6,907 Cybersecurity Director jobs in the United States

• Is responsible for ensuring the safety of information systems assets and protecting systems from intentional or inadvertent access or destruction.
• Solves problems which are complex in nature, requiring the application of differing techniques.
• Relies on extensive experience and judgement to plan and accomplish goals with advanced coordination and control. A wide degree of creativity and latitude is expected. Tasks and assignments tend to be highly complex, non-routine and/or require a greater level of expertise.
• Receives assignments in the form of objectives with goals and process to meet goals outlined. Duties are performed under very limited supervision.

• Develops and implements enterprise information security architectures and solutions.
• Serves as a security expert in application development, database design, network, and/or platform (operating system) efforts, helping project teams comply with enterprise and IT security policies, industry and government regulations, and best practices.
• Maintains security hardware and software/SaaS.
• Administers security policies to control physical and virtual access to systems.
• Researches, advocates and implements new technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners, and vendors.
• Contributes to the development and maintenance of information security strategy and architecture across the enterprise.
• Analyzes business impact and exposure based on emerging security threats, vulnerabilities, and risks.
• Develops and executes security controls, defenses and countermeasures to intercept and prevent internal or external attacks or attempts to infiltrate company email, data, e-commerce and web-based systems.
• Researches attempted or successful efforts to compromise systems security and designs countermeasures.
• Provides information to management regarding the negative impact on the business caused by theft, destruction, alteration or denial of access to information and systems.
• Manages relationship and works effectively with third party information security vendors.
• Partners and communicates with Government agencies, including NASA, the Department of Defense (DoD) and other relevant agencies, on information security matters.
• Communicates security risks and solutions to business partners and IT staff as needed.
• Participates in annual Information Security training/fairs.
• Attends cybersecurity events and participates in other external cybersecurity activities to maintain up to date knowledge.
• Responds to emergencies and remediates information security incidents.
• Protected Data & Classification of Data - The position will be responsible for knowledge of government data protection requirements such as but not limited to NIST 800-53 (moderate & high), NIST 800-171, CMMC 2.0, Controlled Unclassified Information (CUI), Export controlled/ITAR regulations and subsequent execution or participating with team members in data protection strategies & implementations.
• Project Management - Plans and coordinates all aspects of internal cybersecurity-specific projects from initiation to delivery. Coordinates work performed by cybersecurity staff and internal customers/partners by defining project requirements, performing feasibility and needs/impact assessments. Develops detailed project plans and manages all implementation processes including resource allocation, progress tracking, monitoring change control process, testing, documentation, training and on-time delivery within budget constraints.
• Develop Cybersecurity protection roadmap and steps to implementation.
• Daily availability to include evenings and weekends when necessary to reach goals and deadlines.

• Analytical - Collects and researches data; uses intuition and experience to complement data for mitigation plans and timely reporting with solutions.
• Problem Solving - Identifies and resolves problems in a timely manner; gathers and analyzes information skillfully; works well in group problem solving situations.
• Project Management - Communicates changes and progress.
• Technical Skills - Pursues training and development opportunities; strives to continuously build knowledge and skills;demonstrates expert-level technical knowledge in relevant areas.
• Oral Communication - Speaks clearly and persuasively in positive or negative situations; listens and gets clarification; responds well to questions; participates in meetings.
• Written Communication - Writes clearly and informatively; edits work for spelling and grammar; varies writing style to meet needs; presents numerical data effectively; able to read and interpret written information.
• Teamwork - Gives and welcomes feedback; supports everyone's efforts to succeed; builds team relations.
• Leadership/Managing People - Exhibits confidence in self and others; inspires and motivates others to perform well; effectively influences actions and opinions of others; accepts feedback from others; gives appropriate recognition to others; comes to the forefront in case of crisis and is able to think and act in creative ways in difficult situations; holds team accountable; ensures work responsibilities are covered when absent.
• Takes responsibility for subordinates' activities; makes him/herself available to staff; provides regular performance feedback; develops subordinates' skills and encourages growth; fosters quality focus in others; improves processes, products and services; continually works to improve supervisory skills.
• Business Acumen - Understands business implications of decisions.
• Ethics - Treats people with respect; works with integrity and ethically; upholds organizational values.
• Organizational Support - Follows policies and procedures; supports organization's goals and values.
• Judgment - Displays willingness to make decisions; Exhibits sound and accurate judgment; Supports and explains reasoning for decisions; Includes appropriate people in decision-making process; Makes timely decisions.
• Motivation - Demonstrates persistence and overcomes obstacles.
• Planning/Organizing - Prioritizes and plans work activities; uses time efficiently.
• Professionalism - Reacts well under pressure; treats others with respect and consideration regardless of their status or position; accepts responsibility for own actions.
• Quality - Demonstrates accuracy and thoroughness; looks for ways to improve and promote quality; applies feedback to improve performance; monitors own work to ensure quality.
• Quantity - Completes work in a timely manner; strives to increase productivity.
• Safety and Security - Observes safety and security procedures including using Personal Protective Equipment (PPE) as required and wearing company issued badge when on company property; Reports potentially unsafe conditions; Uses equipment and material properly.
• Adaptability - Adapts to changes in the work environment; able to deal with frequent change, delays, or unexpected events.
• Initiative - Seeks increased responsibilities; asks for and offers help when needed.
• Innovation - Generates suggestions for improving work.

