Associate Director - Cybersecurity Posture and Hygiene (Remote)

Role Summary

The Associate Director, Security Posture and Hygiene leads the strategy, design, and implementation of the security posture and hygiene program across a diverse IT landscape, including on‑premise and cloud. The role focuses on monitoring and remediating security control gaps and leveraging CIS Top 18 controls to strengthen cybersecurity standards and practices. This position can be based remotely anywhere in the U.S.

Responsibilities

• Develop a comprehensive strategy for the security posture and hygiene program.
• Assemble and manage a team dedicated to implementing, assessing, and maturing the CIS Top 18 critical controls and their safeguards.
• Develop and execute strategies for continuous monitoring and improvement of security controls and configurations across enterprise systems.
• Ensure the hygiene of security configurations by establishing and enforcing policies, procedures, and standards to prevent unauthorized access and data breaches.
• Collaborate with IT, networking, and other departments to align security measures with organizational goals and compliance requirements.
• Develop and maintain documentation on security controls, assessments, incidents, and improvements.
• Conduct regular assessments to determine the maturity of each security control, identifying areas for improvement and recommending enhancements.
• Foster strong partnerships with technology and domain stakeholders to ensure seamless integration and compliance of security practices across the enterprise.
• Stay updated on cybersecurity trends, threats, and technologies to adapt security strategies.
• Lead initiatives to educate and train team members and the wider organization on cybersecurity best practices and a forward-thinking security posture.
• Ensure security programs adhere to laws, regulations, and policies, updating practices to meet new standards.
• Oversee daily operations, including targeted assessments, risk management, and response strategies to maintain security and resilience.
• Build collaborative relationships with business and technology senior leaders.
• Maintain expert-level knowledge in relevant domains.
• Build metrics and dashboards to provide stakeholders with actionable insights into the security posture of technologies.

Qualifications

• Bachelors Degree and 9 years of experience OR Masters Degree and 8 years of experience OR PhD and 4 years of experience
• Proven leadership in cybersecurity with experience in managing security posture and hygiene strategies in complex IT environments
• Expert knowledge of operating systems, networking, systems administration, cloud services, applications, and security technologies
• Expert knowledge of cybersecurity terminology, concepts, and threat landscape
• Deep understanding of risk management principles and their integration into security practices
• Experience with CIS Top 18 controls and familiarity with CIS Controls IGs methodology
• Innovative, adaptable, with strong critical thinking and analytical skills
• Strong leadership and collaboration skills with business and technical groups
• Excellent written and verbal communication, able to convey technical insights to diverse stakeholders
• Ability to interface effectively with clients, IT management, and staff
• Desire to continuously learn and stay current in cybersecurity
• Professional cybersecurity certifications (e.g., CISSP, CISM, CIS Controls) are highly desirable

Skills

• Cybersecurity strategy and program management
• Security controls implementation and maturity modeling
• Security governance, risk, and compliance
• Team leadership and cross-functional collaboration
• Threat monitoring, incident response, and remediation
• Documentation, reporting, and metrics/dashboards

Education

• As listed in Qualifications (degree requirements vary by level) and relevant professional certifications

Additional Requirements

• Remote work eligibility within the U.S.