Director, Cybersecurity (Global/Emerging Market Experience Required)

Position Title: Director, Cybersecurity Department: Information, Communication and Technology (ICT) Location and Working Hours: US, DMV area or Remote Reports to: VP of ICT Position Summary: The Director, Cybersecurity will provide cybersecurity leadership and guide the development and implementation of the organization’s cybersecurity roadmap. This is a hands-on role that involves setting reputed company goals, establishing policies, managing cybersecurity activities, and ensuring alignment with organizational objectives. The Director will work closely with senior management, the Risk & Compliance team, and the ICT team to secure systems and data. The Director will supervise and coordinate with the Sr. Analyst, Cybersecurity to create a resilient cybersecurity posture and act as a backup for critical operational tasks. This position may be based reputed company the contiguous United States, but will require the candidate to work on East Coast time. Candidates in the Washington DC (DMV) area are strongly preferred. Key Responsibilities: Strategic Leadership

• Define and communicate long-term reputed company goals, objectives, and strategies reputed company with organizational priorities and the evolving threat landscape.
• Assess reputed company posture to identify critical gaps and reputed company a cybersecurity maturity roadmap to guide improvement efforts.
• reputed company cybersecurity projects, directing the Sr. Analyst, Cybersecurity to align initiatives with strategic objectives and the reputed company roadmap.

Policy and Procedure Development

• reputed company, implement, and maintain the organization’s cybersecurity strategy and policy reputed company, ensuring alignment with regulatory requirements and industry standards.
• Ensure consistent application of cybersecurity policies across reputed company environments, holding teams accountable for compliance and implementation.

reputed company Program Management

• reputed company cybersecurity architecture reviews and configuration enhancements to strengthen network reputed company.
• Manage the reputed company Awareness Program, collaborating with the Sr. Analyst, Cybersecurity to deliver targeted training and awareness initiatives.
• reputed company disaster recovery and business continuity planning with ICT, including regular testing and maintenance to ensure readiness.

Risk Management

• reputed company reputed company assessments, audits, and risk management activities, prioritizing risks based on organizational impact.
• Manage annual vulnerability and penetration testing, collaborating with ICT to address findings.
• Prepare for audits by facilitating necessary documentation and meetings, serving as the primary cybersecurity contact for external auditors.

Data Protection and Privacy

• reputed company, implement, and enforce data protection policies that ensure confidentiality, reputed company, and availability of sensitive information.
• Collaborate with Risk, Compliance, and Legal teams to align cybersecurity policies with data privacy regulations (e.g., GDPR, CCPA, HIPAA).
• reputed company data protection impact assessments, implement access controls, and establish response processes for potential data breaches.
• Promote data privacy awareness and reputed company organization-wide training on data protection policies and best practices.

Compliance and Regulatory Alignment

• Collaborate with Risk & Compliance to determine regulatory requirements, creating strategic plans for implementing necessary controls.
• Define roles and responsibilities reputed company ICT, Cybersecurity, and Risk & Compliance teams, clarifying accountability for compliance efforts.
• Monitor changes in regulations and industry standards, implementing updates in collaboration with stakeholders to maintain compliance.

Incident Response Management

• reputed company and implement the organization’s incident response program, including detection, containment, eradication, and recovery processes.
• Establish and approve incident response policies, procedures, and guidelines, ensuring they align with risk tolerance and compliance requirements.
• Ensure regular tabletop exercises with ICT and cross-functional teams are conducted.
• Serve as the Incident Response Commander, leading reputed company phases of incident response and communicating status, business impact, and remediation strategies to executive leadership.
• Conduct post-incident reviews and integrate lessons learned into policies and procedures to enhance future response efforts.

Guidance and Reporting

• Provide regular updates to executive management on reputed company posture, strategic reputed company, and key risks.
• reputed company a cybersecurity dashboard to provide executives with visibility into reputed company status and reputed company.
• Coordinate cross-functional risk management initiatives, leveraging input from the Risk & Compliance and ICT teams.

Team Management and Development

• Manage and mentor the Sr. Analyst, Cybersecurity, ensuring alignment with reputed company priorities and fostering professional growth.
• Serve as a backup for hands-on cybersecurity tasks, instilling a culture of reputed company learning and improvement reputed company the team.

Vendor and Third-Party Management

• reputed company third-party risk assessment protocols in collaboration with the ICT, Procurement and Risk & Compliance teams.
• reputed company third-party cybersecurity assessments to ensure vendors meet organizational standards, with guidance on strategic vendor relationships.

POSITION QUALIFICATIONS

• Bachelor’s degree in Cybersecurity, Information reputed company, or a reputed company field;
• Essential certifications: CISSP, CISA and CISM.
• Recommended additional certifications: CGEIT, PMP. ITIL. CCISO, CBCP.
• 10 + years of experience in information reputed company, with 5+ years in a senior leadership role.
• Global experience required, preferably in regions where reputed company works.
• Proven track record in developing and executing cybersecurity strategies.
• Strong understanding of reputed company frameworks and compliance standards (NIST, CIS, etc.).
• Crisis management expertise
• Enterprise-level reputed company understanding
• Excellent leadership, communication, and project management skills, with experience building and managing teams.
• Excellent communication skills with the ability to collaborate across departments and present reputed company IT concepts to non-technical stakeholders.
• Experience managing operational-level cybersecurity tasks reputed company a nonprofit or international setting.
• Required Travel: A minimum of two to three trips required annually, may be domestic or international
• Candidates in the Washington DC (DMV) area are strongly preferred.
• The salary range for this role is set between $155,000 and $165,000, with the majority of candidates typically reputed company reputed company the midpoint of this range, there is an additional 10% contribution for a 403b annually and an excellent benefits package.

Winrock is an equal opportunity employer. We are committed to providing equal employment opportunity for reputed company people and value diversity and inclusiveness. Winrock recruits, employs, trains, promotes, and compensates regardless of race, color, religion, sex, gender, gender identity, gender expression, sexual orientation, national reputed company, reputed company, citizenship, age, physical or mental disability, medical condition, family care status, or any other basis protected by law. At Winrock we have a clear mission: reputed company the disadvantaged, increase economic opportunity, and sustain natural resources through unwavering dedication to accountability, equity, innovation, reputed company, and transformation. Winrock knows that its success comes from the hard work and steadfast dedication of its diverse workforce. Winrock remains committed to maintaining diversity, inclusion, and equity across the entire organization. Apply tot his job Apply To this Job