Position SummaryL+M Development Partners is seeking a hands-on Director of Cybersecurity & Compliance to lead and execute the company's information security strategy. This is a practitioner-level role - not a purely advisory or oversight position - requiring someone who can configure controls, manage platforms, and drive real security outcomes alongside the IT team.
The Director will own the day-to-day operation of L+M's security stack, manage MDR vendor relationships, lead the company's response to cyber security incidents, build a formal governance and compliance program, and serve as the internal security authority for staff, leadership, and vendors.
Key ResponsibilitiesSecurity Operations & Platform Management- Administer and optimize Microsoft 365 / Entra ID security configurations, including Conditional Access, MFA policies, and re-authentication session controls.
- Manage and tune email security platforms, MDR and firewalls for threat detection and PII content filtering;
- Oversee email security and MDR engagement for 24/7 threat monitoring; serve as primary internal contact for escalation and incident triage
- Administer firewall and other network security controls and access policies
- Manage restrictions on personal email access, personal device access to SharePoint/company resources, and shared drive to OneDrive/SharePoint migration security controls
- Implement and maintain DLP policies to prevent PII from being transmitted via email, with programmatic deletion of historical PII from employee mailboxes
- Own incident response, remediation and data breach management and reporting
- Investigate and document security incidents; produce post-incident reports for leadership and the board
Governance, Risk & Compliance- Build and maintain a NIST-aligned cybersecurity governance framework, incorporating the findings from third-party pen tests, cyber assessment and governance strategy engagement
- Develop and enforce company-wide information security policies, including acceptable use, data classification, PII handling, and vendor security requirements
- Create a vendor security program with tiered controls based on risk level; ensure new and high-risk vendors meet MFA, cybersecurity training, and contractual security requirements
- Manage PII data handling policies for all company platforms; define retention, access, and deletion procedures
- Coordinate with legal counsel on multi-state regulatory compliance, notification windows, and data privacy obligations
- Support cyber insurance renewals and carrier requirements; work with the Insurance team to assess and close coverage gaps.
Security Awareness & Culture- Design and operate an employee security awareness training program; manage phishing simulation campaigns and track employee performance
- Help develop and enforce consequences for repeat security policy violations, including integration of phishing test results into annual performance review processes
- Provide advance training prior to new policy enforcement
- Communicate clearly with non-technical staff on security changes that affect daily workflows
Leadership & Strategic Reporting- Serve as the internal subject matter expert on cybersecurity for the CTO, executive team, and board
- Prepare and present cybersecurity metrics, risk posture updates, and strategic recommendations to leadership
- Manage vendor relationships and procurement for security tools; evaluate and recommend platforms
- Define and track a cybersecurity roadmap aligned with NIST maturity milestones
Required Qualifications- 7+ years of progressive experience in cybersecurity, with at least 3 years in a senior or lead technical role
- Hands-on, practitioner-level expertise - this role requires the ability to configure, operate, and troubleshoot security tools directly
- Deep expertise with Microsoft 365 security, Entra ID / Azure AD, Conditional Access, and Defender suite
- Experience managing or overseeing Managed Email Security and MDR engagements
- Experience with email security platforms.
- Strong working knowledge of PII handling obligations, data breach notification laws, and multi-state regulatory requirements
- Familiarity with NIST Cybersecurity Framework and the ability to translate it into practical operational controls
- Experience developing and enforcing security policies, vendor security requirements, and employee training programs
Preferred Qualifications- CISSP, CISM, CISA, or equivalent professional certification
- Experience in real estate, property management, affordable housing, or regulated industries with PII-intensive operations
- Familiarity with property management platforms and their data security considerations
- Experience working with outside legal counsel and cyber insurance carriers
- Background conducting or managing external cybersecurity assessments
- Exposure to DLP tools, SIEM/SOAR platforms, and network access control within a Microsoft-heavy environment
L+M offers competitive compensation and benefits and tremendous potential with a growing residential real estate developer/builder organization.
Disclaimer: Nothing in this job description restricts management's right to assign or reassign duties and responsibilities to this job at any time.