Stack Cybersecurity Jobs in Usa

"Candidates must be authorized to work in the United States without the need for current or future visa sponsorship."

Role Overview

We are seeking a highly motivated and experienced GRC Manager to lead and mature our cybersecurity governance, risk, and compliance program across a complex retail ecosystem supporting 60,000+ associates, thousands of brick-and-mortar stores, distribution centers, corporate offices, datacenters, and multi-cloud environments.

This role will play a critical part in supporting our ongoing divestiture and Transition Services Agreement (TSA) journey initially, helping establish independent governance structures while ensuring continued alignment with shared services and transitional operating models.

The GRC Manager will partner closely with internal stakeholders, legacy service providers, and Business Process Outsourcing (BPO) partners to ensure risk visibility, compliance assurance, and control ownership clarity across both transitional and steady-state environments.

The ideal candidate is both strategic and execution-oriented, capable of operating effectively in environments undergoing transformation while building scalable governance frameworks for the future state.

Key Responsibilities

Governance & Program Leadership

• Lead the enterprise cybersecurity governance framework aligned to NIST CSF / NIST 800-53 / ISO 27001.
• Support the design and maturation of governance structures as the organization transitions through TSA toward a standalone operating model.
• Own and maintain the cybersecurity policy, standards, and control framework lifecycle.
• Establish governance forums and reporting cadence with executive leadership.
• Drive maturity roadmap aligned to organizational risk appetite and separation milestones.
• Ensure governance processes are embedded across internal teams, TSA providers, and BPO partners.

Risk Management

• Manage the enterprise cyber risk program including risk identification, assessment, treatment, and reporting.
• Assess risks related to shared services, transitional architectures, and separation activities.
• Facilitate risk assessments across cloud, retail stores, supply chain, datacenters, and enterprise applications.
• Maintain enterprise risk register and track remediation progress across internal teams, TSA providers, and BPO partners.
• Partner with architecture and engineering teams to embed risk-based decision making during separation initiatives.

Compliance & Regulatory Oversight

• Lead compliance efforts across relevant frameworks including:
• PCI DSS
• SOX ITGC
• Privacy / Data Protection requirements
• State and federal regulatory obligations
• Support compliance activities during TSA including shared control environments and inherited controls.
• Coordinate internal and external audits and manage evidence collection.
• Ensure continuous compliance monitoring across environments including controls operated by TSA and BPO providers.
• Validate adherence to contractual security and compliance obligations.

Third Party & TSA Risk Management

• Oversee vendor risk assessments across SaaS, supply chain, TSA providers, and service partners.
• Serve as the primary GRC liaison for cybersecurity BPO providers and transitional service providers.
• Monitor vendor, TSA, and BPO risk posture, performance metrics, and remediation activities.
• Partner with procurement and legal on risk reviews and contractual security requirements.

BPO Governance & Oversight

• Establish governance cadence with BPO partners including operational reviews and risk forums.
• Define and monitor security KPIs/KRIs and SLAs tied to BPO services.
• Ensure clear accountability and control ownership between internal teams, TSA providers, and BPO.
• Support continuous improvement initiatives with BPO providers to enhance control maturity.

Metrics, Reporting & Executive Communication

• Develop and maintain cyber risk dashboards and KPIs/KRIs aligned to separation milestones.
• Provide regular reporting to executive leadership and governance councils.
• Translate technical risk into business impact for decision making.

Cross Functional Collaboration

• Partner with Security Operations, Engineering, Privacy, Legal, Internal Audit, and IT.
• Support secure transformation initiatives including cloud migration and retail technology modernization.
• Provide governance support for separation programs and new capability buildouts.
• Drive security awareness from a governance and risk perspective.

