Director of Cyber Security
Duration: Full-Time
Location: Texas-Remote
About BigRio
BigRio is a Digital Transformation consulting firm headquartered in Boston, MA, specializing in data and analytics, custom development, software implementation, data analytics, and machine learning/AI integrations. As a one-stop shop, we deliver cutting-edge and cost-conscious software solutions to clients across various industries.
With diverse industry exposure, our teams of data architects, engineers, developers, and consultants tackle complex software and data challenges, delivering best-in-class solutions.
Job Overview
We are seeking a strategic, hands-on Director of Cyber Security to lead and manage enterprise-wide cybersecurity initiatives. This role is responsible for developing and executing a comprehensive certification roadmap aligned with leading industry standards such as SOC 2, ISO 27001, HITRUST, NIST, and FedRAMP.
The Director will play a critical role in strengthening and evolving the organization’s overall security posture. The ideal candidate brings deep expertise in cybersecurity governance, risk management, audit compliance, and policy development. You will collaborate closely with infrastructure, engineering, legal, and compliance teams to protect organizational assets and ensure certification requirements are successfully met.
Key Responsibilities
Security Certification Strategy & Execution
• Lead the strategy and implementation roadmap for achieving and maintaining security certifications (SOC 2, ISO 27001, HITRUST, NIST 800-53, FedRAMP, etc.).
• Serve as the primary liaison for external auditors and certification bodies.
• Develop, implement, and maintain documentation, policies, and procedures to support compliance initiatives.
Governance, Risk & Compliance (GRC)
• Establish and manage a robust enterprise-wide cybersecurity governance program.
• Conduct risk assessments and oversee third-party vendor security evaluations.
• Ensure compliance with regulatory requirements (HIPAA, GDPR, CCPA, etc.).
Enterprise Security Operations
• Oversee implementation of cybersecurity controls including network security, endpoint protection, identity and access management (IAM), and data loss prevention (DLP).
• Lead incident response planning, testing, and execution.
• Monitor emerging threats and drive organization-wide security awareness initiatives.
Leadership & Collaboration
• Build and lead a high-performing cybersecurity team focused on compliance and operational excellence.
• Collaborate with engineering, DevOps, and IT teams to embed security into all phases of system development and infrastructure.
• Present security metrics, risks, and program updates to executive leadership and board members.
Audit Readiness & Continuous Improvement
• Conduct internal audits and gap assessments in preparation for formal certification reviews.
• Manage vendor security assessments and ensure compliance with contractual obligations.
• Drive automation initiatives to streamline certification tracking and security reporting.
Qualifications
• 10+ years of experience in cybersecurity or information security leadership roles.
• Proven experience leading organizations through formal security certifications (SOC 2, ISO 27001, HITRUST).
• Strong understanding of cybersecurity frameworks (NIST, ISO, CIS) and regulatory compliance (HIPAA, GDPR, FedRAMP).
• Hands-on experience with security technologies (SIEM, IAM, DLP, vulnerability management tools).
• Excellent leadership, communication, and stakeholder management skills.
Preferred Qualifications
• Industry certifications such as CISSP, CISM, CISA, CRISC, or PMP.
• Experience in healthcare, government, or other highly regulated industries.
• Familiarity with DevSecOps practices and cloud security (AWS, Azure, GCP).
• Background in security architecture or engineering is a plus.