• Microsoft Office Suite.
• Support ticketing systems, change control methodologies and their importance to ITIL best practices.
• IT security concepts and application to ERP, Business systems, & applications.

• Firewall deployment, management and monitoring - i.e., FortiNet and related services
• Email protection SaaS management - i.e., Mimecast / Proofpoint.
• Experience with SIEM implementation and management - i.e, Windows Sentinel or Huntress.
• Experience interacting with government agencies - i.e., NASA, DoD.

• Effectively interacts with senior management or executives on matters concerning several functional areas, divisions, and/or customers.
• Requires the ability to change the thinking of, or gain acceptance from, others in sensitive situations, without damage to the relationship.

• Follows all import/export requirements, consulting with facility import/export personnel as required.

• 25% Domestic and International

• US Citizenship

• Ability to obtain and maintain a DoD security clearance at the Secret level required

• Empowered to make decisions and oversee approvals within the determined scopes.
• Strategic and critical thinking, understanding the organization's strengths and weaknesses.
• Demonstration of sound and accurate judgment.

About the job Cybersecurity Director

Job Description: Our client is seeking a highly skilled and experienced Cybersecurity Director to lead their organization's cybersecurity initiatives. As a Cybersecurity Director, you will be responsible for overseeing the design, implementation, and maintenance of our cybersecurity program. You will work closely with cross-functional teams to ensure the confidentiality, integrity, and availability of our systems, data, and operations. Your leadership and expertise in cybersecurity strategy, risk management, and incident response will be critical in protecting our organization from cyber threats and ensuring compliance with relevant regulations.

Responsibilities:

• Develop and implement the organization's cybersecurity strategy and roadmap, aligning it with business goals and objectives.
• Establish and enforce cybersecurity policies, standards, and procedures across the organization.
• Identify and assess potential cybersecurity risks and vulnerabilities, and develop strategies to mitigate them.
• Lead the incident response process, ensuring timely detection, containment, and recovery from security incidents.
• Oversee security assessments and audits to ensure compliance with relevant regulations and industry standards.
• Collaborate with cross-functional teams to integrate security measures into the development and implementation of new systems and technologies.
• Manage the selection, implementation, and maintenance of cybersecurity technologies and tools.
• Provide guidance and mentorship to the cybersecurity team, fostering a culture of continuous learning and professional development.
• Stay up to date with the latest cybersecurity threats, trends, and technologies, and provide recommendations for risk mitigation.
• Establish and maintain relationships with external partners, vendors, and industry groups to stay informed about emerging threats and best practices.
• Conduct regular cybersecurity awareness training and education programs for employees.
• Serve as a point of contact for internal and external stakeholders regarding cybersecurity matters.
• Prepare and present reports on the organization's cybersecurity posture, incidents, and risk mitigation efforts to executive management and board of directors.