Required Qualifications

• Bachelor’s degree in Cybersecurity, Information Security, IT, Risk Management, or related field.
• 7–8 years of experience in cybersecurity, risk, compliance, or audit roles.
• Experience operating in a large enterprise environment with distributed infrastructure.
• Experience supporting transformational programs, divestitures, or large-scale operating model changes.
• Experience working with or overseeing BPO / managed service providers in a cybersecurity or IT risk capacity.
• Strong understanding of cybersecurity frameworks (NIST CSF, ISO 27001, COBIT).
• Experience supporting regulatory audits (PCI, SOX, privacy).
• Experience with risk management methodologies and control frameworks.
• Strong stakeholder management and communication skills.

Preferred Qualifications

• Experience in retail, logistics, or highly distributed environments.
• Experience supporting multi-cloud environments (AWS, Azure, GCP).
• Professional certifications such as:
• CISSP
• CISM
• CRISC
• CISA
• Experience with GRC platforms (ServiceNow GRC, Archer, OneTrust, Auditboard etc.).
• Experience working in TSA or shared services environments.

Leadership Competencies

• Strategic thinker with strong execution discipline
• Ability to operate effectively in ambiguous and evolving environments
• Strong analytical and problem-solving skills
• Executive presence and communication ability
• Collaborative and people-focused leadership style
• Strong vendor and partner management capability

Industrial / Nuclear-Regulated Environment | Confidential U.S. Megaproject

I'm seeking a Cybersecurity Subject Matter Expert to lead the end-to-end cybersecurity architecture for a next-generation, highly regulated facility.

This role will define, implement, and sustain cybersecurity across enterprise IT, industrial control systems (ICS), operational technology (OT), and digital instrumentation environments within a safety-critical setting.

This is not a support function. This is technical authority.

Key Responsibilities

Cybersecurity Architecture

• Define and maintain reference architecture across IT, OT, and ICS environments
• Lead network segmentation strategy including zones, conduits, and high-assurance data boundaries
• Develop system security requirements for plant systems and digital control infrastructure
• Ensure secure integration of vendor systems and EPC-delivered platforms

Monitoring & Incident Response

• Design and oversee SOC capabilities tailored to industrial environments
• Implement continuous monitoring across both enterprise and plant networks
• Develop incident response frameworks aligned with safety and regulatory requirements

Vulnerability & Risk Management

• Establish risk-based vulnerability and patch management strategies compatible with high-availability systems
• Conduct threat modeling for safety-critical environments
• Oversee security assessments and supply chain risk reviews

Compliance & Governance

• Lead alignment with federal cybersecurity frameworks and nuclear-grade regulatory requirements
• Develop and maintain cybersecurity plans, policies, and audit documentation
• Support regulatory inspections and long-term sustainment governance

What They’re Looking For

• Deep experience securing industrial control systems in regulated industries
• Strong understanding of ICS segmentation, secure architecture, and high-availability constraints
• Strong understanding of NIST cybersecurity frameworks & NRC/DOE standards and regulations
• Experience interfacing with engineering, I&C, EPC contractors, and regulatory stakeholders
• Background in nuclear, energy, utilities, or other safety-critical infrastructure strongly preferred

This is a rare opportunity to design cybersecurity architecture from the ground up for a mission-critical U.S. facility.

If this sounds like you and piques your interest, don't hesitate to apply to this job posting or reach out to me directly at and I'll be in touch promptly.

~ This person needs to be a US Citizen/GC Holder and able to acquire a Q Clearance ~

TOSHIBA AMERICA ENERGY SYSTEMS CORPORATION

Job Description

Job Title: Program Manager – New Steam Turbine Generator Controls

Business Unit: Thermal Services / New STG

Location: West Allis, WI (Hybrid / Travel as Required)

FLSA Status: Exempt

Manager Level: Individual Contributor

Reports To: Controls Director / Dotted Line to Director of New STG Projects

Job Summary

The Project Manager – Steam Turbine Generator Controls is responsible for planning, coordinating, and executing multiple concurrent, long-term controls projects in support of new Steam Turbine Generator installations. This role serves as the primary interface between customers, internal engineering teams, field services, suppliers, and Toshiba Japan, ensuring projects are delivered safely, on schedule, within scope, and in compliance with contractual, regulatory, and cybersecurity requirements.

