Director, Cyber Risk Operations (Cybersecurity)

TL;DR

Director, Cyber Risk Operations (Cybersecurity): Designs, builds, and leads a global Cyber Risk Operations Center (ROC) with an accent on continuous identification, assessment, prioritization, and management of technology and infrastructure risk across the enterprise. Focus on operationalizing cyber risk at scale and translating technical exposures into actionable, business-aligned risk insights.

Location: In-person attendance at least two days per week, either at a GT office or client site.

Salary: $187,500–$312,500 (Chicago, IL, Downers Grove, IL, Cleveland, OH, Minneapolis, MN, Reno, NV, Denver, CO and Baltimore, MD offices), $202,500–$337,500 (Washington, DC, Boston, MA, Bellevue, WA, Los Angeles, CA, Newport Beach, CA San Diego, CA, Edison, NJ, and New York, NY, and Melville, NY offices), $215,625–$359,375 (San Francisco, CA and San Jose, CA offices).

Company

hirify.global delivers professional services through two specialized entities: hirify.global LLP, a licensed, certified public accounting (CPA) firm that provides audit and assurance services ― and hirify.global Advisors LLC (not a licensed CPA firm), which exclusively provides non-attest offerings, including tax and advisory services.

What you will do

• Design and lead a global Cyber Risk Operations Center (ROC).
• Define and operationalize a consistent framework for identifying, prioritizing, tracking, and remediating cyber and infrastructure risk.
• Lead risk assessment and exception management processes.
• Oversee cloud security posture and attack path analysis.
• Lead vulnerability management and endpoint exposure programs.
• Build and lead a high-performing, globally distributed team.

Requirements

• 12+ years of experience in cybersecurity, infrastructure security, or technology risk, with 5+ years in senior leadership roles.
• Deep technical background in enterprise infrastructure, cloud platforms (especially Azure), identity systems, and security architecture.
• Hands-on experience with tools such as Qualys, CrowdStrike, Wiz, Azure Security/Defender, and Microsoft Entra ID.
• Proven experience building or scaling cyber risk, vulnerability management, or exposure management programs.
• Strong understanding of cyber risk frameworks (NIST CSF, NIST 800-53, ISO 27001, CIS).
• Demonstrated ability to translate technical findings into business-relevant risk decisions.

Nice to have

• Experience standing up a centralized risk operations or exposure management function.
• Background in highly regulated or global enterprise environments.
• Familiarity with SOC 2, cloud compliance, and audit-driven risk management.
• Relevant certifications (CISSP, CISM, CCSP, CRISC, or equivalent).

Culture & Benefits

• Empowerment to work in a way that best serves clients and life, consistent with the firm’s hybrid work model.
• Prioritize overall well-being through work-life integration options.
• Personalized and comprehensive benefits that recognize and empower all the identities, roles and aspirations.
• Commitment to diversity, equity & inclusion.