Duties & Responsibilities: Senior Director, IT SecurityJob SummaryVIAVI is seeking a visionary and execution-oriented Chief Information Security Officer (CISO) to lead and transform the company's global information security program. Reporting directly to the CIO and serving as a key advisor to the cybersecurity steering committee, the CISO will own VIAVI's enterprise security strategy, architecture, operations, and culture. The ideal candidate brings deep technical expertise, a track record of building mature security programs in complex global environments, and the executive presence to drive security-first thinking across engineering, cloud, product, and go-to-market functions.
Key ResponsibilitiesStrategic Leadership- Define and execute the company's global information and cybersecurity strategy aligned with business objectives, risk appetite, and growth plans.
- Serve as the primary cybersecurity advisor to the CIO, executive leadership team, and Board of Directors on cyber resilience, threat landscape, and program maturity.
- Partner with the CTO, CIO, CFO, General Counsel, and other senior leaders to align security investments with enterprise strategy, product direction, and operational priorities.
- Embed security into VIAVI's products and AI initiatives, extending secure-by-design principles to hardware, firmware, and software offerings.
- Champion a security-first culture across VIAVI's global workforce through training, clear policies, and executive engagement.
Security Governance, Risk and Compliance- Lead enterprise-wide security governance, policy development, standards, and oversight mechanisms.
- Own and maintain the enterprise cyber risk register, including identification, prioritization, treatment, and reporting of material information security risks.
- Establish and maintain security programs aligned to leading frameworks and regulatory requirements, including ISO 27001, CMMC/DFARS, FedRAMP, EU CRA, UK CEP, and other applicable standards.
- Develop metrics and reporting to assess security program effectiveness, risk reduction, compliance status, and operational maturity.
- Establish and lead a comprehensive third-party cybersecurity risk management program to assess, monitor, and mitigate risks associated with vendors, cloud providers, SaaS platforms, outsourced service providers, and strategic technology partners.
Security Operations, Incident Management & Business Continuity- Lead security operations across monitoring, detection, triage, escalation, containment, and remediation activities.
- Oversee and optimize the company's use of SIEM, DLP, endpoint security, vulnerability management, attack surface management, zero trust, SSE and related technologies
- Ensure strong cloud security architecture and operations, including identity and access management, network security, logging, data encryption, secrets management, posture management, and cloud-native controls.
- Own and continuously test the company's incident response plan, playbooks, escalation procedures, stakeholder communications, and cyber incident preparedness through executive tabletop exercises, cross-functional simulations, and lessons-learned remediation.
- Direct crisis response during security incidents and ensure effective executive communications and stakeholder coordination
- Oversee coordination of business continuity and disaster recovery planning in partnership with IT and business leaders.
Product and AI security- Embed security into the software development lifecycle by partnering with Engineering, Product, and DevOps teams on Threat modeling, Secure design & coding practices, Vulnerability remediation, Penetration testing, and Secure release processes
- Ensure security is designed into the company's products, platforms, and AI initiatives, with appropriate controls for data protection, model security, access governance, and responsible use.
Pre-Requisites / Skills / Experience Requirements: Required Qualifications- 15+ years of experience in information security, cybersecurity, risk management, or IT leadership roles, with at least 5+ years in senior security leadership positions.
- Bachelor's degree in Computer Science, Information Security, Information Systems, or a related discipline; Master's degree preferred.
- Proven success building, transforming, or maturing security programs in high-growth, global technology environments, including establishing a Security Operations Center.
- Deep understanding of information security frameworks, technologies, and architectures, including cloud security, data protection, network security, and enterprise identity.
- Experience/knowledge of the following technologies such as SIEM tools, DLP, Firewalls, EDR technologies, VPNs, authentication tools, etc.
- Experience with ISO 27001, CMMC, FedRAMP, ITAR/EAR, and related compliance or regulatory environments.
- Background in industrial technology, hardware/IoT security, manufacturing, defense, aerospace, or government-regulated sectors.
- Professional certifications such as CISSP, CCISO, or equivalent is desirable.
