Director of Cybersecurity & Compliance

L+M Development Partners

$130K — $180K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 7+ years of progressive experience in cybersecurity, including 3 years in a senior or lead technical role
  • Hands-on expertise in configuring, operating, and troubleshooting security tools
  • Deep knowledge of Microsoft 365 security, Entra ID/Azure AD, Conditional Access, and Defender suite
  • Experience managing Managed Email Security and MDR engagements
  • Strong understanding of PII handling obligations and multi-state regulatory requirements
  • Familiarity with NIST Cybersecurity Framework and its operationalization
  • Experience developing and enforcing security policies and training programs

Responsibilities

  • Administer and optimize Microsoft 365 security configurations
  • Manage email security and MDR platforms for threat detection
  • Oversee 24/7 threat monitoring and serve as the primary escalation contact
  • Administer firewall and network security controls
  • Implement and maintain DLP policies for PII protection
  • Own incident response and data breach management
  • Build and maintain a NIST-aligned cybersecurity governance framework

Benefits

  • Competitive compensation package
  • Comprehensive benefits offering
  • Career growth potential in a dynamic company
  • Engagement with advanced security technologies in a supportive environment
  • Impactful role in enhancing company-wide cybersecurity culture
Full Job Description
Position Summary

L+M Development Partners is seeking a hands-on Director of Cybersecurity & Compliance to lead and execute the company's information security strategy. This is a practitioner-level role - not a purely advisory or oversight position - requiring someone who can configure controls, manage platforms, and drive real security outcomes alongside the IT team.

The Director will own the day-to-day operation of L+M's security stack, manage MDR vendor relationships, lead the company's response to cyber security incidents, build a formal governance and compliance program, and serve as the internal security authority for staff, leadership, and vendors.

Key Responsibilities

Security Operations & Platform Management
  • Administer and optimize Microsoft 365 / Entra ID security configurations, including Conditional Access, MFA policies, and re-authentication session controls.
  • Manage and tune email security platforms, MDR and firewalls for threat detection and PII content filtering;
  • Oversee email security and MDR engagement for 24/7 threat monitoring; serve as primary internal contact for escalation and incident triage
  • Administer firewall and other network security controls and access policies
  • Manage restrictions on personal email access, personal device access to SharePoint/company resources, and shared drive to OneDrive/SharePoint migration security controls
  • Implement and maintain DLP policies to prevent PII from being transmitted via email, with programmatic deletion of historical PII from employee mailboxes
  • Own incident response, remediation and data breach management and reporting
  • Investigate and document security incidents; produce post-incident reports for leadership and the board

Governance, Risk & Compliance
  • Build and maintain a NIST-aligned cybersecurity governance framework, incorporating the findings from third-party pen tests, cyber assessment and governance strategy engagement
  • Develop and enforce company-wide information security policies, including acceptable use, data classification, PII handling, and vendor security requirements
  • Create a vendor security program with tiered controls based on risk level; ensure new and high-risk vendors meet MFA, cybersecurity training, and contractual security requirements
  • Manage PII data handling policies for all company platforms; define retention, access, and deletion procedures
  • Coordinate with legal counsel on multi-state regulatory compliance, notification windows, and data privacy obligations
  • Support cyber insurance renewals and carrier requirements; work with the Insurance team to assess and close coverage gaps.

Security Awareness & Culture
  • Design and operate an employee security awareness training program; manage phishing simulation campaigns and track employee performance
  • Help develop and enforce consequences for repeat security policy violations, including integration of phishing test results into annual performance review processes
  • Provide advance training prior to new policy enforcement
  • Communicate clearly with non-technical staff on security changes that affect daily workflows

Leadership & Strategic Reporting
  • Serve as the internal subject matter expert on cybersecurity for the CTO, executive team, and board
  • Prepare and present cybersecurity metrics, risk posture updates, and strategic recommendations to leadership
  • Manage vendor relationships and procurement for security tools; evaluate and recommend platforms
  • Define and track a cybersecurity roadmap aligned with NIST maturity milestones


Required Qualifications

  • 7+ years of progressive experience in cybersecurity, with at least 3 years in a senior or lead technical role
  • Hands-on, practitioner-level expertise - this role requires the ability to configure, operate, and troubleshoot security tools directly
  • Deep expertise with Microsoft 365 security, Entra ID / Azure AD, Conditional Access, and Defender suite
  • Experience managing or overseeing Managed Email Security and MDR engagements
  • Experience with email security platforms.
  • Strong working knowledge of PII handling obligations, data breach notification laws, and multi-state regulatory requirements
  • Familiarity with NIST Cybersecurity Framework and the ability to translate it into practical operational controls
  • Experience developing and enforcing security policies, vendor security requirements, and employee training programs


Preferred Qualifications

  • CISSP, CISM, CISA, or equivalent professional certification
  • Experience in real estate, property management, affordable housing, or regulated industries with PII-intensive operations
  • Familiarity with property management platforms and their data security considerations
  • Experience working with outside legal counsel and cyber insurance carriers
  • Background conducting or managing external cybersecurity assessments
  • Exposure to DLP tools, SIEM/SOAR platforms, and network access control within a Microsoft-heavy environment

L+M offers competitive compensation and benefits and tremendous potential with a growing residential real estate developer/builder organization.

Disclaimer: Nothing in this job description restricts management's right to assign or reassign duties and responsibilities to this job at any time.

Similar Jobs

More Jobs at L+M Development Partners

More Information Technology Jobs

Find similar Director of Cybersecurity & Compliance jobs: