Cyber Security Director

Director, Cyber Security

Location: Sugar Land, TX (Onsite)
Reports To: VP of IT

Important: This role is fully onsite in Sugar Land, TX. The company is not offering visa sponsorship and will not accept third-party or agency resumes.

Position Overview

We are seeking a Director of Cyber Security to lead and operationalize cybersecurity across a diverse, decentralized enterprise environment. This is a hands-on leadership role suited for an experienced cybersecurity professional with a strong background in building and maturing enterprise security programs.

Reporting to the VP of IT, this leader will be responsible for establishing and scaling a modern cybersecurity program across multiple business units. The Director will drive initiatives spanning governance, policy development, risk management, security operations, and regulatory compliance while guiding the organization toward a Zero Trust security architecture.

The ideal candidate brings a pragmatic, business-aligned approach to cybersecurity, with the ability to collaborate across technical and business stakeholders while strengthening the company s overall security posture.

Key Responsibilities

Cybersecurity Program Development & Execution

• Build and operationalize a comprehensive cybersecurity program across a multi-business-unit enterprise with varying levels of technology maturity.
• Establish governance structures, policies, and security controls to create consistency and visibility across the organization.
• Develop and execute a strategic cybersecurity roadmap addressing short-, mid-, and long-term initiatives related to people, process, and technology.
• Evaluate existing cybersecurity documentation and previously conducted security assessments to refine and implement the enterprise security roadmap.
• Lead the organization s transition toward a Zero Trust security framework.

Security Operations & Risk Management

• Oversee cybersecurity operations including threat detection, incident response, vulnerability management, and security monitoring.
• Implement risk management practices aligned with industry frameworks such as NIST CSF, ISO 27001, and CMMC.
• Ensure appropriate controls, policies, and processes are in place to mitigate cybersecurity risk across business units.
• Partner with IT leadership and business stakeholders to strengthen enterprise security posture.

Leadership & Stakeholder Communication

• Serve as the enterprise cybersecurity leader, aligning security initiatives with broader business and IT strategy.
• Communicate cybersecurity risk, strategy, and program updates to executive leadership and the board of directors.
• Lead incident response efforts and guide cross-functional teams during security events.
• Collaborate across decentralized business units to promote security awareness, governance, and accountability.

Transition & Continuity Planning

• Lead the transition of cybersecurity leadership responsibilities upon hire as the current director exits the role.
• Work alongside an existing contractor who will provide continuity and operational support during the leadership transition.
• Ensure cybersecurity coverage and operational stability throughout the transition period.

Qualifications

• 8 12+ years of cybersecurity experience, including 3 5+ years leading enterprise security programs in mid-to-large organizations.
• Demonstrated success building or significantly maturing cybersecurity functions, ideally within decentralized or multi-entity enterprises.
• Strong understanding of Zero Trust architecture and experience implementing modern security frameworks within both legacy and modern environments.
• Experience managing security operations including incident response, threat monitoring, and vulnerability management.
• Familiarity with leading cybersecurity platforms such as:
• Tenable
• LogRhythm
• SentinelOne
• Microsoft Defender
• Abnormal Security
• Varonis
• Working knowledge of security frameworks including NIST CSF, ISO 27001, and CMMC.
• Proven ability to communicate complex cybersecurity topics to executive leadership and board-level stakeholders.
• Experience in industries with complex risk environments such as construction, infrastructure, or oil & gas is highly desirable.
• Bachelor s degree in Information Security, Computer Science, or related field required; advanced degree or MBA a plus.
• Industry certifications such as CISSP, CISM, or similar are strongly preferred.

Additional Information

The organization currently has operational security tools and systems in place; however, the overall cybersecurity platform requires further maturity. A previous cybersecurity assessment produced a roadmap that now requires evaluation, refinement, and execution. The incoming Director will play a critical role in designing and implementing the next phase of the enterprise cybersecurity strategy.

CIMA Consulting Group, LLC is an Equal Opportunity Employer