• Bachelor's or Master's degree in Computer Science, Cybersecurity, or a related field.
• Proven experience as a Cybersecurity Director or a similar leadership role, with a strong background in cybersecurity management and strategy.
• In-depth knowledge of cybersecurity principles, concepts, and best practices.
• Familiarity with relevant cybersecurity regulations and compliance frameworks such as ISO 27001, NIST, GDPR, or HIPAA.
• Experience in leading and managing incident response activities, including incident detection, containment, and recovery.
• Strong understanding of risk management methodologies and the ability to assess and prioritize cybersecurity risks.
• Experience in developing and implementing cybersecurity policies, procedures, and standards.
• Knowledge of security technologies and tools, such as firewalls, intrusion detection/prevention systems (IDS/IPS), SIEM, and vulnerability management systems.
• Excellent leadership and communication skills, with the ability to collaborate effectively with stakeholders at all levels.
• Strong problem-solving and analytical skills, with the ability to make informed decisions in high-pressure situations.
• Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Ethical Hacker (CEH) are highly desirable.
• Experience in managing cybersecurity incidents and working with incident response teams.
• Familiarity with cloud security, network security, application security, and data protection principles.
• Knowledge of emerging cybersecurity trends and technologies.

• Experience in managing cybersecurity programs for large organizations or across multiple locations.
• Familiarity with security frameworks and methodologies such as MITRE ATT&CK and the Cybersecurity Framework.
• Understanding of secure software development practices and secure coding principles.
• Experience in conducting security assessments, audits, and penetration testing.
• Knowledge of privacy laws and regulations, such as the General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA).
• Understanding of industry-specific security requirements (e.g., healthcare, finance, government).
• Strong business acumen and the ability to align cybersecurity initiatives with organizational goals.

• Collaborate with the Geo Sales/ Customer to understand the requirements and develop tailored cyber security solutions.
• Conduct thorough assessments of client environments to identify security gaps and recommend appropriate solutions.
• Present and articulate the value proposition of our cyber security products and services to clients and stakeholders.
• Develop and deliver technical presentations, demonstrations, and proof-of-concept engagements to showcase our solutions.
• Act as a trusted advisor to clients, providing insights on industry trends, best practices, and compliance requirements.
• Work closely with the product management and engineering teams to provide feedback on customer needs and product enhancements.
• Participate in the development of sales strategies and contribute to the overall growth of the cyber security business.
• Connect with CXOs, drive proactive business, build pipeline, influence decision makers.
• Stay up-to-date with the latest cyber security threats, technologies, and industry developments to effectively address client concerns.
• Respond to client issued RFQ, RFI, and RFP working with the account team, offshore/onsite pre-sales team, solution architects and SMEs to prepare best in class solutions and estimate the efforts required to deliver the proposed solution.

• 15+ years of enterprise technology experience, out which at least 6+ years in Cyber security services and products.
• Bachelor's degree in computer science, Information Technology, Cyber Security or a related field.
• Domain knowledge & experience in minimum two or more domains is a MUST
• Primarily in Identity & Access Management, Enterprise Vulnerability Management, MDR/SOC, Cloud Security, OT Security
• Relevant certifications (e.g., CISSP, CISM, CEH, or similar) are a plus
• Willingness to travel and work in a fast-faced result-oriented environment.
• Proven track record in leading complex engagements and managing client relationships at senior levels.
• Strong storytelling, consultative solution selling, value proposition, strong articulation and negotiation skills

• Collaborate with the Geo Sales/ Customer to understand the requirements and develop tailored cyber security solutions.
• Conduct thorough assessments of client environments to identify security gaps and recommend appropriate solutions.
• Present and articulate the value proposition of our cyber security products and services to clients and stakeholders.
• Develop and deliver technical presentations, demonstrations, and proof-of-concept engagements to showcase our solutions.
• Act as a trusted advisor to clients, providing insights on industry trends, best practices, and compliance requirements.
• Work closely with the product management and engineering teams to provide feedback on customer needs and product enhancements.
• Participate in the development of sales strategies and contribute to the overall growth of the cyber security business.
• Connect with CXOs, drive proactive business, build pipeline, influence decision makers.
• Stay up-to-date with the latest cyber security threats, technologies, and industry developments to effectively address client concerns.
• Respond to client issued RFQ, RFI, and RFP working with the account team, offshore/onsite pre-sales team, solution architects and SMEs to prepare best in class solutions and estimate the efforts required to deliver the proposed solution.

