REPKON USA
Tampa, Florida, United States
(on-site)
Posted
1 day ago
Job Function
Other
Description
Director of Cybersecurity and ComplianceREPKON USA is seeking an accomplished Director of Cybersecurity and Compliance to provide strategic vision and operational leadership for the company's enterprise cybersecurity program. This executive role is critical to ensuring the protection of our hybrid IT environment, safeguarding Controlled Unclassified Information (CUI), and maintaining compliance with NIST SP 800-171 R2, CMMC Level 2, and DFARS requirements.
The CISO will own company-wide information security, risk management, and governance, while also building and managing a modern security program leveraging both Microsoft 365 GCC High security solutions (Intune, Sentinel, Defender XDR, Purview) and traditional on-premises security infrastructure (firewalls, network segmentation, vulnerability management).
What You'll Own
- Report directly to the CIO and assume Ownership of enterprise-wide information security strategy, risk management, and governance.
- Design and maintain a security architecture that integrates cloud (M365/Azure) and on-prem environments.
- Maintain and evolve compliance programs for NIST 800-171, CMMC Level 2, DFARS, and internal SOC 2 controls.
- Lead access control, identity lifecycle management, provisioning, and deprovisioning across all systems.
- Serve as the executive escalation point for incidents, breaches, and emergency responses (e.g., compromised accounts, ransomware, lost devices).
- Build, enforce, and maintain internal security policies, incident response plans, and training programs.
- Partner cross-functionally with Engineering, Operations, Compliance, Legal, and external vendors to ensure secure-by-design principles.
- Lead security audits, penetration tests, vulnerability assessments, and remediation programs.
- Oversee and optimize the company's SOC/SIEM operations, including detection, response, and automation.
- Evaluate, implement, and manage tools for endpoint protection, identity & access management, and network/cloud security.
- Provide regular executive-level reporting on risk posture, incident metrics, and compliance status.
Responsibilities
- Information Security Strategy: Define and execute a multi-year security roadmap aligned with business and compliance objectives.
- Risk Management: Identify, prioritize, and mitigate risks across IT, cloud, and OT systems.
- Security Architecture & Technology: Ensure resilience, scalability, and compliance in design of networks, firewalls, and cloud workloads.
- Security Operations: Oversee the SOC, manage SIEM (Sentinel) rules, threat intelligence, and incident response workflows.
- Compliance & Governance: Own SSPs, POA&Ms, and audit evidence repositories. Serve as primary liaison during DoD, customer, and third-party security assessments.
- Incident Response & Forensics: Direct investigations, coordinate responses, and lead recovery from incidents.
- Third-Party Risk: Assess vendors and supply-chain security in line with DFARS and CMMC requirements.
- Training & Awareness: Establish enterprise-wide security awareness and phishing-resistance programs.
- Leadership: Build and mentor a high-performing security organization, instilling a culture of accountability and continuous improvement.
Qualifications
- Bachelor's degree in information technology, Cybersecurity, Computer Science, or related field.
- 12+ years of progressive IT and cybersecurity leadership experience, with at least 5+ years at the senior executive or CISO level.
- Deep, hands-on expertise in the Microsoft 365 GCC High ecosystem:
- Microsoft Sentinel (SIEM/SOAR)
- Microsoft Defender XDR (Endpoint, Identity, Office 365, Cloud Apps)
- Microsoft Intune (Endpoint management, compliance Baseline)
- Microsoft Purview (DLP, sensitivity labels, insider risk)
- Proven expertise with firewalls, VPNs, IDS/IPS, on-premises network security, and endpoint security.
- Demonstrated success leading security programs in a DoD contractor environment with compliance to NIST SP 800-171 and CMMC Level 2.
- Strong incident response, forensic investigation, and disaster recovery planning skills.
- Exceptional communication and stakeholder management, with ability to brief executives, board members, auditors, and regulators.
Preferred
- Industry certifications such as CISSP, CISM
- Experience managing global security operations.
- Experience with GCC High or ITAR-regulated environments.
Other Requirements:
- Travel: 10% Willingness to travel as required.
- Work Environment: Office work environment.
- Background Investigation / Drug Screen / US person: Required.
REPKON USA is an Equal Opportunity Employer, placing value on a diverse and inclusive environment. All hiring decisions are based exclusively on merit, qualifications, and business needs.
PI279068488
Job ID: 80823885