Director, Cybersecurity

Summary

Join Winrock International as their Director, Cybersecurity! This leadership role requires defining and implementing the organization's cybersecurity roadmap, overseeing projects, and managing a team. You will develop and maintain security policies, manage risk, and ensure compliance with regulations. The position demands strong communication and collaboration skills, experience in a senior leadership role, and essential certifications (CISSP, CISA, CISM). Global experience, particularly in regions where Winrock operates, is required. The role offers a competitive salary and an excellent benefits package, including a 403b contribution.

Requirements

• Bachelor’s degree in Cybersecurity, Information Security, or a related field
• CISSP, CISA and CISM certifications
• 10 + years of experience in information security, with 5+ years in a senior leadership role
• Global experience required, preferably in regions where Winrock International works
• Proven track record in developing and executing cybersecurity strategies
• Strong understanding of security frameworks and compliance standards (NIST, CIS, etc.)
• Crisis management expertise
• Enterprise-level security understanding
• Excellent leadership, communication, and project management skills, with experience building and managing teams
• Excellent communication skills with the ability to collaborate across departments and present complex IT concepts to non-technical stakeholders
• Experience managing operational-level cybersecurity tasks within a nonprofit or international setting
• A minimum of two to three trips required annually, may be domestic or international

Responsibilities

• Define and communicate long-term security goals, objectives, and strategies aligned with organizational priorities and the evolving threat landscape
• Assess security posture to identify critical gaps and develop a cybersecurity maturity roadmap to guide improvement efforts
• Oversee cybersecurity projects, directing the Sr. Analyst, Cybersecurity to align initiatives with strategic objectives and the security roadmap
• Develop, implement, and maintain the organization’s cybersecurity strategy and policy framework, ensuring alignment with regulatory requirements and industry standards
• Ensure consistent application of cybersecurity policies across all environments, holding teams accountable for compliance and implementation
• Oversee cybersecurity architecture reviews and configuration enhancements to strengthen network security
• Manage the Security Awareness Program, collaborating with the Sr. Analyst, Cybersecurity to deliver targeted training and awareness initiatives
• Lead disaster recovery and business continuity planning with ICT, including regular testing and maintenance to ensure readiness
• Oversee security assessments, audits, and risk management activities, prioritizing risks based on organizational impact
• Manage annual vulnerability and penetration testing, collaborating with ICT to address findings
• Prepare for audits by facilitating necessary documentation and meetings, serving as the primary cybersecurity contact for external auditors
• Develop, implement, and enforce data protection policies that ensure confidentiality, integrity, and availability of sensitive information
• Collaborate with Risk, Compliance, and Legal teams to align cybersecurity policies with data privacy regulations (e.g., GDPR, CCPA, HIPAA)
• Lead data protection impact assessments, implement access controls, and establish response processes for potential data breaches
• Promote data privacy awareness and lead organization-wide training on data protection policies and best practices
• Collaborate with Risk & Compliance to determine regulatory requirements, creating strategic plans for implementing necessary controls
• Define roles and responsibilities within ICT, Cybersecurity, and Risk & Compliance teams, clarifying accountability for compliance efforts
• Monitor changes in regulations and industry standards, implementing updates in collaboration with stakeholders to maintain compliance
• Develop and implement the organization’s incident response program, including detection, containment, eradication, and recovery processes
• Establish and approve incident response policies, procedures, and guidelines, ensuring they align with risk tolerance and compliance requirements
• Ensure regular tabletop exercises with ICT and cross-functional teams are conducted
• Serve as the Incident Response Commander, leading all phases of incident response and communicating status, business impact, and remediation strategies to executive leadership
• Conduct post-incident reviews and integrate lessons learned into policies and procedures to enhance future response efforts
• Provide regular updates to executive management on security posture, strategic progress, and key risks
• Develop a cybersecurity dashboard to provide executives with visibility into security status and progress
• Coordinate cross-functional risk management initiatives, leveraging input from the Risk & Compliance and ICT teams
• Manage and mentor the Sr. Analyst, Cybersecurity, ensuring alignment with security priorities and fostering professional growth
• Serve as a backup for hands-on cybersecurity tasks, instilling a culture of continuous learning and improvement within the team
• Develop third-party risk assessment protocols in collaboration with the ICT, Procurement and Risk & Compliance teams
• Oversee third-party cybersecurity assessments to ensure vendors meet organizational standards, with guidance on strategic vendor relationships

Preferred Qualifications

• CGEIT, PMP. ITIL. CCISO, CBCP certifications
• Candidates in the Washington DC (DMV) area are strongly preferred

Benefits

• Salary range between $155,000 and $165,000
• 10% contribution for a 403b annually
• Excellent benefits package