WTW
Description
The Cyber Security Strategy Director is a strategic leadership role responsible for enabling the CISO and Cybersecurity Leadership Team to operate at peak efficiency. This role will act as a trusted advisor, program manager, and operational leader—ensuring the smooth execution of cybersecurity strategy, board engagement, regulatory and audit readiness, and enterprise-wide security initiatives. The position requires exceptional organizational acumen, deep understanding of cybersecurity principles, financial planning and forecasting, and strong stakeholder management skills across executive, technical, and operational audiences.
The Responsibilities
Board & Executive Engagement
Lead preparation of Board and Executive Committee materials, ensuring clear, concise, and actionable cybersecurity reporting. Partner with the CISO to develop strategic narratives for board updates, including threat landscape insights, program performance, and risk posture. Coordinate follow-up actions and communications stemming from Board and senior leadership meetings. Audit & Compliance Oversight
Oversee internal and external cyber audit processes, ensuring timely responses, evidence collection, and remediation tracking. Act as the primary liaison with internal audit, external auditors, and regulatory bodies for cybersecurity matters. Maintain readiness for regulatory examinations and attestations (e.g., SOX, NYDFS, DORA, PCI DSS). Cybersecurity Strategy & Program Management
Partner with the CISO to design, refine, and execute the organization’s cybersecurity strategy, ensuring alignment with business priorities and risk tolerance. Drive strategic initiatives, cross-functional projects, and security transformation programs to successful completion. Monitor industry trends, threat intelligence, and regulatory changes to inform strategic decisions. Metrics, Reporting & Performance Management
Develop, maintain, and communicate meaningful cybersecurity metrics and key performance indicators (KPIs) to measure program effectiveness. Oversee creation of executive dashboards and data visualizations for senior leadership and Board reporting. Ensure metrics drive informed decision-making and continuous improvement. Operational Leadership & Team Enablement
Serve as the operational right-hand to the CISO, enabling prioritization, issue resolution, and decision support. Lead cross-functional coordination between security domains, technology teams, and business units. Support talent development initiatives, including succession planning and leadership team coaching. Qualifications
Required: 10+ years in cybersecurity, information security, or related technology risk roles, with at least 3 years in a leadership or Strategy Director capacity. Proven experience preparing Board-level content and communicating complex technical topics to non-technical audiences. Strong background in audit management, regulatory compliance, and risk governance. Demonstrated success in cybersecurity strategy development and execution. Expertise in building and interpreting metrics, KPIs, and performance reports. Exceptional organizational, communication, and interpersonal skills. Ability to manage multiple priorities in a fast-paced, high-pressure environment. Preferred: Bachelor’s degree in Cybersecurity, Information Technology, Risk Management, or related field; Master’s degree preferred. Relevant certifications (e.g., CISSP, CISM, CRISC, CGEIT, PMP). Experience in a global or highly regulated industry (e.g., financial services, healthcare, insurance). Key Competencies
Strategic Thinking: Ability to translate vision into actionable plans. Executive Communication: Skilled in delivering impactful narratives to senior stakeholders. Program Management: Proven track record of leading complex, cross-functional initiatives. Analytical Insight: Strong data-driven decision-making capability. Adaptability: Comfort in dynamic, rapidly evolving environments. Influence & Collaboration: Ability to build trust and drive consensus across diverse teams. The Cyber Security Strategy Director will ensure the CISO organization operates with strategic clarity, operational discipline, and measurable impact. This role will directly influence the effectiveness of board communications, the success of strategic initiatives, and the organization’s ability to navigate an increasingly complex cyber risk landscape. This role can be based anywhere in the US, with a preference for Eastern Time-zone locations. This role can be fully remote or hybrid. EOE, including disability/vets
#J-18808-Ljbffr
Board & Executive Engagement
Lead preparation of Board and Executive Committee materials, ensuring clear, concise, and actionable cybersecurity reporting. Partner with the CISO to develop strategic narratives for board updates, including threat landscape insights, program performance, and risk posture. Coordinate follow-up actions and communications stemming from Board and senior leadership meetings. Audit & Compliance Oversight
Oversee internal and external cyber audit processes, ensuring timely responses, evidence collection, and remediation tracking. Act as the primary liaison with internal audit, external auditors, and regulatory bodies for cybersecurity matters. Maintain readiness for regulatory examinations and attestations (e.g., SOX, NYDFS, DORA, PCI DSS). Cybersecurity Strategy & Program Management
Partner with the CISO to design, refine, and execute the organization’s cybersecurity strategy, ensuring alignment with business priorities and risk tolerance. Drive strategic initiatives, cross-functional projects, and security transformation programs to successful completion. Monitor industry trends, threat intelligence, and regulatory changes to inform strategic decisions. Metrics, Reporting & Performance Management
Develop, maintain, and communicate meaningful cybersecurity metrics and key performance indicators (KPIs) to measure program effectiveness. Oversee creation of executive dashboards and data visualizations for senior leadership and Board reporting. Ensure metrics drive informed decision-making and continuous improvement. Operational Leadership & Team Enablement
Serve as the operational right-hand to the CISO, enabling prioritization, issue resolution, and decision support. Lead cross-functional coordination between security domains, technology teams, and business units. Support talent development initiatives, including succession planning and leadership team coaching. Qualifications
Required: 10+ years in cybersecurity, information security, or related technology risk roles, with at least 3 years in a leadership or Strategy Director capacity. Proven experience preparing Board-level content and communicating complex technical topics to non-technical audiences. Strong background in audit management, regulatory compliance, and risk governance. Demonstrated success in cybersecurity strategy development and execution. Expertise in building and interpreting metrics, KPIs, and performance reports. Exceptional organizational, communication, and interpersonal skills. Ability to manage multiple priorities in a fast-paced, high-pressure environment. Preferred: Bachelor’s degree in Cybersecurity, Information Technology, Risk Management, or related field; Master’s degree preferred. Relevant certifications (e.g., CISSP, CISM, CRISC, CGEIT, PMP). Experience in a global or highly regulated industry (e.g., financial services, healthcare, insurance). Key Competencies
Strategic Thinking: Ability to translate vision into actionable plans. Executive Communication: Skilled in delivering impactful narratives to senior stakeholders. Program Management: Proven track record of leading complex, cross-functional initiatives. Analytical Insight: Strong data-driven decision-making capability. Adaptability: Comfort in dynamic, rapidly evolving environments. Influence & Collaboration: Ability to build trust and drive consensus across diverse teams. The Cyber Security Strategy Director will ensure the CISO organization operates with strategic clarity, operational discipline, and measurable impact. This role will directly influence the effectiveness of board communications, the success of strategic initiatives, and the organization’s ability to navigate an increasingly complex cyber risk landscape. This role can be based anywhere in the US, with a preference for Eastern Time-zone locations. This role can be fully remote or hybrid. EOE, including disability/vets
#J-18808-Ljbffr