In addition to project execution, this role is responsible for coordinating and supporting New Unit customer training and capability development related to turbine and generator control systems.

Project Management & Execution

• Manage multiple concurrent, long-duration Steam Turbine Generator controls projects from contract award through commissioning and closeout.
• Develop and maintain integrated project execution plans, schedules, and risk registers across multiple projects.
• Coordinate internal resources across Controls Engineering, Field Services, Commercial, Supply Chain, and Quality.
• Track project milestones, deliverables, and financial performance; identify and mitigate execution risks.
• Lead scope, schedule, and cost change management activities with customers and internal stakeholders.
• Own end-to-end commercial execution for controls projects, including procurement strategy, vendor quotation management, billing milestones, invoicing coordination, and financial closeout.

Controls & Cybersecurity Awareness

• Maintain working knowledge of turbine and generator control and protection systems.
• Ensure compliance with applicable cybersecurity requirements and customer cyber policies.
• Coordinate cybersecurity reviews, documentation, and testing activities with subject matter experts.
• Support audits, inspections, and regulatory reviews related to controls and cybersecurity compliance.
• Demonstrated working knowledge of industrial control system (ICS) architectures, including SCADA, PLCs, HMIs, servers/workstations, and associated networking and cybersecurity components (e.g., switches, firewalls, virtualization, authentication, and remote access technologies).
• Experience with RADIUS, edge protection, pattern recognition a plus.

Customer Communication & Stakeholder Management

• Serve as frontline customer point of contact for controls project execution.
• Lead project status meetings, technical reviews, and executive communications.
• Prepare and deliver clear project reports, schedules, and presentations.
• Manage customer expectations and resolve issues in a professional and timely manner.
• Produce cost estimates and proposals for additional project opportunities

New Unit Customer Training & Development

• Coordinate New Unit customer training programs related to turbine and generator control systems.
• Define training scope, schedules, and deliverables aligned with project milestones.
• Ensure completion of training materials and system familiarization prior to commissioning.
• Support factory, classroom, and site-based customer training activities.
• Define and lead a training portfolio modernization roadmap focused on reducing delivery cost and internal labor while enhancing scalability and customer experience.

Compliance, Quality & Safety

• Ensure adherence to Toshiba policies, contractual requirements, and regulatory standards.
• Promote safety culture and compliance with EHS requirements.
• Support quality reviews, lessons learned, and continuous improvement initiatives.

Required Qualifications

• Bachelor's degree in Engineering, Project Management, or a related technical discipline.
• 5–10 years of project management experience, preferably in controls or power generation.
• Demonstrated ability to manage multiple concurrent, long-term projects.
• Strong communication, organization, and stakeholder management skills.
• Proficiency with Microsoft Office and project management tools.

Preferred Qualifications

• Experience supporting new equipment installations in OEM or EPC environments.
• Familiarity with industrial cybersecurity requirements.
• Experience with installation or operation of server, PC, and networking infrastructure within NERC CIP regulatory framework, or grid power generation a plus.
• Experience coordinating customer training and operational readiness activities.
• PMP or equivalent certification.

Travel Requirements

• Travel up to 20–30% to support customer meetings, factory testing, training, and site execution.

Working Conditions

• Combination of office, factory, and field environments.
• Ability to manage competing priorities across multiple long-term projects.

The Governance, Risk, and Compliance (GRC) Analyst is responsible for internal controls as well as the RouteOne Comprehensive Information Security Program. This program is designed to protect company information, data and facilities; maintain the security of assets; and to ensure the efficacy of, and compliance with internal controls. The overall goal is to design, develop, implement, and maintain compliance to a comprehensive information security program that is appropriate to the sensitivity of the information and data that is scoped adequately for the size, complexity, nature, and risk of RouteOne’s business activities. The ideal candidate will have the skill to communicate the details of this program, in writing and speaking, to management, external auditors and customers, regardless of their technical or non-technical backgrounds.