• 15+ years of enterprise technology experience, out which at least 6+ years in Cyber security services and products.
• Bachelor's degree in computer science, Information Technology, Cyber Security or a related field.
• Domain knowledge & experience in minimum two or more domains is a MUST
• Primarily in Identity & Access Management, Enterprise Vulnerability Management, MDR/SOC, Cloud Security, OT Security
• Relevant certifications (e.g., CISSP, CISM, CEH, or similar) are a plus
• Willingness to travel and work in a fast-faced result-oriented environment.
• Proven track record in leading complex engagements and managing client relationships at senior levels.
• Strong storytelling, consultative solution selling, value proposition, strong articulation and negotiation skills

• Collaborate with the Geo Sales/ Customer to understand the requirements and develop tailored cyber security solutions.
• Conduct thorough assessments of client environments to identify security gaps and recommend appropriate solutions.
• Present and articulate the value proposition of our cyber security products and services to clients and stakeholders.
• Develop and deliver technical presentations, demonstrations, and proof-of-concept engagements to showcase our solutions.
• Act as a trusted advisor to clients, providing insights on industry trends, best practices, and compliance requirements.
• Work closely with the product management and engineering teams to provide feedback on customer needs and product enhancements.
• Participate in the development of sales strategies and contribute to the overall growth of the cyber security business.
• Connect with CXOs, drive proactive business, build pipeline, influence decision makers.
• Stay up-to-date with the latest cyber security threats, technologies, and industry developments to effectively address client concerns.
• Respond to client issued RFQ, RFI, and RFP working with the account team, offshore/onsite pre-sales team, solution architects and SMEs to prepare best in class solutions and estimate the efforts required to deliver the proposed solution.

• 15+ years of enterprise technology experience, out which at least 6+ years in Cyber security services and products.
• Bachelor's degree in computer science, Information Technology, Cyber Security or a related field.
• Domain knowledge & experience in minimum two or more domains is a MUST
  • Primarily in Identity & Access Management, Enterprise Vulnerability Management, MDR/SOC, Cloud Security, OT Security
• Relevant certifications (e.g., CISSP, CISM, CEH, or similar) are a plus
• Willingness to travel and work in a fast-faced result-oriented environment.
• Proven track record in leading complex engagements and managing client relationships at senior levels.
• Strong storytelling, consultative solution selling, value proposition, strong articulation and negotiation skills

• Collaborate with the Geo Sales/ Customer to understand the requirements and develop tailored cyber security solutions.
• Conduct thorough assessments of client environments to identify security gaps and recommend appropriate solutions.
• Present and articulate the value proposition of our cyber security products and services to clients and stakeholders.
• Develop and deliver technical presentations, demonstrations, and proof-of-concept engagements to showcase our solutions.
• Act as a trusted advisor to clients, providing insights on industry trends, best practices, and compliance requirements.
• Work closely with the product management and engineering teams to provide feedback on customer needs and product enhancements.
• Participate in the development of sales strategies and contribute to the overall growth of the cyber security business.
• Respond to client issued RFQ, RFI, and RFP working with the account team, offshore/onsite pre-sales team, solution architects and SMEs to prepare best in class solutions and estimate the efforts required to deliver the proposed solution.

• 15+ years of enterprise technology experience, out which at least 6+ years in Cyber security services and products.
• Bachelor's degree in computer science, Information Technology, Cyber Security or a related field.
• Relevant certifications (e.g., CISSP, CISM, CEH, or similar) are a plus
• Domain knowledge & experience in minimum two or more domains is a MUST
• Primarily in Identity & Access Management, Enterprise Vulnerability Management, MDR/SOC, Cloud Security, OT Security
• Willingness to travel and work in a fast-faced result-oriented environment.
• Proven track record in leading complex engagements and managing client relationships at senior levels.
• Strong storytelling, consultative solution selling, value proposition, strong articulation and negotiation skills
• Ability to connect with CXOs, drive proactive business, build pipeline, influence decision makers.
• Stay up-to-date with the latest cyber security threats, technologies, and industry developments to effectively address client concerns.

