overview: The Sr. Director, Warehouse Management Technologies will be responsible for leading our efforts to design, develop, implement... ...technology deployments. Ensure compliance with cyber-security, and regulatory requirements in all...CyberSeniorFull time- ...Responsibilities Collaborate with internal and external teams to understand data needs and objectives... ...upkeep of databases and data systems. Detect, examine, and decode trends or patterns... ...Infrastructure & Cloud Solutions, Cyber Security Services, etc. We make reasonable...CyberWork at office
$87.7k - $164k
...blend risk strategy, digital identity, cyber defense, application security and technology... ...a senior member of the technical team responsible for security incident response for EY.... ...consultation and assessment on perceived security threats Maintain, manage, improve and update...CyberSummer holidayLocal areaFlexible hours$105k - $175k
...performance outcomes, and organizational effectiveness at scale This role offers a balance of advisory and hands‑on execution Key Responsibilities Partner with business leaders Act as a trusted advisor and problem‑solving partner, operating as a strong collaborator and...SeniorWork at office- ...Building Intelligence. We design, build, operate, and maintain cyber-physical solutions for the nation's most mission-critical facilities... ...system servicing. This is a senior position within the team, responsible for leading complex projects, providing strategic guidance, and...CyberSeniorFor subcontractorWork at officeRemote workRelocation
$90k - $130k
...transformation, scalable processes, and emerging finance technologies, positioning clients, and your own career, for long‑term success. Responsibilities & Duties Research, analyze, and resolve complex technical accounting and financial reporting matters, leveraging technology‑...SeniorPermanent employmentRemote work
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Sr. Director, Cyber Threat Detection & Response. Be the first to apply!
- pathology director Richmond, VA
- director of public safety Richmond, VA
- director of community relations Richmond, VA
- director mba Richmond, VA
- director vendor management Richmond, VA
- director life science Richmond, VA
- director biology Richmond, VA
- director medical writing Richmond, VA
- director of executive recruiting Richmond, VA
- director of radiology Richmond, VA