Job Requirements

• Execute and manage internal audits.
• Collect and maintain audit evidence for annual SOC (Service Organizations Controls) and GLBA audits derived from results of internal audits, including documentation of deviations.
• Participate in audits of RouteOne’s vendors and perform subsequent remediation tracking to closure.
• Respond to audits from finance sources and other customers including participating and leading in-person or virtual audit sessions, answering detailed questionnaires, and gathering and providing evidence as well as managing remediation of findings from these audits.
• Respond to due diligence requests from finance sources and other customers, providing documentation such as SOC reports, security reports, and other evidence.
• Design new controls and subsequent documentation updates to policies and procedures to close audit findings. Review reports generated from various monitoring and scanning tools and escalate to the Cybersecurity Team appropriately.
• Collect data, produce reports, and analyze metrics from audits conducted to evaluate compliance, and collaborate with internal IT Teams to improve existing cybersecurity measures.
• Contribute to certain functions within the information security framework that ensure confidentiality, integrity, and availability of information assets by protecting against unauthorized use, disclosure, modification, or loss.
• Assist with informing and educating staff about information security, compliance, risks, and governance including assisting in phishing prevention campaigns and monitoring employee training compliance.
• Assist in monitoring, administering, and enforcing security policies/procedures.
• Review existing documentation of IT controls, business processes, policies, procedures, and management reports for compliance, effectiveness, and sustainability.
• Manage remediation plans/corrective actions for any vulnerabilities or compliance failures reported in audits.
• Perform gap analysis to assess compliance with evolving regulatory requirements and duties such as NIST, PCI-DSS, GLBA, CSA, FCRA, Privacy Laws, and other frameworks as needed.
• Maintain safety, security, and privacy standards throughout all areas of responsibility.
• Assist in annual Risk Assessments and Business Impact Analysis reviews with management.
• Assist in annual Business Continuity Exercises and Security Incident Response tabletop exercises
• Participate in Scope Lock meetings for compliance and risk evaluation for proposed code and feature changes to application.
• Provide input to other teams for current audit, compliance, governance, and risk mitigation requirements of proposed actions and/or purchases.

Knowledge

• Experience reviewing and/or drafting policies and procedures across the enterprise.
• Experience in Audit, Compliance, Governance, Risk, or equivalent Information Security area with technically complex and diverse audits/projects.
• Demonstrated experience applying knowledge of internal control standards, objectives, and techniques unique to computer processing in a multiple platform environment.
• Solid knowledge of current industry information security, compliance and governance principles, controls and practices.
• Knowledge of various compliance frameworks and industry best practices (e.g., PCI, GDPR, ISO 27001).
• Understanding of security protocols and standards. (NIST, SOC, GLBA, OWASP Top 10).
• Experience in reporting analysis of potential cybersecurity threats, emerging practices, and technologies to both technical and non-technical audiences.
• Understanding of auto finance industry is a plus.
• Knowledge of cloud, SaaS (Software as a Service), AI, and shared security model responsibilities.
• Demonstrated experience of successful customer and vendor relationship management, including conflict resolution, preferred.

Skills

• Proficient in Microsoft Office products, including, but not limited to, Word, PowerPoint, SharePoint, Excel, Outlook, Teams, and Visio. Experience with Microsoft Defender is a plus.
• Experience with Atlassian products such as Confluence and Jira, or ticketing systems such as Salesforce or ServiceNow.
• Knowledge of security intrusion prevention tools used to record, track, and examine intrusions to find ways to prevent future incidents.
• Experience working within various compliance programs (e.g., SOC, GLBA, NIST, ISO, etc.).

