Director, Cyber Security

Job Summary

The Director, Cyber Security is the senior most technical risk management leader responsible for defining, executing, and continuously evolving the organization’s cyber security strategy to manage enterprise cyber security risk. Operating within the Information Technology organization, this role ensures cyber security capabilities are intentionally aligned with business objectives, regulatory requirements (SOX, SSAE 18, FINRA, etc.), and risk tolerance while enabling secure and resilient operations. This role provides strategic leadership across security governance, risk management, architecture, operations, and incident response. The Director serves as a trusted advisor to executive leadership, business partners, and the Board of Directors, translating cyber security risk into business context and ensuring security is embedded throughout technology delivery and operations.

Responsibilities

• Define and execute the enterprise cyber security strategy aligned with business objectives, IT strategy, and enterprise architecture roadmaps.
• Establish and maintain a comprehensive cyber security program covering governance, risk, compliance, security operations, security engineering, and incident response.
• Lead the identification, assessment, and management of cyber security risks; translate technical risk into clear business impact and actionable mitigation strategies.
• Oversee security architecture and engineering practices to ensure security is embedded into applications, infrastructure, cloud platforms, and data environments by design.
• Direct security operations capabilities include monitoring, threat detection, vulnerability management, and incident response to ensure timely and effective protection and recovery.
• Develop, maintain, and test incident response, crisis management, and cyber resilience plans in collaboration with IT and business leaders.
• Ensure compliance with applicable regulatory, legal, and industry security requirements through effective governance, controls, and audit readiness.
• Establish cyber security policies, standards, and metrics; regularly report security posture, risks, and trends to executive leadership, business partners, and the Board of Directors.
• Lead vendor and partner relationships related to security tools, managed services, assessments, and advisory services. Ensure cost effective, right sized solutions are implemented commensurate to risk.
• Build, mentor, and develop a high performing cyber security organization with strong technical depth and business acumen.

Minimum Job Qualifications

• Educational Requirements: Bachelor’s degree in computer science, information systems, engineering, or related field
• Minimum Experience: Ten (10)+ years of progressive experience with cyber security, information security, or technology risk-related roles with five (5) years in a formal leadership capacity accountable for enterprise-scale security programs.

Preferred Job Qualifications

• Preferred Educational Requirements: Bachelor’s degree in computer science, information systems, engineering, or related field

Skills

Risk Management, Security Architecture, Security Operations, Incident Response, Regulatory Compliance, Vendor Management, Financial Stewardship, Executive Stakeholder Engagement

Competencies

Risk & Security Enablement, Operational Excellence, Strategic Leadership, Interpersonal Excellence, Change Leadership, Influencing Skills, Decision-Making

Work Environment

This position requires minimal travel.

Benefits & Additional Information

CFC offers a comprehensive and competitive benefits package including hybrid work options, annual incentive opportunities, an employer-paid pension plan, 401(k), medical, dental and vision coverage, and a generous leave policy. Employees also enjoy access to an onsite gym and a more supportive, professional work environment. For additional information, please visit our website at CFC is an Equal Opportunity Employer committed to fostering a diverse and inclusive workforce.