Firm Overview:

Cambridge Associates ("CA") is a leading global investment firm. CA's goal is to help endowments & foundations, pension plans, and ultra-high net worth private clients implement and manage custom investment portfolios that generate outperformance so that they can maximize their impact on the world. Cambridge Associates delivers a range of services, including outsourced CIO, non-discretionary portfolio management, and investment consulting.

Headquartered in Boston, Massachusetts, CA has offices in key markets in North America, the United Kingdom, Europe, Asia, and Oceania. Our worldwide teams ensure our clients benefit from decades of global presence, local expertise, and relationships with the top global investment managers across the world. For more information, please visit

Position Summary:

Financial consulting firm seeks an Application Security Architect to join its Cybersecurity team. The position is responsible for validating that internally developed web applications are designed and implemented with high security standards. The Architect will work closely with CA's internal development teams to integrate security practices into the software development lifecycle (SDLC), establishing processes for identifying, assessing and mitigating security vulnerabilities in the software, and working to ensure that applications are secure and compliant with relevant standards and regulations. Working with the security, software engineering and infrastructure teams, the Architect establishes an application security vision with sustainable standards and processes. As a member of the firm's Cybersecurity team the Architect is expected to contribute to the day-to-day administration of the firm's security program, as well as its future design and development.

Key Responsibilities:

• Establish application development security guidelines and best practices utilizing industry-standard security frameworks. Define, document and enforce clear guidelines for secure coding, vulnerability management, incident response, and application security.

• Act as the Subject Matter Expert (SME) in application security during enterprise project development phases, providing security consulting, recommendations, and ensuring adherence to approved security requirements.

• Collaborate with developers and software teams to embed security at every stage of the SDLC.

• Establish an application security scorecard framework to track, prioritize, and address security issues effectively.

• Identify, prioritize, and devise mitigation strategies for application security vulnerabilities, implementing preventative measures to avoid future incidents.

• Integrate security tools, processes, and automation into the DevOps pipeline to enhance efficiency and scalability (DevSecOps).

• Collaborate with cloud architects and DevOps teams to identify and remediate cloud misconfigurations, enforce security policies, and maintain secure cloud infrastructure for hosting web applications.

• Develop strategies to implement Web Application Firewalls (WAF), Cloud Native Application Protection Platforms (CNAPP) and Cloud Security Posture Management (CSPM) tools and integrate into the organization's security framework.

• Develop robust security requirements for authentication and authorization, including credential storage, privilege management, and adherence to role- and attribute-based access control standards.

• Regularly monitor the security community for public-facing vulnerabilities, emerging threats, and new tactics to secure data transmissions and reduce attack exposure.

• Stay updated on the latest security trends, tools, and technologies.

• Attend and actively participate in application projects, change management meetings, and cross-functional discussions to ensure security is integrated from the outset.

• Align with architects and development teams to promote secure design and data integrity preservation across users, applications, and infrastructure.

• Foster the growth of application security champions within development teams to build a culture of security awareness and accountability.

• Lead and participate in security team meetings to facilitate secure design and development practices.

• Develop and deliver training programs to educate developers and other stakeholders on secure coding practices and emerging threats.

• Develop strong relationships with stakeholders to ensure ongoing commitment to security initiatives.

• Foster a collaborative team environment that encourages open communication and knowledge sharing.

• Actively engage in information security projects to evaluate existing security infrastructure and proposed changes, as defined by security leadership and software architects.

• Provide strategic input to enhance the organization's overall security posture.

Required Qualifications:

• 3 years of work experience in cybersecurity, especially in a web application security engineer or security architect role

• 3 years' experience in performing penetration testing, secure code review, static, dynamic and manual source code review

• 3 years' experience in identifying and remediating common web application vulnerabilities such as OWASP

• 3 years hands-on experience with Web Application Scanning Tools

• Proficient in software development (Java, Python, C#, etc.)

