Vice President, Cyber Threat Center

Vice President of Cyber Threat Center

Shape the Future with Dun & Bradstreet

At Dun & Bradstreet, we believe data has the power to create a better tomorrow. As a global leader in business decisioning data and analytics, we help companies worldwide grow, manage risk, and innovate. For over 180 years, businesses have trusted us to turn uncertainty into opportunity. We're a diverse, global team that values creativity, collaboration, and bold ideas. Are you ready to make an impact and help shape what's next? Join us!

The Vice President of Cyber Threat Center (CTC) is a senior leader within D&B's Global Security & Risk team responsible for leading a global, 24x7 capability that protects the enterprise from cyber threats.

The Vice President of Cyber Threat Center oversees four integrated pillars, Security Operations & Incident Response (SOC/IR), Detection Engineering & Automation, Threat Intelligence, and Vulnerability & Exposure Management, to drive proactive defense, rapid incident containment, and continuous risk reduction.

The VP will set strategy and vision, establish outcome-based metrics (e.g., MTTD/MTTR, exposure reduction, detection coverage), advance automation and engineering rigor, and partner across Technology, Risk, Legal, and the Business to safeguard the organization at scale.

This role can be based in Center Valley, PA - Austin, TX - Jacksonville, FL.

Key Responsibilities:

• Set Strategy & Operating Model - Define and execute the multi-year Cyber Threat Center strategy and global follow-the-sun model, including org design, talent plan, and partner ecosystem.
• Lead 24x7 SOC & Incident Response - Oversee monitoring, triage, investigation, and response; act as executive incident commander for material events with strong crisis communications.
• Detection Engineering (Detection-as-Code) - Govern a detection-as-code program (CI/CD, testing, version control), map coverage to MITRE ATT&CK, and maintain a detection registry.
• Scale Automation & Orchestration - Drive SOAR and custom automations for enrichment and response; increase automation coverage and reduce MTTD/MTTR and analyst toil.
• Direct Threat Intelligence (CTI) - Set PIRs, run collection and analysis, deliver actionable intel products, and convert TTPs into detections; collaborate with ISACs and law enforcement.
• Own Vulnerability & Exposure Management - Lead threat-based VM across infrastructure, cloud/containers/K8s, and SaaS; enforce remediation SLAs and deliver unified exposure views.
• Establish Metrics & Executive Reporting - Define OKRs/KPIs (e.g., MTTD/MTTR, detection coverage, exposure reduction) and communicate outcomes, risks, and trends to senior leadership and the Board.
• Ensure Readiness & Resilience - Maintain IR plans, playbooks, and crisis processes; run tabletop/purple-team exercises; oversee DFIR, malware analysis, and evidence handling.
• Partner on AI, Architecture, Identity & Cloud Security - Influence roadmaps (zero trust, logging/telemetry standards) and align controls with frameworks/regulations (NIST/ISO/PCI/GDPR, etc.). Understand risks to AI and the detection and response lifecycle related to AI threats.
• Manage Technology, Vendors & Budget - Rationalize tooling for capability and cost efficiency; manage contracts, outcomes-based engagements, third-party integration, and M&A onboarding.
• Build High-Performance Teams & Culture - Recruit, develop, and mentor global leaders; drive efficiency, continuous learning, and clear planning.

Skills and/or Certifications Needed:

• 12–15+ years of progressive cybersecurity experience with 7+ years leading large, global teams across two or more of: SOC/IR, Detection Engineering/Automation, CTI, and Vulnerability/Exposure Management.
• Proven executive leadership in 24x7 operations, major incident command, and cross-functional crisis management.
• Demonstrated success building engineering-centric programs (detection-as-code, CI/CD for detections, telemetry pipelines, SOAR automation) and driving measurable outcomes.
• Experience operating at enterprise scale (multi-cloud, hybrid, distributed workforce) and in regulated industries.
• Hands-on familiarity with modern stacks and patterns (examples):
• SIEM/XDR: Splunk, Chronicle, Microsoft, CrowdStrike, SentinelOne
• SOAR/Automation: XSOAR, Tines, Swimlane, custom orchestrations
• Threat Intel/TIP: Recorded Future, Anomali, MISP
• Vulnerability/Exposure: Tenable, Qualys, Rapid7, Wiz, ASM/CSPM
• Cloud & Containers: GCP/AWS/Azure; Kubernetes, GKE/EKS/AKS
• Experience with red/purple teaming and detection engineering mapped to MITRE ATT&CK.
• Background managing budgets ($MM), vendor ecosystems, and outcomes-based contracts.