Abilities

• Ability to work both independently and in a team environment to establish priorities and execute subsequent plans successfully.
• Ability to use relevant information and individual judgment to determine whether events or processes comply with laws, regulations, or standards.
• The ability to communicate information and ideas, both verbally and in writing, so others will understand risks and proposed solutions.
• Ability to thrive in dynamic, fast-paced software development environment. Knowledge of Agile Development is a plus.
• Strong analytical, problem-solving, communication, and technical skills.
• Proactive, detail-oriented professional eager to grow in responsibility.
• Flexibility to adjust to changing priorities and simultaneously work on high visibility projects to assure completion.
• Adaptability to respond to security issues arising from new cybersecurity threats and emerging tools and technologies.
• Ability to take a practical business-focused approach to security, compliance, risk, audit, and governance protocols.
• Proven organizational and time management ability.
• Willingness to be a continual learner in the governance best practices within the cybersecurity landscape.

Other Essential Requirements

• 2+ years of professional experience.
• Bachelor's degree from an accredited university.
• Cybersecurity, compliance, risk, governance, and auditing experience.
• Ability to travel up to 10% of the time.
• Certifications through ISACA, CompTIA, SANS, GIAC or other professional certifying bodies a plus.

We’re seeking a Senior SAP Technical Analyst to own the architecture, stability, performance, and security of our global SAP landscape. In this role, you’ll lead SAP Basis, integration, and security operations across S/4HANA, ECC, HANA, middleware platforms, and cloud environments—partnering closely with internal IT teams and external service providers to ensure our SAP ecosystem runs with enterprise?grade reliability.

• Manage SAP NetWeaver ABAP/Java stacks, S/4HANA, ECC, and HANA database environments
• Perform kernel upgrades, support pack/Enhancement Pack installs, system & client copies, and landscape refreshes
• Configure and support SAP Fiori, Gateway, SAP Router, and Web Dispatcher
• Optimize system performance (memory, ICM, RFC, buffers, work processes)
• Maintain SAP Solution Manager (ChaRM, EWA, Monitoring)

• Architect and support integrations across SAP?SAP and SAP?non?SAP systems
• Configure and maintain PI/PO, CPI, and interface technologies (IDoc, RFC, BAPI, SOAP/REST/OData)
• Monitor interface queues, troubleshoot failures, and enforce integration governance

• Implement application security hardening, apply Security Notes, and validate SI partner security work
• Manage SAP GRC Access Control, SoD analysis, role redesign, and compliance activities
• Support SOX and corporate cybersecurity initiatives

• Design multi?tier SAP landscapes across DEV/QA/PROD
• Plan and execute HA/DR strategies and system capacity planning
• Partner with infrastructure teams on OS, storage, network, virtualization, and cloud (Azure/AWS/GCP or RISE)
• Ensure connectivity, firewalls, load balancers, and routing align with SAP operational needs

• Lead operational monitoring and major incident response for SAP systems
• Maintain runbooks, architecture diagrams, and technical documentation
• Conduct regular DR tests and maintain business continuity readiness

• Automate SAP operations using Python, PowerShell, Ansible, or similar
• Support modernization initiatives (cloud migration, S/4HANA, interface modernization)
• Evaluate new SAP technologies and recommend improvements

• 7+ years of SAP Basis experience in large, global SAP environments
• Hands-on experience with SAP S/4HANA, ECC, HANA DB, NetWeaver, and Fiori/Gateway
• Strong background in PI/PO, CPI, IDocs, APIs, and middleware
• Experience with SAP security, GRC, role design, and compliance frameworks
• Proven capability in HA/DR planning, execution, and system performance optimization
• Experience collaborating with onsite/offshore SI partners
• Solid understanding of Linux (SUSE/RHEL), Windows Server, VMware, networks, firewalls, and cloud platforms (Azure/AWS/GCP)
• Familiarity with monitoring tools like Solution Manager, Focused Run, Dynatrace, Splunk

• Own technical leadership in a mission?critical global SAP environment
• Influence modernization initiatives and future?state SAP architecture
• Collaborate with high?performing IT, infrastructure, and business teams
• Competitive compensation and opportunities for growth

Apply today and help shape the future of our global SAP ecosystem.

ABOUT ETHIKA:

Ethika is a leading lifestyle brand based in Lake Forest, CA. Since the inception of the brand, Ethika and its team have been determined to live life, innovate, and deliver quality products, while staying true to our biggest asset – our FAMILIE. The Ethika employees, friends, athletes, artists and customers are the core of the brand and the reason we exist.

