Recruiting.com

Senior Director, Cybersecurity Assessments and Assurance

Recruiting.com

full-time

Posted on:

Location Type: Remote

Location: ConnecticutTexasUnited States

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

Tech Stack

Cyber Security

About the role

  • Develop and lead a comprehensive cybersecurity assessments and assurance program to evaluate the security posture of the organization and its vendors
  • Oversee infrastructure and application compliance assessments to ensure alignment with security policies, frameworks, and regulatory standards
  • Design and execute annual critical assessments of key systems, applications, and processes, identifying gaps and driving remediation efforts
  • Manage the organization's third-party certifications (e.g., SOC 1, SOC 2, ISO 27001, NIST), ensuring timely attainment and renewal through effective coordination with internal teams and external auditors
  • Own the third-party risk assessment process, ensuring thorough onboarding, evaluation, and periodic reassessment of vendors
  • Oversee continuous monitoring of critical vendors to evaluate their adherence to contractual obligations, security requirements, and industry standards
  • Collaborate with procurement, legal, and vendor management teams to review and negotiate cybersecurity and data privacy clauses in contracts
  • Develop and maintain a risk-based methodology to prioritize and focus efforts on high-risk vendors and critical third-party relationships
  • Ensure compliance with applicable IT regulatory requirements, including but not limited to HIPAA, PCI-DSS, GxP, GDPR, and CCPA
  • Monitor the evolving landscape of cybersecurity regulations and standards, providing guidance to internal stakeholders on compliance obligations
  • Lead internal and external audits related to regulatory compliance, ensuring timely responses, remediation, and reporting
  • Collaborate with legal and compliance teams to address regulatory inquiries, assessments, and reporting needs
  • Implement and oversee a continuous monitoring program for critical systems, applications, and third-party relationships, leveraging tools and automation where possible
  • Establish and track key performance indicators (KPIs) and key risk indicators (KRIs) to measure the effectiveness of cybersecurity assessments, vendor management, and compliance programs
  • Provide regular reporting to senior leadership on the organization’s cybersecurity posture, highlighting risks, trends, and remediation progress
  • Lead and mentor a high-performing team of cybersecurity professionals responsible for assessments, assurance, and compliance activities
  • Foster collaboration with cross-functional teams, including IT, legal, procurement, internal audit, and business units, to align cybersecurity efforts with organizational objectives
  • Serve as the primary liaison with external auditors, regulators, and certification bodies, ensuring effective communication and coordination
  • Act as a trusted advisor to senior leadership, providing insights and recommendations on risk management, compliance, and assurance strategies

Requirements

  • Bachelor’s degree in Cybersecurity, Information Technology, Business Administration, or a related field (Master’s degree preferred)
  • 10+ years of experience in cybersecurity, risk management, or compliance, with at least 5 years in a leadership role managing teams and programs
  • Strong experience in third-party risk management, cybersecurity assessments, and regulatory compliance
  • In-depth knowledge of cybersecurity frameworks and standards, including SOC 1, SOC 2, ISO 27001, NIST CSF, and CIS Controls
  • Strong understanding of IT regulatory compliance requirements, including HIPAA, PCI-DSS, GDPR, GxP, and other applicable standards
  • Proven experience managing third-party risk assessment programs, including vendor onboarding, continuous monitoring, and contract reviews
  • Expertise in leading infrastructure and application compliance assessments to ensure adherence to internal policies and external requirements
  • Strong project management skills, with the ability to coordinate complex assessments, audits, and certifications across multiple teams and stakeholders
  • Exceptional communication and interpersonal skills, with the ability to influence and collaborate with senior leaders, technical teams, and external partners
  • Strong analytical and problem-solving skills, with the ability to identify risks, recommend mitigations, and drive resolution.
Benefits
  • Health insurance
  • 401(k) matching
  • Flexible working hours
  • Paid time off
  • Professional development opportunities

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
cybersecurity assessmentsthird-party risk managementregulatory compliancecybersecurity frameworksSOC 1SOC 2ISO 27001NIST CSFCIS Controlsproject management
Soft skills
communicationinterpersonal skillsleadershipanalytical skillsproblem-solvingcollaborationinfluencementoringcoordinationreporting
Certifications
CISSPCISMCRISCISO 27001 Lead AuditorSOC 1 CertificationSOC 2 CertificationNIST CertificationCISACompTIA Security+Certified Information Privacy Professional (CIPP)