About the Role

The Cybersecurity Director is responsible for providing strategic leadership across Business Wire's cybersecurity function, providing strategy, overseeing security architecture and infrastructure, guiding cybersecurity-related risk decisions across the organization, and advancing and managing a comprehensive Governance, Risk, and Compliance (GRC) program.

This role works collaboratively with all areas of the business to ensure that we maintain a robust and highly effective Information Security program for our existing solutions while also supporting the buildout of new client solutions hosted in our data centers and the cloud. This role provides oversight of our external cyber defense partner and drives efforts in cloud security, application security, identity and access strategies, Zero Trust, vulnerability management, email security, data protection, privacy requirements, and emerging technology risks-including AI.

This role is additionally responsible for establishing a robust security governance framework, ensuring compliance with internal and external audit requirements, fostering a security-first culture across the organization, and collaborating with cross-functional teams to integrate risk management practices into all business operations.

What You'll Do

• Develop and maintain cybersecurity and GRC strategy and long-term roadmap, with the goal of enhancing overall strategy in alignment with business objectives.
• Make continuous improvements to our security strategies to protect critical assets and data.
• Provide strategic decision-making and problem-solving to navigate complex security and regulatory landscapes.
• Manage a comprehensive Governance, Risk, and Compliance program in support of corporate audits, client assessments, and regulatory standards such as PCI DSS, SOC 2, and ISO 27001; ensure that our company meets all internal and external audit requirements.
• Conduct regular risk assessments and periodic penetration testing and vulnerability assessments to identify and mitigate potential threats to the organization's infrastructure, applications, and data.
• Manage the timely creation and dissemination of security-related communications including security awareness and training announcements, security compliance policies and processes, security alerts, and event messaging.
• Provide oversight in maintaining a successful collaborative relationship with our external cyber defense partner, including evaluation of service delivery performance and in alignment with BW's cybersecurity priorities.
• Provide strategic leadership during cybersecurity incidents, coordinating with IT, Legal, HR, Privacy, Communications, and other stakeholders, and act as executive-level point-of-contact.
• Offer senior-level guidance in developing and improving cybersecurity governance programs, policies, standards, and secure architecture guidelines.
• Oversee enterprise cybersecurity risk assessments and ensure corrective actions are prioritized and implemented effectively; provide direction for privacy and data protection initiatives.
• Provide leadership, guidance, and mentorship to cybersecurity and GRC team members, drive strong performance across all initiatives and support individual and team development.
• Act as a trusted advisor to senior leadership on cybersecurity risk, architecture decisions, and strategic measures.
• Use metrics to evaluate and track effectiveness of security, governance, and compliance initiatives.
• Leverage exceptional communication skills to translate technical requirements into actionable business solutions.

What You'll Need

• Ability to work in the San Francisco office an average of twice a week.
• Bachelor's or Master's degree in Computer Science, Information Security, or a related field.
• 10+ years of relevant industry experience in Information Security, with 5+ years of managerial and strategic leadership experience.
• Knowledge of data protection, privacy regulations, and cybersecurity governance frameworks.
• Expertise in cloud security, including AWS and Azure, as well as cybersecurity architecture, application security, identity management, and Zero Trust.
• Experience in data encryption, access controls, code reviews, and secure coding practices.
• Expertise in building and implementing GRC frameworks and risk management processes.
• Familiarity with regulatory compliance requirements, including PCI DSS, SOC 2, and ISO 27001.
• Certified Information Systems Security Professional (CISSP) or equivalent certification is a plus.
• Strong leadership and team-building skills.
• Excellent written and verbal communication skills with external and internal stakeholders and executives, and the ability to simplify complex cybersecurity topics. Ability to deliver constructive & encouraging feedback.
• Proactive, organized, analytical, detail-oriented, and persistent.
• Experience managing and overseeing external security service providers or technology partners.

Business Wire will not sponsor a new applicant for employment authorization for this position.

What We Offer

The base salary range for this position is $230K to $245K/year. Offered salary will be determined by several factors, including but not limited to: applicant's education, experience, knowledge, skills and abilities, as well as internal equity and alignment with geographic market data. Business Wire reserves the right to modify this salary range at any time.

Business Wire's total rewards include:

• Ability to work remotely
• Excellent health benefits that begin on your first day of employment
• $100 monthly fitness allotment, a tuition reimbursement program, and enhanced mental health resources
• 401(k) plan with generous company match, and annual profit sharing contribution (subject to company performance)
• PTO, Floating Holidays, Wellness Day Off, Birthday Day Off, and more!