Ziply Fiber is a local internet service provider dedicated to elevating the connected lives of the communities we serve. We offer the fastest home internet in the nation, a refreshingly great customer experience, and affordable plans that put customers in charge.
As our state-of-the-art fiber network expands, so does our need for team members who can help us grow and realize our goals.
Our Company Values:
- Genuinely Caring: We treat customers and colleagues like neighbors, with empathy and full attention.
- Empowering You: We help customers choose what is best for them, and we support employees in implementing new ideas and solutions.
- Innovation and Improvement: We constantly seek ways to improve how we serve customers and each other.
- Earning Your Trust: We build trust through clear, honest, human communication.
Job Summary
The Director, Cyber Security is a senior technology leader responsible for defining, advancing, and operationalizing an enterprise cybersecurity strategy and multi-year roadmap that protects the organization’s digital assets, systems, and sensitive information against an increasingly complex threat landscape.
This role provides both strategic direction and operational oversight of the cybersecurity function, ensuring alignment with business priorities, regulatory requirements, and risk tolerance. The Director partners closely with VP-level leadership and cross-functional stakeholders to embed cybersecurity into all aspects of the organization, enabling secure growth while maintaining a strong risk posture.
The successful candidate brings deep cybersecurity expertise, executive presence, and a demonstrated ability to lead organizations, influence senior stakeholders, and drive measurable improvements in security maturity across a dynamic, fast-paced environment.
Essential Duties and Responsibilities:
The Essential Duties and Responsibilities listed below are a range of duties performed by the employee and not intended to reflect all duties performed.
People Leadership & Talent Management
· Build, lead, and scale a high-performing cybersecurity organization, including management of managers and senior individual contributors.
· Establish organizational priorities, operating models, and accountability frameworks to ensure consistent delivery of security outcomes.
· Create and sustain a culture of continuous learning, leadership development, and technical excellence across the cybersecurity function.
· Drive succession planning and long-term talent strategy, ensuring depth of leadership capability across the organization.
· Partner with executive leadership and HR to attract, develop, and retain top-tier cybersecurity leadership and technical talent.
Cybersecurity Strategy, Governance & Program Management
· Own and continuously evolve the enterprise cybersecurity strategy, ensuring alignment with corporate objectives, risk tolerance, and business growth initiatives.
· Establish and report on KPIs, metrics, and maturity models to measure program effectiveness, risk reduction, and return on investment.
· Serve as a key advisor to VP-level leadership, translating cybersecurity risks into clear, actionable business decisions.
· Oversee the development, implementation, and governance of enterprise cybersecurity policies, standards, and frameworks aligned to industry best practices.
· Own cybersecurity financial planning, including budgeting, forecasting, and investment prioritization.
· Drive continuous optimization of cybersecurity investments while maintaining strong protection and scalability.
Risk Management, Compliance & Third-Party Security
· Oversee enterprise-wide cyber risk management strategy, including risk identification, prioritization, and mitigation aligned to business objectives.
· Drive risk mitigation strategies embedded within business and technology processes.
· Ensure implementation and ongoing enforcement of security controls across infrastructure, cloud environments, and applications.
· Provide executive oversight of third-party risk management programs, including vendor security reviews and contractual requirements.
· Set compliance strategy across applicable regulatory frameworks (e.g., NIST, ISO, SOX, PCI DSS), ensuring audit readiness and operational adherence.
· Act as the escalation point for high-impact cybersecurity risks, partnering with senior leadership on mitigation decisions.
Incident Response, Business Continuity & Disaster Recovery
· Oversee enterprise incident response capabilities, ensuring readiness, governance, and continuous improvement.
· Provide senior leadership during major cybersecurity incidents, coordinating across business and technology stakeholders.
· Drive executive-level post-incident reviews, including root cause analysis and long-term remediation strategies.
· Partner with Technology leadership to integrate cybersecurity into enterprise business continuity and disaster recovery planning.
· Ensure ongoing testing, validation, and improvement of resilience capabilities through simulations and exercises.
Security Operations, Architecture & Technology Enablement
· Provide strategic oversight of security operations, including SOC capabilities, monitoring, detection, and response maturity.
· Define and drive the cybersecurity technology roadmap, including evaluation and adoption of emerging solutions.
· Ensure alignment of cybersecurity architecture with enterprise infrastructure, cloud platforms, and application strategies.
· Establish and enforce security architecture standards across all environments, including network, endpoint, cloud, and data systems.
· Ensure implementation of data protection strategies, including encryption, DLP, and secure data handling practices.
· Direct the engineering, deployment, and lifecycle management of the enterprise security technology stack, including SIEM platforms, IDS/IPS, EDR/XDR, firewalls, VPNs, and vulnerability scanning and penetration testing tooling.
· Oversee the secure architecture and hardening of core infrastructure services — including DNS, DHCP, and identity and access management platforms such as LDAP and Active Directory — and enforce system hardening baselines such as CIS Controls, DISA STIGs, and USGCB.
