What are the responsibilities and job description for the Director, Cyber Security position at NRUCFC (National Rural Utilities Cooperative Finance Corporation)?
Job Summary
The Director, Cyber Security is the senior most technical risk management leader responsible for defining, executing, and continuously evolving the organization’s cyber security strategy to manage enterprise cyber security risk. Operating within the Information Technology organization, this role ensures cyber security capabilities are intentionally aligned with business objectives, regulatory requirements (SOX, SSAE 18, FINRA, etc.), and risk tolerance while enabling secure and resilient operations. This role provides strategic leadership across security governance, risk management, architecture, operations, and incident response. The Director serves as a trusted advisor to executive leadership, business partners, and the Board of Directors, translating cyber security risk into business context and ensuring security is embedded throughout technology delivery and operations.
Essential Tasks And Responsibilities
Risk Management, Security Architecture, Security Operations, Incident Response, Regulatory Compliance, Vendor Management, Financial Stewardship, Executive Stakeholder Engagement
Competencies
Risk & Security Enablement, Operational Excellence, Strategic Leadership, Interpersonal Excellence, Change Leadership, Influencing Skills, Decision-Making
Work Environment
This position requires minimal travel.
Benefits & Additional Information
CFC offers a comprehensive and competitive benefits package including hybrid work options, annual incentive opportunities, an employer-paid pension plan, 401(k), medical, dental and vision coverage, and a generous leave policy. Employees also enjoy access to an onsite gym and a more supportive, professional work environment. For additional information, please visit our website at www.nrucfc.coop. CFC is an Equal Opportunity Employer committed to fostering a diverse and inclusive workforce.
The Director, Cyber Security is the senior most technical risk management leader responsible for defining, executing, and continuously evolving the organization’s cyber security strategy to manage enterprise cyber security risk. Operating within the Information Technology organization, this role ensures cyber security capabilities are intentionally aligned with business objectives, regulatory requirements (SOX, SSAE 18, FINRA, etc.), and risk tolerance while enabling secure and resilient operations. This role provides strategic leadership across security governance, risk management, architecture, operations, and incident response. The Director serves as a trusted advisor to executive leadership, business partners, and the Board of Directors, translating cyber security risk into business context and ensuring security is embedded throughout technology delivery and operations.
Essential Tasks And Responsibilities
- Define and execute the enterprise cyber security strategy aligned with business objectives, IT strategy, and enterprise architecture roadmaps.
- Establish and maintain a comprehensive cyber security program covering governance, risk, compliance, security operations, security engineering, and incident response.
- Lead the identification, assessment, and management of cyber security risks; translate technical risk into clear business impact and actionable mitigation strategies.
- Oversee security architecture and engineering practices to ensure security is embedded into applications, infrastructure, cloud platforms, and data environments by design.
- Direct security operations capabilities include monitoring, threat detection, vulnerability management, and incident response to ensure timely and effective protection and recovery.
- Develop, maintain, and test incident response, crisis management, and cyber resilience plans in collaboration with IT and business leaders.
- Ensure compliance with applicable regulatory, legal, and industry security requirements through effective governance, controls, and audit readiness.
- Establish cyber security policies, standards, and metrics; regularly report security posture, risks, and trends to executive leadership, business partners, and the Board of Directors.
- Lead vendor and partner relationships related to security tools, managed services, assessments, and advisory services. Ensure cost effective, right sized solutions are implemented commensurate to risk.
- Build, mentor, and develop a high performing cyber security organization with strong technical depth and business acumen.
- Educational Requirements: Bachelor’s degree in computer science, information systems, engineering, or related field
- Minimum Experience: Ten (10) years of progressive experience with cyber security, information security, or technology risk-related roles with five (5) years in a formal leadership capacity accountable for enterprise-scale security programs.
- Licensure or other certifications:
- Preferred Educational Requirements: Bachelor’s degree in computer science, information systems, engineering, or related field
- Preferred Experience:
- Preferred Licensure or other certifications:
Risk Management, Security Architecture, Security Operations, Incident Response, Regulatory Compliance, Vendor Management, Financial Stewardship, Executive Stakeholder Engagement
Competencies
Risk & Security Enablement, Operational Excellence, Strategic Leadership, Interpersonal Excellence, Change Leadership, Influencing Skills, Decision-Making
Work Environment
This position requires minimal travel.
Benefits & Additional Information
CFC offers a comprehensive and competitive benefits package including hybrid work options, annual incentive opportunities, an employer-paid pension plan, 401(k), medical, dental and vision coverage, and a generous leave policy. Employees also enjoy access to an onsite gym and a more supportive, professional work environment. For additional information, please visit our website at www.nrucfc.coop. CFC is an Equal Opportunity Employer committed to fostering a diverse and inclusive workforce.