Director of Cybersecurity & Compliance

Ogden, UT

Hybrid in office 1 day

Job Summary

The Director of Cybersecurity for Becklar will work with the CTO and VP of Information Security to lead the organization�s efforts to secure its digital assets, safeguard sensitive information, and protect against cyber threats. This role involves developing and implementing a comprehensive cybersecurity strategy, managing risk, ensuring compliance with relevant regulations, and fostering a culture of security awareness across the organization.

Key Responsibilities

Strategic Leadership

• Continue to develop and execute a cybersecurity strategy aligned with organizational goals and industry standards.

• Lead cybersecurity risk management efforts to identify, assess, and mitigate potential threats and vulnerabilities.

• Drive the organization�s SOC 2 initiative by designing and implementing policies, controls, and processes to meet the trust service criteria.

• Stay updated on emerging cyber threats, regulatory requirements, and technology trends to adapt the organization�s security posture.

• Collaborate with executive leadership to align cybersecurity initiatives with business priorities.

Operational Management

• Input on implementation, and management of security solutions, including firewalls, intrusion detection/prevention systems, endpoint protection, and network monitoring tools.

• Establish and maintain incident response plans to quickly detect, contain, and recover from cybersecurity incidents.

• Lead vulnerability assessments, penetration testing, and security audits to ensure ongoing system integrity.

• Coordinate disaster recovery and business continuity planning efforts related to cybersecurity.

Policy Development & Compliance

• Develop and enforce security policies, standards, and best practices, with an emphasis on SOC 2 trust service principles (security, availability, processing integrity, confidentiality, and privacy).

• Oversee SOC 2 readiness assessments and collaborate with internal and external auditors to facilitate the certification process.

• Ensure compliance with other data protection regulations when needed (e.g., GDPR, HIPAA, CCPA) and industry standards (e.g., ISO 27001, NIST).

• Monitor adherence to security protocols and conduct regular compliance reviews.

Team Leadership & Collaboration

• Collaborate with IT, legal, and other departments to integrate security practices across the organization.

• Conduct security awareness training to educate employees about potential risks and safe practices.

Vendor and Budget Management

• Manage relationships with third-party vendors, including security solution providers, consultants, and auditors.

• Oversee the cybersecurity budget, ensuring cost-effective allocation of resources.

Technical Skills

• Strong knowledge of cybersecurity frameworks, tools, and technologies.

• Expertise in threat analysis, risk assessment, and incident response.

• Familiarity with cloud security and secure hardware and software development practices.

• Proficiency in network architecture and security protocols.

Leadership and Communication

• Exceptional leadership, organizational, and decision-making abilities.

• Strong communication skills to convey complex security concepts to non-technical stakeholders.

• Proven ability to manage and lead cross-functional teams.

Key Performance Indicators (KPIs)

• Completion of SOC 2 readiness assessments and successful audit outcomes.

• 100% Employee participation in security training programs.

• Progress in implementing and updating security technologies.

• Establish and maintain a comprehensive incident response plan to ensure rapid detection, containment, and resolution of potential security incidents.

• Implement process and procedure for key security policies

• Strengthen the organization's security posture to minimize the risk of security incidents or breaches.

Other duties as prescribed - Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice

Job Qualifications / Skill Requirements:

• 5+ years combined IT, cyber/information security, risk, audit, compliance, with increasing responsibility

• 3 years in cybersecurity or field(s) related to the programs for which the role is responsible for

• Proven expertise in cybersecurity frameworks (NIST, ISO 27001), cloud security, risk assessment, and policy development

• Experience in leading or sponsoring implementation of technical security solutions within large organizations

• Ability to communicate effectively across multiple levels of the organization including managing through cross-business area or business unit prioritization discussions

• Strong relationship building skills; Must be able to work collaboratively and cooperatively as a team member, fostering an atmosphere of trust and respect

• Ability to influence all levels of staff and senior management in the decision-making process

• Deep understanding of IT infrastructure, program portfolio management, application design, and secure software development lifecycle (SDLC) methodologies