Corporate Director, CyberSecurity
Company: TriMark
Location: Mansfield
Posted on: April 2, 2026
|
|
|
Job Description:
Why you’ll love it here! Benefits include Medical, Dental,
Vision, Tuition Reimbursement, Pet, and Legal Insurance 401k
Community Service Day Spotlight Awards National Sales Excellence
Awards CFSP Prep Certification Program POSITION SUMMARY: The
Director of CyberSecurity reports to the Chief Intelligence Officer
Located in Mansfield, MA Full-Time Hybrid POSITION OVERVIEW:
TriMark USA is seeking an accomplished Director of Cybersecurity to
lead the company’s enterprise security function across its national
footprint. This is a senior leadership role responsible for owning
and evolving the cybersecurity strategy, managing security
operations, and protecting a complex, distributed environment
spanning cloud, on-premises, and hybrid infrastructure. The ideal
candidate brings a track record of translating technical risk into
business decisions, has operated at scale, and can credibly engage
both the boardroom and the SOC. This role reports to the CIO and
carries direct budget ownership, executive-level reporting
responsibilities, and cross-functional authority over security
posture across the organization. The Director is expected to
present to the executive team and, on a defined cadence, to the
board or audit committee. ESSENTIAL FUNCTIONS & RESPONSIBILITIES:
Security Strategy & Architecture: • Own and continuously evolve a
risk-based cybersecurity strategy aligned to business objectives,
regulatory obligations, and the current threat landscape. • Lead
the design and implementation of a Zero Trust Architecture (ZTA)
across identity, network, data, and endpoint domains, incorporating
least-privilege access, continuous verification, and
micro-segmentation. • Direct cloud security posture across
multi-cloud and hybrid environments, ensuring alignment with shared
responsibility models and CNAPP/CSPM controls. • Drive AI security
governance — both leveraging AI-powered tooling for defense and
establishing policy and controls around the organization’s use of
AI/GenAI platforms, working alongside the AI steering committee. •
Assess and advance post-quantum cryptography readiness as part of
long-range strategic planning. Security Operations & Engineering •
Oversee the full security operations function including a modern
detection and response stack: SIEM, SOAR, XDR, and threat
intelligence platforms. • Drive an automation-first approach to
Managed Detection and Response (MDR) — whether through internal
capability, MSSP partnership, or a hybrid model — with a focus on
reducing mean time to detect (MTTD) and mean time to respond
(MTTR). • Direct vulnerability management, penetration testing,
threat hunting, and red team/purple team exercises with ongoing
risk reporting. • Champion Identity and Access Management (IAM)
including phishing-resistant MFA, Privileged Access Management
(PAM), and continuous access auditing as a foundational security
control. • Integrate DevSecOps practices into the software
development lifecycle, embedding SAST, DAST, and SCA tooling across
engineering and application teams, including externally facing
platforms. • Own and mature an insider threat program encompassing
behavioral analytics, access monitoring, and policy enforcement
across a geographically distributed workforce. Data Security &
Classification • Define and enforce a data classification framework
across structured and unstructured data, including customer PII,
payment data, supplier contracts, and internal operational data. •
Own and operate data loss prevention (DLP) controls across
endpoints, email, cloud storage, and collaboration platforms. •
Ensure sensitive data handling policies are operationally enforced
and regularly tested, not merely documented. M&A Security Due
Diligence & Integration • Own cybersecurity due diligence for
M&A targets: assess security posture, identify material risk,
and deliver findings to the executive team and deal team prior to
close. • Develop and maintain integration playbooks for acquired
entities, including network segmentation, identity consolidation,
endpoint compliance, and legacy platform risk assessment. •
Establish a defined security baseline that acquired organizations
must reach within a specified post-close window, with measurable
milestones and executive reporting. • Maintain awareness of
security debt inherited through acquisition and factor it into
enterprise risk reporting and budget planning. Third-Party & Supply
