Position Summary
- The Director of Cybersecurity, Governance, Risk & Compliance will be responsible for oversight of Neptune’s GRC practice in addition to Application & Product Security. This role will lead a team of cybersecurity professionals to effectively manage regulatory & compliance requirements, perform risk assessments, manage security policy, control frameworks, cyber training & awareness, set/enforce security standards to protect internal workloads, commercial software and hardware products, while supporting audit activities in partnership with external stakeholders. The Director of Cybersecurity, Governance, Risk & Compliance will work closely with senior leadership to continuously improve Neptune’s cybersecurity posture and support the business goals & objectives.
Responsibilities:
- Governance & Compliance Management
- Governance & Assurance: Lead continuous governance, assurance, and risk management across Neptune’s cybersecurity environment, ensuring that all business activities comply with relevant regulatory, corporate, and governmental requirements.
- Regulatory Compliance: Ensure compliance with key regulatory standards such as SOX, GDPR, and ISO 27001, and ensure cybersecurity practices meet these evolving requirements.
- Audit Leadership: Coordinate and manage both internal and external security audits, including Roper Cybersecurity & Privacy Audits, annual internal SOX audits, and external PWC SOX audits.
- Security Metrics & Reporting: Maintain and report on key cybersecurity metrics and KPIs, delivering regular updates to senior leadership on a monthly, quarterly, and annual basis. Use data-driven insights to inform decision-making and risk management strategies.
- Application & Product Security
- Product Security Strategy: Develop and implement product security strategies that integrate security best practices into all stages of the product lifecycle, from design to development and deployment.
- Security by Design: Ensure security is embedded in the design of Neptune’s products and services by collaborating closely with product development teams to integrate secure coding practices, architecture reviews, and vulnerability testing.
- Application Security: Lead application security initiatives, including secure code reviews (i.e. SAST/DAST, SCA), application vulnerability assessments/remediations, and penetration testing for all Neptune applications.
- Vulnerability Management: Ensure the timely identification and remediation of vulnerabilities in both internal applications and customer-facing products. Implement automated testing and security validation tools to enhance the organization’s security posture.
- Risk Management, Data Privacy & Cyber Awareness
- Risk Assessments: Conduct internal and external cyber risk assessments to identify vulnerabilities and drive the implementation of risk mitigation strategies.
- Cyber Risk Register: Maintain and update Neptune’s Cyber Risk Register, providing accurate and timely reporting to leadership on potential risks and their mitigation status.
- Third-Party Risk Management: Oversee the third-party risk management program, conducting thorough risk assessments on vendors and partners to ensure they meet Neptune’s cybersecurity standards.
- Policy Development & Maintenance: Lead the development, implementation, and enforcement of Neptune's cybersecurity and IT security policies and procedures. Ensure these policies are regularly reviewed and updated to remain aligned with current best practices and regulatory requirements.
- Cybersecurity Training Program: Maintain and enhance Neptune’s cybersecurity awareness and training program. Ensure all employees understand security best practices, are aware of current threats, and adhere to company policies and procedures.
- Culture Development: Foster a security-first mindset across the organization, ensuring cybersecurity is embedded in every facet of business operations and product development.
- Strategic Leadership & Team Development
- Team Leadership & Development: Lead and mentor a team of cybersecurity professionals specializing in governance, risk management, product security, and application security. Provide guidance and support to ensure high performance and professional growth.
- Cross-Functional Collaboration: Collaborate with product development, IT, legal, compliance, and other departments to ensure that cybersecurity initiatives align with broader organizational objectives.
- Stakeholder Engagement
- Executive Communication: Partner with the VP – Cyber Security & Compliance and other leaders within the security team to provide regular updates to senior leadership and stakeholders on Neptune’s cybersecurity risks, compliance efforts, product security initiatives, and key operational metrics. Ensure clear and consistent communication with investors and other external stakeholders.
Requirements
- Education
- Bachelor’s degree in Cybersecurity, Information Technology, or a related field. A master’s degree in a relevant discipline is preferred.
- Experience
- Minimum of 10 years of experience in relevant fields such as Digital technology, cybersecurity, governance, risk management, application & product security, and compliance.
- Proven experience in implementing security best practices within the product development lifecycle, including secure coding, architecture reviews, and application security testing.
- Strong background in regulatory compliance, including SOX, GDPR, PCI, and conducting internal and external audits.
- Experience managing third-party vendor assessments and maintaining risk registers.
- Technical Skills
- Deep expertise in Governance Risk & Compliance, Product security, Application security, and Application vulnerability management. Proficiency with security tools and technologies used for secure software development and automated security testing.
- Strong knowledge of security frameworks such as NIST, COBIT, OWASP, and ISO 27001, with experience integrating these frameworks into product security strategies.
- Previous experience with coding and quality/secure code reviews (SAST, DAST, SCA).
- Leadership & Soft Skills
- People Management: Proven ability to lead, mentor, and manage a diverse team of cybersecurity professionals across various domains including governance, compliance, product security, and application security.
- Strategic Vision: Demonstrated experience in building and executing cybersecurity strategies that are aligned with both technical and business objectives.
- Communication Skills: Strong verbal and written communication skills, capable of presenting complex security concepts to non-technical stakeholders, executives, and board members.
- Problem Solving & Analytical Skills: Advanced problem-solving abilities, with a strong focus on anticipating security challenges and proactively addressing them.
- Certifications
- Relevant certifications such as GSLC, GSNA, CISSP, CISM, CRISC, or CSSLP (Certified Secure Software Lifecycle Professional) are highly desirable.
- Languages
- Proficiency in English is required, Spanish would be a plus.
- Travel Requirements: Typically requires overnight travel less than 10% of the time.
- Location: Tallassee, AL; Duluth, GA
#HP1
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)
#J-18808-Ljbffr