Director of Cybersecurity

You are a strategic and hands-on security leader with deep expertise in building and scaling compliance and security programs which protect HDR and efficiently pass heavy audit scrutiny. You thrive in fast-paced environments, balancing risk mitigation with business enablement. You are passionate about embedding compliance and security into the company's culture, working cross-functionally to protect employee data, company assets, and project data integrity. You have experience aligning compliance and security initiatives with business goals, influencing stakeholders at all levels, and rolling up your sleeves to get things done. This role is responsible for developing and enhancing an information security management framework as well as the oversight of the day-to-day operations of the cybersecurity team.

About the Role:

• Compliance and Security Strategy & Leadership: Define and implement a security architecture and operating model with associated roadmap that aligns with business objectives and risk tolerance.
• Risk Management & Compliance: Continuously monitor, identify, assess, and mitigate security risks while ensuring compliance with relevant frameworks (e.g., SOC 2, ISO 27001, CCPA).
• Security Engineering & Architecture: Partner with Data, Engineering and IT Ops to embed security best practices in product development, device management, data practices and flow, infrastructure, applied AI, and cloud security.
• Identity, Access, & Data Protection: Establish policies for IAM, data encryption, data pipelines and reporting, and secure software development.
• Incident Response & Threat Management: Develop and maintain an incident response plan, monitor for threats, and lead response efforts when needed.
• Compliance and Security Awareness & Training: Foster a security-conscious culture by providing training and guidance to employees.
• Third-Party & Vendor Compliance and Security: Evaluate security risks for vendors, partners, and third-party integrations.
• Cross-Functional Collaboration: Work closely with all departments, such as Engineering, Compliance, Legal, Operations, Finance and Leadership, to ensure security is a core part of business priorities, processes, and decisions.

Preferred Qualifications

• Minimum 10 years of experience in security and compliance, with at least 5 years in a leadership role.
• Deep knowledge of compliance frameworks (SOC 2, ISO 27001, NIST, GDPR, CCPA) and risk management best practices.
• Experience with cloud security and securing cloud infrastructure (including AWS, GCP, OCI, Azure, and SAAS).Identity, mitigate, and monitor enterprise cybersecurity risk for the organization including the planning and tracking of remediation efforts as well as performing executive presentations to committees and stakeholders.
• Strong technical background in security across engineering, infrastructure, data, and identity management.
• Proven ability to build and scale compliance and security programs in high-growth environments.
• Proven experience in developing and implementing security architecture and operating models
• Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.
• Excellent communication skills, with the ability to translate complex compliance and security concepts for business and technical audiences.
• Experience partnering with Engineering and cross-functional teams to drive compliance and security initiatives.
• Hands-on experience with compliance security tooling, monitoring, and automation.
• A practical understanding of how AI can better enable personal and team productivity as well as compliance and security practices.
• Experience in A/E/C industry.
• Familiarity with Identity providers and compliance platforms.
• Certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA).
• Passion for mentoring and developing security talent.
• Knowledge of ethical hacking and penetration testing techniques.
• Expertise in secure software development and DevSecOps practices.
• Understanding of artificial intelligence and machine learning applications in security.
• Strong sense of urgency and partnership to deliver successful business outcomes

This role is ineligible for Visa Sponsorship

#LI-KV1