Job Description

About Us:
If you are passionate about the ability of American business to improve lives, solve problems, and strengthen society, the U.S. Chamber of Commerce is the place for you. As the world’s largest business organization, we believe in building a future that gives everyone the opportunity to pursue a better tomorrow. We make it our job today–and every day–to build the strongest relationships possible among the American people, business leaders, and elected officials in Washington, D.C., state capitals, and countries around the globe. For them and the businesses we represent, the U.S. Chamber is a trusted advocate and partner.
We are driven by the pursuit of innovation and partnership and hold ourselves to the highest standards. Our commitment to our members is matched only by our commitment to our employees. As part of our team, we will support your long-term career development while delivering relevant learning opportunities. We will empower you to lead, develop deep expertise, and find new approaches to solving the toughest challenges.

The Director of Cyber and Information Security provide hands on technical leadership for the security program—owning day to day security operations and helping translate execution into clear priorities and measurable outcomes. Reporting to the vice president of Information Technology (IT) and partnering closely with the chief technology officer, this role advises and supports enterprise decision making with practical, risk based guidance.

Responsibilities:
• Take ownership of security tooling, alert triage, investigations, and incident response.
• Own vulnerability management and continuous control improvement (endpoint, email, cloud, awareness).
• Ensure that strategy, policies, metrics, and risk communication are aligned with business needs and risk tolerance.
• Facilitate cross functional delivery of security initiatives with IT, cloud, applications, and vendors.
• Support third-party risk management and security policy across the organization.
Security Operations
• Own vulnerability management and continuous improvement of key controls (endpoint, email, cloud posture, awareness).
• Lead alert triage, investigations, and incident response activities, including root cause, remediation planning, and post incident reviews.
• Partner with infrastructure, cloud, application, and workplace technology teams to embed security into systems and workflows.
Strategy, Governance, and Risk
• Lead security strategy and roadmap development in alignment with the vice president of IT and the CTO.
• Maintain policies, standards, and governance; assess and communicate risk in business terms. Communicate clearly with technical and nontechnical audiences.
• Evaluate and recommend security technologies and services based on risk reduction, value, and operational impact.
• Support third party and vendor risk efforts with legal, procurement, IT, and business partners.
• Define metrics and reporting that provide leadership visibility into security posture, progress, and priorities.
Collaboration and Vendors
• Build a collaborative, pragmatic, and accountable security culture. Partner effectively across IT, business teams, and vendors.
• Partner with stakeholders to understand business processes, technology usage, and risk.
• Plan, prioritize, and deliver security initiatives with technology teams across competing timelines and resources.
• Manage security vendors and service providers to ensure expected outcomes and value.
Team Leadership
• Manage and mentor two security team members; provide coaching and technical guidance. Set priorities, assign work, and drive execution across multiple concurrent initiatives.
• Balance strategic planning with hands on operational execution across competing priorities.
Security Awareness
• Lead the security awareness and training program.
• Promote shared responsibility through practical guidance that supports secure behaviors with minimal friction.

Qualifications:
• 10+ years of cybersecurity/information security experience.
• Experience operating enterprise security tools across endpoint, email, cloud, awareness, and risk domains, including CrowdStrike Falcon Complete, Proofpoint, Microsoft Defender for Cloud, KnowBe4, Cisco Umbrella.
• Investigation and incident response experience.
• Experience with security policies, governance, and risk based practices.
• People management or senior technical leadership experience.
• Hands on technical depth with the ability to lead strategy and execution.
• Strong organization, prioritization, and communication skills.
Preferred
• Experience in mission driven, nonprofit, association, or complex organizational environments.
• Comfort operating in risk based, business driven security environments (not compliance driven).
• Familiarity with common security frameworks, applied pragmatically.
• Certifications (e.g., CISSP, CISM, CCSP) a plus.

The salary range for this position is $162,715.00 to $174,000.00. The actual salary paid for this position will vary based on market data, an applicant’s qualifications, relevant degrees, certifications, and other factors. Our full-time employees are eligible for benefits, including health care, vision, dental, retirement, and paid leave.
We provide equal employment opportunities to all employees and applicants without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.
#LI-Hybrid