POSITION SUMMARY:

The Vice President of Technology is responsible for overseeing Ethika’s day-to-day technology operations, digital platforms, infrastructure, and development initiatives. This role focuses on execution, system reliability, scalability, and continuous improvement of the company’s ecommerce and internal technology ecosystem.

The VP of Technology will lead the engineering and development teams, ensure stability across web and cloud environments, manage third-party integrations, and drive efficiency across digital systems that support revenue growth and operational performance. This individual reports directly to the CEO and works cross-functionally with Ecommerce, Operations, Finance, and Marketing teams.

RESPONSIBILITIES:

• Oversee daily technology operations, ensuring uptime, performance, and system stability
• Manage and mentor the internal development and infrastructure teams
• Drive execution of website enhancements, feature rollouts, and system upgrades
• Maintain and optimize ecommerce platform performance, speed, and scalability
• Oversee server, cloud, and hosting environments to ensure security and reliability
• Manage third-party integrations, APIs, and data flows between systems
• Partner with ecommerce and operations teams to implement technical solutions that improve efficiency and customer experience
• Establish development timelines, prioritize projects, and ensure on-time delivery
• Monitor site analytics, performance metrics, and system logs to proactively resolve issues
• Ensure compliance with data privacy, accessibility, and cybersecurity standards
• Assist in evaluating and implementing new technologies to support company growth
• Manage technology-related vendor relationships and contracts

QUALIFICATIONS:

We utilize the following in our tech stack. The ideal candidate will have strong hands-on experience in:

• PHP
• MongoDB
• Vue & Vite
• Git/GitHub
• AWS / Cloud Infrastructure
• API integrations and system architecture

EXPERIENCE:

• Front-end development: 8+ years (Required)

• Back-end development: 8+ years (Required)

• Experience leading engineering or development teams: 5+ years (Required)

• Experience supporting ecommerce platforms and high-traffic websites (Required)

COMPENSATION:

Salary Range: $150,000-$170,000

**This position is a full-time and on-site. Applicants must be able to commute to Greensboro, NC daily - no remote opportunity is available.**

Position Overview

Schiffman’s Jewelers is seeking a strategic, hands-on Director of Information Technology to lead and modernize our technology infrastructure across all 10 retail stores and corporate operations. This role is responsible for aligning technology with business objectives, ensuring operational excellence, safeguarding company data, and enhancing the customer experience in a luxury retail environment.

The Director of IT will oversee all IT operations, cybersecurity, systems integration, POS infrastructure, vendor management, and digital initiatives. This leader will serve as a trusted advisor to the COO and play a key role in supporting growth, innovation, and operational efficiency.

Regular travel to CA, KY, NC, SC, and VA is required. This is a highly hands-on role supporting a team of 160 employees, and the ideal candidate will bring a strong passion for delivering exceptional customer service and creating outstanding experiences.

Key Responsibilities

Strategic Leadership

• Develop and execute a comprehensive IT strategy aligned with Schiffman’s growth goals.
• Serve as a member of the leadership team, advising on technology investments and digital innovation.
• Identify opportunities to improve operational efficiency through technology.

Infrastructure & Systems Management

• Oversee all IT systems including POS, accounting, CRM, and inventory management.
• Ensure reliability, uptime, and performance across multiple retail locations.
• Manage cloud services, network infrastructure, servers, and telecommunications systems.
• Lead system upgrades, migrations, and integrations.
• Manage internal hardware program.

Cybersecurity & Risk Management

• Establish and enforce cybersecurity protocols and data protection policies.
• Ensure PCI compliance and retail security best practices.
• Manage backup, disaster recovery, and business continuity planning.
• Monitor and mitigate cybersecurity threats.

Vendor & Budget Management

• Manage relationships with IT vendors, software providers, and service partners.
• Negotiate contracts and control IT spending.
• Develop and manage the IT budget.

