- Company Name
- Tivella
- Job Title
- Cybersecurity Director
- Job Description
-
**Job Title**
Cybersecurity Director
**Role Summary**
Lead and manage a global cybersecurity program for a complex, multi‑cloud, AI‑centric environment. Align security strategy with business objectives, enforce governance based on ISO 27001, PCI‑DSS, SOC 2 Type 2, CMMC, and other frameworks, and protect AI models, cloud services, and hybrid infrastructure against evolving threats.
**Expectations**
- Deliver end‑to‑end cyber protection for AI/ML platforms and multi‑cloud architectures (AWS, Azure, GCP).
- Maintain compliance with international security standards (ISO 27001, PCI‑DSS, SOC 2 Type 2, CMMC, FedRamp, ISO 42001, NIST 800‑53).
- Communicate risks and initiatives to senior leadership, ensuring business continuity while strengthening security posture.
- Foster a security‑first culture through training, awareness, and global policy enforcement.
- Manage vendors, consultants, and auditors; oversee incident response readiness and real‑world cyber event handling.
**Key Responsibilities**
- Design, implement, and continuously improve a global cybersecurity strategy, architecture, and governance.
- Secure AI platforms and ML pipelines, protecting model integrity, confidentiality, and robustness.
- Oversee cloud security for AWS, Azure, GCP, and hybrid environments, leveraging CSPM, CWPP, CNAPP, and DevSecOps pipelines.
- Coordinate with legal, compliance, engineering, and operations to meet regulatory, contractual, and audit requirements worldwide.
- Lead incident‑response exercises, manage real‑time cyber incidents, and report post‑incident findings.
- Conduct vulnerability management, threat monitoring, and security monitoring across all environments.
- Manage relationships with external vendors, consultants, and auditors, ensuring quality and compliance.
- Champion cybersecurity awareness programs, executive training, and enforcement of global policies.
**Required Skills**
- 12+ years in cybersecurity, 7+ in senior leadership.
- Deep expertise in AI security (model attacks, data poisoning, adversarial ML).
- Proven experience securing cloud‑native architectures (AWS, Azure, GCP).
- Advanced knowledge of ISO 27001, PCI‑DSS, SOC 2 Type 2, CMMC L1‑L3, FedRamp, ISO 42001, NIST 800‑53.
- Global program management across multiple regions.
- Risk management, compliance reporting, audit process expertise.
- Excellent communication of complex security concepts to executive and non‑technical audiences.
- Ability to perform under high‑pressure, fast‑moving environments.
**Required Education & Certifications**
- Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience).
- Certifications preferred: CISSP, CCSP, CISA, CISM, ISO 27001 Lead Auditor, or similar.