• Experience with web development technologies and frameworks (REST, JSON, XML, JavaScript, React, etc.)

• Experience with securing intra-company and third-party APIs.

• DevOps background in public and private clouds.

• Experience in implementing Web Application Firewalls (WAF)

• Experience with securing deployment and configuration of web applications in an AWS environment

• Experience with CNAPP and CSPM tools

• Solid understanding of network and web protocols.

• Experience with technical documentation

• Proven excellence in communicating business risk from cybersecurity topics.

• Excellent communication and collaboration skills to work effectively with cross-functional teams.

• Bachelor's degree, preferably in a technical, scientific, or analytical discipline.

• Candidates must be eligible to work in the US without sponsorship.

Preferred Qualifications

• At least 5 years' experience in cybersecurity preferred, including compliance and risk management with system and application security engineering.

• Experience with one or more of the following: ISO 27001, NIST, SOX, GDPR, CIS or SOC2.

• Cybersecurity training and certification: SANS certifications (GWEB, GSEC), CISSP, CCSP and/or CSSLP, OSCP (and related).

• 2 years' experience with SQL

The base salary range for this role is $163,200 to $218,700. In addition to the listed salary range, this position is eligible for an annual performance-based bonus and a comprehensive, competitive benefits package. Actual placement within the stated salary range will be determined based on factors such as skills, experience, and qualifications, as well as internal equity.

The firm is committed to the concept and practice of equal employment opportunity and will not discriminate against any employee or applicant on the basis of race, color, religion, age, sex, national origin, sexual orientation, gender identity, disability, or veteran status. It is expected that all employees will follow a similar policy toward their co-workers.

• Engage, develop and motivate your team within our values using defined HR processes & development tools,
• Build a trustful and inclusive environment, promoting collaboration, facts driven decisions and an out of silos mindset,
• Ensure deliverables on quality, time and cost to ensure Customer Satisfaction; escalate risks and opportunities.
• Encourage innovation and continuous improvement by detecting and eliminating non added-value activities.
• Secure the business at short/mid/long term, contributing to increase company profitability.

• 10+ years of directly related experience and/or training; or equivalent combination of education and experience
• Microsoft Office Suite (i.e., Outlook, Word, Access, Excel, PowerPoint, Project, Visio, etc.)
• Support ticketing systems, change control methodologies and their importance to ITIL best practices
• IT security concepts and application to ERP, Business systems, & applications.
• Ability to travel domestically and internationally up to 25%

• Collaborate with the Geo Sales/ Customer to understand the requirements and develop tailored cyber security solutions.
• Conduct thorough assessments of client environments to identify security gaps and recommend appropriate solutions.
• Present and articulate the value proposition of our cyber security products and services to clients and stakeholders.
• Develop and deliver technical presentations, demonstrations, and proof-of-concept engagements to showcase our solutions.
• Act as a trusted advisor to clients, providing insights on industry trends, best practices, and compliance requirements.
• Work closely with the product management and engineering teams to provide feedback on customer needs and product enhancements.
• Participate in the development of sales strategies and contribute to the overall growth of the cyber security business.
• Respond to client issued RFQ, RFI, and RFP working with the account team, offshore/onsite pre-sales team, solution architects and SMEs to prepare best in class solutions and estimate the efforts required to deliver the proposed solution.

• 15+ years of enterprise technology experience, out which at least 6+ years in Cyber security services and products.
• Bachelor's degree in computer science, Information Technology, Cyber Security or a related field.
• Relevant certifications (e.g., CISSP, CISM, CEH, or similar) are a plus
• Domain knowledge & experience in minimum two or more domains is a MUST
• Primarily in Identity & Access Management, Enterprise Vulnerability Management, MDR/SOC, Cloud Security, OT Security
• Willingness to travel and work in a fast-faced result-oriented environment.
• Proven track record in leading complex engagements and managing client relationships at senior levels.
• Strong storytelling, consultative solution selling, value proposition, strong articulation and negotiation skills
• Ability to connect with CXOs, drive proactive business, build pipeline, influence decision makers.
• Stay up-to-date with the latest cyber security threats, technologies, and industry developments to effectively address client concerns.