Leadership & Support

• Lead external support partners.
• Ensure timely support for store and corporate users.
• Establish IT policies, documentation, and training programs.

Qualifications

• Bachelor’s degree in Information Technology, Computer Science, or related field (Master’s preferred).
• 8–10+ years of progressive IT leadership experience.
• Experience in retail, luxury retail, or multi-location operations strongly preferred.
• Strong knowledge of POS and CRM systems. LightSpeed and Salesforce/Proximity are a plus.
• Deep understanding of cybersecurity, PCI compliance, and data protection.
• Experience managing cloud environments (Microsoft 365, Azure, AWS, etc.).
• Proven ability to manage vendors and IT budgets.
• Strong leadership, communication, and project management skills.

Key Competencies

• Strategic thinker with operational execution skills
• High attention to detail and security awareness
• Customer-experience mindset
• Calm under pressure and solution-oriented
• Ability to provide honest feedback when needed.

We are seeking a skilled and motivated Data Privacy & Cybersecurity Attorney to join an industry-leading team advising private and public companies of all sizes across a variety of industries, including artificial intelligence and machine learning, cloud computing, software, and fintech. This high-impact role offers the opportunity to engage directly with clients, lead significant matters, and work across a broad range of privacy, data, and cybersecurity issues in both transactional and advisory contexts. The salary wage range for this job posting is $250,000 to $435,000.

Responsibilities:

• Advise clients on cyber, data, and privacy compliance across a full range of matters, including CCPA/CPRA, GDPR, HIPAA, CIPA, and other applicable state and federal privacy laws
• Counsel on privacy, data processing, and cybersecurity matters in connection with corporate and technology transactions, including mergers and acquisitions, public offerings, and other commercial and strategic transactions
• Draft and negotiate data processing agreements, privacy schedules, and related commercial agreements
• Conduct information security and privacy due diligence for corporate transactions
• Advise on data breach response, incident response planning, and related regulatory obligations
• Monitor and advise on emerging AI laws, regulatory standards, and enforcement trends
• Support or lead matters involving litigation and/or regulatory enforcement relating to data privacy and cybersecurity

Qualifications Required:

• J.D. from an ABA-accredited, nationally recognized law school with excellent academic credentials
• 4+ years of experience advising clients on data privacy, cybersecurity, and related compliance matters, in a private law firm or in-house setting
• Active member in good standing with the California State Bar
• Expertise in CCPA/CPRA, GDPR, HIPAA, CIPA, and other state and federal privacy frameworks
• Experience with transactional work, including mergers and acquisitions, capital markets, or technology transactions
• Excellent legal writing, drafting, negotiation, and analytical skills
• Strong verbal, written, and interpersonal communication skills with both legal and technical stakeholders

Preferred:

• CIPP certification
• Experience with regulatory policy, enforcement matters, and/or data privacy litigation
• Familiarity with emerging AI regulatory frameworks
• Experience in technology industries

Interested candidates should apply with their resumes. If you are a potential fit, we will schedule a confidential conversation.

Company Description

Mark Cuban Cost Plus Drug Company, PBC, is committed to transforming the pharmaceutical industry by offering medicines at fixed, transparent profit margins, making them affordable for patients underserved by current market and regulatory systems. Our mission is to mitigate unnecessary drug shortages in the United States and improve access to essential medications. By reshaping the way medicines are produced and sold, we strive to deliver cost-effective solutions directly to consumers. Join us in our mission to make healthcare more accessible and equitable for all.

Role Description

The Chief Information Security Officer (CISO) is responsible for establishing, leading, and executing the enterprise-wide information security strategy to protect MCCPDC’s digital assets, AI driven technology platforms, data systems, and regulated operations. The CISO will build and oversee a comprehensive cybersecurity program aligned with industry best practices, FDA expectations, and organizational risk tolerance. This executive leader will partner with Technology, Quality, Regulatory, Operations, and Legal to maintain a secure, resilient, and compliant environment.