Chain Risk • Establish and maintain a third-party and supply chain
risk management program, including vendor security assessments,
Software Bill of Materials (SBOM) practices, and continuous
vulnerability scanning across vendor-managed components. • Own
vendor security SLAs and maintain accountability for third-party
risk exposure. Governance, Risk & Compliance (GRC) • Maintain
compliance with applicable regulatory frameworks including SOC 2,
NIST CSF 2.0, ISO 27001, PCI-DSS, and applicable state/federal data
privacy requirements. • Lead risk quantification efforts and
translate security risk into financial exposure models for
executive and board consumption, presented on a defined cadence to
the CIO and, as appropriate, the audit committee. • Own the
cybersecurity budget including capital and operational spend,
vendor contracts, and ROI measurement. • Own the relationship with
the company’s cyber insurance carrier, including annual
underwriting reviews, coverage adequacy assessments, and claims
coordination. • Produce regular security metrics, KPIs, and
executive dashboards that reflect organizational risk posture
honestly and clearly. Incident Response & Resilience • Own the
enterprise incident response plan and tabletop exercise program;
ensure plans are tested, current, and operationally rehearsed. •
Lead response to material security incidents including ransomware,
data breaches, and business email compromise, including crisis
communications and regulatory notification obligations. • Work with
the Lead of Infrastructure and HR to ensure business continuity and
disaster recovery planning intersects appropriately with
cybersecurity resilience. Team Leadership & Culture: • Build, lead,
and retain a high-performing cybersecurity team of 4 direct
reports; establish clear career paths and invest in technical
development. • Foster a security-aware organizational culture
through relevant, effective security awareness training — moving
beyond checkbox compliance. • Serve as an organizational authority
on emerging threats and proactively brief executives and functional
leaders on evolving risk. COMPETENCIES: • Demonstrated ability to
architect and execute security strategy at scale in complex,
distributed environments. • Operational command of modern security
tooling: XDR, SOAR, SIEM, PAM, CNAPP, and cloud-native security
platforms. • Proven ability to quantify and communicate
cybersecurity risk in business terms — to board members, auditors,
and frontline teams alike. • Track record of advocating for
security budgets, presenting risk assessments to executives, and
influencing organizational priorities while keeping technical teams
aligned. • Deep understanding of the threat landscape including
AI-augmented attacks, ransomware operations, supply chain
compromise, insider threats, and identity-based intrusion. •
Experience governing AI tool adoption from a security and policy
standpoint. • Strong vendor management and contract negotiation
skills; ability to hold third parties accountable to security SLAs.
• Experience conducting cybersecurity due diligence in M&A
contexts and executing post-acquisition security integration. •
Familiarity with cyber insurance underwriting processes and
coverage optimization. QUALIFICATIONS & EXPERIENCE: • Bachelor’s
degree in Cybersecurity, Computer Science, Information Technology,
or related field required; Master’s degree or MBA preferred. •
10–15 years of progressive cybersecurity experience, with a minimum
of 5 years in a senior leadership role with direct budget and team
ownership. • Hands-on experience architecting or implementing Zero
Trust, cloud security, and identity-centric security programs at
scale. • Demonstrated experience with NIST CSF, ISO 27001, SOC 2,
and PCI-DSS compliance frameworks. • Familiarity with modern
detection and response platforms (e.g., CrowdStrike, Microsoft
Sentinel, Palo Alto XDR, or equivalent). • Experience managing
third-party and supply chain risk programs. • Experience conducting
M&A cybersecurity due diligence and/or leading post-acquisition
security integration is strongly preferred. • Relevant senior
certifications required or strongly preferred: CISSP, CISM, or
CRISC. Cloud-specific credentials (CCSP, AWS Security Specialty, or
equivalent) are a meaningful differentiator. CDPSE is a plus given
evolving data privacy obligations. • Ability to successfully pass a
background check post-offer acceptance. SHIndeed
Keywords: TriMark, Boston , Corporate Director, CyberSecurity, IT / Software / Systems , Mansfield, Massachusetts
