Cyber Security Governance Lead

Key Responsibilities:

1. Cybersecurity Governance, Framework Ownership & IT Data Privacy

• Lead the development, maintenance, and oversight of cybersecurity governance structures, policies, standards, and procedures.
• Align governance activities with external frameworks and regulatory requirements (NIST, ISO, SOX, CMMC, etc.).
• Lead the governance operating committee and oversee regulatory changes and policy reviews.
• Manage the full lifecycle of cybersecurity policies and standards, ensuring approval, communication, and enforcement.
• Establish a common controls framework with clear accountability across IT, security, and business units.
• Lead the IT Data Privacy program, including policy reviews (e.g., Data Classification & Retention), privacy impact assessments, and data subject rights processes.

2. Regulatory & Customer Compliance Oversight

• Establish and maintain core cyber governance frameworks (NIST 800‑171, CMMC, ISO, ITAR/EAR).
• Develop System Security Plans (SSP) and standard responses to customer cybersecurity inquiries.
• Oversee audit readiness and coordinate responses to government, customer, and third‑party assessments.
• Provide assurance documentation on cybersecurity practices.

3. Supplier Security Governance

• Lead supplier security assessments during onboarding and on a recurring basis; ensure timely remediation of gaps.
• Define Supplier Security requirements and partner with Procurement to enforce them.
• Conduct cybersecurity training and awareness for high‑risk suppliers.

4. Cross‑Functional Collaboration & Cyber Leadership

• Drive alignment between IT, Security Engineering, Legal, Compliance, HR, and business units.
• Strengthen cyber leadership culture by fostering ownership, accountability, and informed decision-making.
• Oversee cybersecurity training and awareness programs.