Qualifications

Strategic Leadership

• Develop and execute the enterprise cybersecurity strategy with an integrated trust management platform • Establish information security governance, policies, and risk frameworks (US Data Privacy, HIPAA, SOC 2). • Create governance frameworks for secure management of AI/ML

• Report security posture, risks, and incidents to the CEO and Board.

Cybersecurity Operations

• Oversee security monitoring, threat intelligence, and incident response

• Manage vulnerability management, penetration testing, and remediation activities.

• Lead digital risk assessments for critical systems (ERP, QMS, LIMS, 503B systems, distribution platforms).

Regulatory & Compliance

• Ensure alignment with FDA, HIPAA, NIST, SOC-2 where applicable.

• Partner with Quality & Regulatory to safeguard data integrity in GMP-regulated systems.

Risk & Governance

• Own enterprise risk management for technology/cybersecurity.

• Conduct annual and ongoing security risk assessments.

• Oversee business continuity/disaster recovery planning and execution for cybersecurity incidents.

Vendor Oversight

• Utilize our trust management platform for third-party security, vendor assessments, external audits, policy management, and automation

The Senior Manager, Cyber Security is responsible for the daily execution and continuous improvement of cybersecurity across a decentralized, multi-business unit enterprise.

This is a highly hands-on role. The Senior Manager will directly oversee security monitoring, incident response, vulnerability management, and control enforcement while leading a small security team. This role is not purely strategic. The right candidate must be technically strong, comfortable reviewing alerts, validating configurations, assessing logs, and stepping into incidents when needed.

The environment requires operational stability today, with steady program strengthening over time. This role balances execution, discipline, and practical risk reduction.

Key Responsibilities

Daily Security Operations

• Oversee and actively participate in security monitoring, alert triage, and incident response.
• Review high-risk alerts and guide investigation and remediation efforts.
• Ensure timely patching and vulnerability remediation.
• Validate security configurations across endpoints, identity platforms, and network layers.
• Maintain visibility into threat landscape and emerging risks.

Vulnerability & Risk Management

• Own vulnerability scanning, prioritization, and remediation tracking.
• Conduct risk assessments across business units and document findings.
• Work directly with infrastructure and applications teams to resolve identified gaps.
• Track and report measurable risk reduction progress.

Security Architecture & Controls

• Support implementation of Zero Trust principles across identity, device, network, and application layers.
• Review access controls, MFA enforcement, and privileged account management.
• Provide hands-on review of new systems and integrations to ensure security alignment.
• Reduce technical debt related to legacy security controls.

Governance & Compliance

• Maintain and enforce cybersecurity policies and standards aligned with recognized frameworks such as NIST, ISO, SOX, and CMMC.
• Prepare documentation and evidence for audits.
• Ensure repeatable processes exist for access reviews, change tracking, and control validation.

Team Leadership

• Lead and develop a small cybersecurity team.
• Set clear operational expectations and accountability standards.
• Provide technical mentorship and direct oversight of daily work.
• Serve as escalation point for complex or sensitive incidents.

Vendor & Tool Management

• Oversee MSSPs and third-party security providers.
• Evaluate and recommend improvements to tooling and controls.
• Ensure vendors meet service expectations and response times.

Role Profile

This role is:

• Operational and execution focused
• Technically hands-on
• Accountable for daily cybersecurity performance
• Responsible for strengthening controls over time
• Senior enough to influence IT and business leadership

Qualifications

• 7–12+ years of cybersecurity experience
• Experience leading security operations in a mid-size or multi-entity environment
• Strong hands-on experience with SIEM, endpoint detection and response, vulnerability management platforms, identity security tools, and access control systems
• Working knowledge of Zero Trust concepts and practical implementation
• Familiarity with security frameworks such as NIST CSF, ISO 27001, SOX, or CMMC
• Experience managing detection, response, and remediation processes
• Ability to communicate clearly with both technical teams and business stakeholders
• Bachelor’s degree in Information Security, Computer Science, or related field required
• Certifications such as CISSP, CISM, Security+, or similar preferred