Associate Director, Cybersecurity

Role Summary

The Associate Director, Cybersecurity leads the development and execution of the enterprise-wide cybersecurity program, overseeing design, implementation, and continuous improvement of security solutions and processes to protect information assets. The role requires assessing cyber risk, defining mitigation plans, driving execution, and collaborating with IT and business stakeholders to foster a culture of security and compliance. This position is based in Lexington, MA with a hybrid schedule.

Responsibilities

• Lead the development, execution, and continuous improvement of the enterprise cybersecurity program, aligning with business objectives and regulatory requirements.
• Oversee risk management activities, including risk assessments, threat modeling, vulnerability management, and the development of risk mitigation strategies.
• Direct the evaluation, selection, and implementation of security technologies, tools, and practices to ensure robust protection of systems and data.
• Lead incident response planning and execution, including oversight of the Security Operations Center, triage, investigation, forensics, and post-incident reviews.
• Develop and maintain security policies, standards, and procedures in accordance with industry frameworks (e.g., NIST, CIS, ISO) and Zero Trust principles.
• Partner with IT infrastructure, operations, and application teams to drive initiatives that mitigate risk and enhance security posture.
• Stay current with emerging threats, regulatory changes, and advancements in cybersecurity technologies and industry trends.
• Oversee and deliver security awareness and training programs for IT and business teams.
• Ensure compliance with all relevant laws, regulations, and internal policies.
• Prepare and manage the cybersecurity program budget and resource allocation.

Qualifications

• Minimum of 8 years of progressive experience in IT and cybersecurity roles, with at least 3–5 years in a leadership or management capacity.
• Bachelor’s or Master’s degree in Computer Science, Information Security, or related field preferred. Relevant experience may be considered in lieu of a degree.
• Deep understanding of security frameworks (NIST, CIS, ISO), risk management methodologies, and Zero Trust architecture.
• Demonstrated experience with cloud security (AWS, Azure), network security, IAM, data protection, endpoint security, and security operations.
• Demonstrated success in managing vendor relationships, defining service levels, and managing accountability.
• Proficiency with SIEM, firewalls, IDS/IPS, EDR, vulnerability management, and anomaly detection platforms.
• Strong written and verbal communication skills, with the ability to influence and engage stakeholders at all levels.
• Strong commitment to compliance, ethical standards, and continuous improvement.
• Ability to work in a fast-paced environment and manage multiple priorities.