· Drive the maturation of 24/7 SOC capabilities and the enterprise adoption of zero-trust architecture and AI-driven threat detection and response automation.
· Ensure secure configuration and protection across cloud platforms (AWS, Azure, and Google Cloud), IoT devices, and mobile endpoints.
AI Governance & Emerging Technology Risk
· Sponsor and set the strategic direction for the enterprise AI governance program for the secure and responsible adoption of artificial intelligence and machine learning across the organization, providing executive oversight of the supporting policies, standards, and acceptable-use guidelines.
· Provide executive oversight of AI and machine-learning security risk assessments, including model integrity, training-data protection, and defenses against prompt injection, model evasion, and data-poisoning attacks.
· Partner with Legal, Privacy, and business leadership to align AI adoption with regulatory expectations and emerging AI-specific frameworks (e.g., NIST AI RMF and ISO/IEC 42001).
· Govern the secure use of generative AI and AI-enabled security tooling, balancing innovation and productivity with data protection, intellectual-property safeguards, and risk reduction.
· Monitor the evolving AI threat landscape and direct the responsible integration of AI-driven automation into detection, response, and operational workflows.
Awareness, Cross-Functional Partnership & Reporting
· Deliver executive-level reporting on cybersecurity posture, risk trends, and program performance.
· Oversee enterprise-wide cybersecurity awareness and training programs, driving cultural adoption and measurable risk reduction.
· Serve as a strategic partner across Technology, Legal, HR, Compliance, and business functions to embed cybersecurity into operations.
· Influence major business and technology initiatives by integrating cybersecurity considerations early in planning and execution.
· Promote a culture of shared accountability for cybersecurity across the organization.
Other Duties
· Must be available to work regular business hours Pacific Standard Time.
· Must also be available to work on-call, evenings and weekends as needed.
· Performs other duties as required to support the business and evolving organization.
Required Qualifications:
· High school diploma or GED.
· Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a closely related field. Equivalent professional experience may be considered.
· Minimum of fifteen (15) years of progressive experience in cybersecurity, information security, or related technical fields.
· Minimum of seven (7) years of progressive leadership experience, including direct management of managers within a cybersecurity or technology function.
· Demonstrated experience leading enterprise-scale cybersecurity programs and influencing VP-level stakeholders.
· Proven experience balancing strategic planning with operational execution in a complex and evolving environment.
· Extensive experience securing IT infrastructure, managing vulnerability programs, and leading incident response.
· Experience implementing and managing security frameworks such as NIST CSF, ISO 27001, or CIS benchmarks.
· Strong knowledge of network security, cloud security platforms, and enterprise security operations tools (SIEM, IDS/IPS, EDR).
· Experience with identity management, system hardening, and emerging threat mitigation techniques.
· Familiarity with DevSecOps practices and secure software development lifecycle (SDLC).
Preferred Qualifications:
· CISM, CISSP, CEH, or comparable cybersecurity certifications.
· Experience in telecommunications, ISP, or highly regulated industries.
· Experience leading cybersecurity transformation initiatives in a high-growth or scaling organization.
· Experience presenting cybersecurity strategy or risk posture to executive leadership or board-level stakeholders.
Knowledge, Skills, and Abilities:
· Proven ability to lead large, complex organizations and enterprise-scale programs.
· Strong executive presence and ability to influence cross-functional stakeholders.
· Ability to establish and govern enterprise-wide security frameworks and standards.
· Advanced organizational, prioritization, and strategic planning skills.
· Ability to lead through ambiguity and drive alignment across competing priorities.
· Exceptional communication skills, including the ability to translate technical risks into business impact.
Work Authorization
Applicants must be currently authorized to work in the US for any employer. Sponsorship is not available for this position.
Physical Requirements
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Essential and marginal functions may require maintaining physical condition necessary for bending, stooping, sitting, walking, or standing for prolonged periods of time; most of time is spent sitting in a comfortable position with frequent opportunity to move about. The employee must occasionally lift and/or move up to 25 pounds. Specific vision abilities required by the job include close vision, distance vision, color vision, peripheral vision, depth perception, and the ability to adjust focus.
Work Environment
Work is performed in an office setting with exposure to computer screens and requires extensive use of a computer, keyboard, mouse, and multi-line telephone system. The work is primarily a modern office setting.
At all times, Ziply Fiber must be your primary employer. Unless otherwise prohibited by law, employees may not hold outside employment nor be self-employed without obtaining approval in writing from Ziply Fiber. In holding outside employment or self-employment, employees should ensure that participation does not conflict with responsibilities to Ziply Fiber or its business interests.
Diverse Workforce / EEO
Ziply Fiber is an equal opportunity employer. Ziply Fiber will consider all qualified candidates regardless of race, color, religion, national origin, gender, age, marital status, sexual orientation, veteran status, and the presence of a non-job-related handicap or disability or any other legally protected status.
Ziply Fiber requires a pre-employment background check as conditions of employment. Ziply Fiber may require a pre-employment drug screening.
Ziply Fiber is a drug free workplace.
Never miss an opportunity! Create an alert based on the job you applied for.