VP of Cyber Security
Black Duck
full-time
Posted on:
Location Type: Remote
Location: United States
Visit company websiteExplore more
Job Level
About the role
- Own the 24-month global security roadmap developed with an external partner; drive planning, resource allocation, cross-region rollout, milestone tracking, and KPI delivery.
- Deliver and maintain certifications and frameworks: lead efforts to achieve ISO 27001 certification, align to the NIST Cybersecurity Framework, and ensure GDPR compliance (and applicable regional privacy laws).
- Lead the cybersecurity transformation: redesign the security operating model, establish regional capability hubs, hire and upskill teams, and integrate security into engineering and product lifecycles (DevSecOps).
- Modernize security tooling and architecture: define global architecture for IAM, cloud security, vulnerability management, SIEM/XDR, DLP, and secure SDLC integrations; manage vendor selection and lifecycle.
- Establish enterprise governance and risk programs: policy management, risk assessments, third-party risk, incident response, crisis management, business continuity, and regular tabletop exercises.
- Client-facing responsibilities (~20%): act as a senior security advisor to key global customers, lead security briefings and audits, support RFPs and security questionnaire responses, and maintain strong client relationships.
- Reporting and stakeholder communication: deliver executive and Board-level reporting on security posture, program progress, risk, and ROI.
- Manage external partners and audits: coordinate with the third-party consulting firm, external auditors, penetration testing vendors, and technology providers.
- People leadership: recruit, mentor, retain, and scale global security talent; define career paths, training programs, and local leadership to sustain capabilities.
Requirements
- 10+ years in cybersecurity leadership, including enterprise-scale, multi-region transformation and certification programs.
- Proven track record delivering ISO 27001 certification, NIST Cybersecurity Framework implementations, and GDPR compliance.
- Cloud security (AWS/Azure/GCP), IAM, secure SDLC/DevSecOps, vulnerability management, logging/SIEM/XDR, data protection.
- Demonstrated experience in client-facing roles supporting enterprise customers on security and audit matters.
- Excellent presentation skills for C-level and Board audiences across time zones and cultures.
- Bachelor’s degree in Computer Science, Information Security, or equivalent; relevant certifications such as CISSP, CISM, or ISO 27001 Lead
Benefits
- Black Duck considers all applicants for employment without regard to race, color, religion, sex, gender preference, national origin, age, disability, or status as a Covered Veteran in accordance with federal law.
- Black Duck complies with applicable state and local laws prohibiting discrimination in employment in every jurisdiction in which it maintains facilities.
- Black Duck also provides reasonable accommodation to individuals with a disability in accordance with applicable laws.
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
cybersecurity leadershipISO 27001 certificationNIST Cybersecurity FrameworkGDPR compliancecloud securityIAMsecure SDLCDevSecOpsvulnerability managementdata protection
Soft Skills
presentation skillsclient-facingpeople leadershipmentoringcommunicationstakeholder managementresource allocationcross-region collaborationrisk assessmentpolicy management
Certifications
CISSPCISMISO 27001 Lead