Director of Cybersecurity - Neptune

Position Summary

• The Director of Cybersecurity, Governance, Risk & Compliance will be responsible for oversight of
  Neptune’s GRC practice in addition to Application & Product Security. This role will lead a team of
  cybersecurity professionals to effectively manage regulatory & compliance requirements, perform risk
  assessments, manage security policy, control frameworks, cyber training & awareness, set/enforce
  security standards to protect internal workloads, commercial software and hardware products, while
  supporting audit activities in partnership with external stakeholders. The Director of Cybersecurity,
  Governance, Risk & Compliance will work closely with senior leadership to continuously improve
  Neptune’s cybersecurity posture and support the business goals & objectives.

Responsibilities:
Governance, & Compliance Management

• Governance & Assurance: Lead continuous governance, assurance, and risk management
  across Neptune’s cybersecurity environment, ensuring that all business activities comply with
  relevant regulatory, corporate, and governmental requirements.
•  Regulatory Compliance: Ensure compliance with key regulatory standards such as SOX,
  GDPR, and ISO 27001, and ensure cybersecurity practices meet these evolving requirements.
•  Audit Leadership: Coordinate and manage both internal and external security audits, including
  Roper Cybersecurity & Privacy Audits, annual internal SOX audits, and external PWC SOX
  audits.
•  Security Metrics & Reporting: Maintain and report on key cybersecurity metrics and KPIs,
  delivering regular updates to senior leadership on a monthly, quarterly, and annual basis. Use
  data-driven insights to inform decision-making and risk management strategies.

Application & Product Security

• Product Security Strategy: Develop and implement product security strategies that integrate
  security best practices into all stages of the product lifecycle, from design to development and
  deployment.
•  Security by Design: Ensure security is embedded in the design of Neptune’s products and
  services by collaborating closely with product development teams to integrate secure coding
  practices, architecture reviews, and vulnerability testing.
•  Application Security: Lead application security initiatives, including secure code reviews (i.e.
  SAST/DAST, SCA), application vulnerability assessments/remediations, and penetration testing
  for all Neptune applications.
•  Vulnerability Management: Ensure the timely identification and remediation of vulnerabilities in
  both internal applications and customer-facing products. Implement automated testing and
  security validation tools to enhance the organization’s security posture.
  Risk Management, Data Privacy & Cyber Awareness
•  Risk Assessments: Conduct internal and external cyber risk assessments to identify
  vulnerabilities and drive the implementation of risk mitigation strategies.
•  Cyber Risk Register: Maintain and update Neptune’s Cyber Risk Register, providing accurate
  and timely reporting to leadership on potential risks and their mitigation status.
•  Third-Party Risk Management: Oversee the third-party risk management program, conducting
  thorough risk assessments on vendors and partners to ensure they meet Neptune’s
  cybersecurity standards.
•  Policy Development & Maintenance: Lead the development, implementation, and
  enforcement of Neptune's cybersecurity and IT security policies and procedures. Ensure these
  policies are regularly reviewed and updated to remain aligned with current best practices and
  regulatory requirements.
•  Cybersecurity Training Program: Maintain and enhance Neptune’s cybersecurity awareness
  and training program. Ensure all employees understand security best practices, are aware of
  current threats, and adhere to company policies and procedures.
•  Culture Development: Foster a security-first mindset across the organization, ensuring
  cybersecurity is embedded in every facet of business operations and product development
  Strategic Leadership & Team Development
• Team Leadership & Development: Lead and mentor a team of cybersecurity professionals
  specializing in governance, risk management, product security, and application security. Provide
  guidance and support to ensure high performance and professional growth.
• Cross-Functional Collaboration: Collaborate with product development, IT, legal, compliance,
  and other departments to ensure that cybersecurity initiatives align with broader organizational
  objectives.

Stakeholder Engagement

• Executive Communication: Partner with the VP – Cyber Security & Compliance and other
  leaders within the security team to provide regular updates to senior leadership and
  stakeholders on Neptune’s cybersecurity risks, compliance efforts, product security initiatives,
  and key operational metrics. Ensure clear and consistent communication with investors and
  other external stakeholders.

Requirements
Education

• Bachelor’s degree in Cybersecurity, Information Technology, or a related field. A master’s
  degree in a relevant discipline is preferred.
  

Experience

• Minimum of 10 years of experience in relevant fields such as Digital technology, cybersecurity,
  governance, risk management, application & product security, and compliance.
•  Proven experience in implementing security best practices within the product development
  lifecycle, including secure coding, architecture reviews, and application security testing.
•  Strong background in regulatory compliance, including SOX, GDPR, PCI, and conducting
  internal and external audits.
•  Experience managing third-party vendor assessments and maintaining risk registers.

Technical Skills

•  Deep expertise in Governance Risk & Compliance, Product security, Application security, and
  Application vulnerability management. Proficiency with security tools and technologies used for
  secure software development and automated security testing.
•  Strong knowledge of security frameworks such as NIST, COBIT, OWASP, and ISO 27001, with
  experience integrating these frameworks into product security strategies.
• Previous experience with coding and quality/secure code reviews (SAST, DAST, SCA)

Leadership & Soft Skills

•  People Management: Proven ability to lead, mentor, and manage a diverse team of
  cybersecurity professionals across various domains including governance, compliance, product
  security, and application security.
•  Strategic Vision: Demonstrated experience in building and executing cybersecurity strategies
  that are aligned with both technical and business objectives.
•  Communication Skills: Strong verbal and written communication skills, capable of presenting
  complex security concepts to non-technical stakeholders, executives, and board members.
•  Problem Solving & Analytical Skills: Advanced problem-solving abilities, with a strong focus on
  anticipating security challenges and proactively addressing them.

Certifications

• Relevant certifications such as GSLC, GSNA, CISSP, CISM, CRISC, or CSSLP (Certified
  Secure Software Lifecycle Professional) are highly desirable.
  

Languages

• Proficiency in English is required, Spanish would be a plus.
  

Travel Requirements: Typically requires overnight travel less than 10% of the time.

Location: Tallassee, AL; Duluth, GA

#HP1

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c) Information Systems