Director of Cybersecurity - Neptune
Duluth, GA 30026
About the Job
Position Summary
- The Director of Cybersecurity, Governance, Risk & Compliance will be responsible for oversight of
Neptune’s GRC practice in addition to Application & Product Security. This role will lead a team of
cybersecurity professionals to effectively manage regulatory & compliance requirements, perform risk
assessments, manage security policy, control frameworks, cyber training & awareness, set/enforce
security standards to protect internal workloads, commercial software and hardware products, while
supporting audit activities in partnership with external stakeholders. The Director of Cybersecurity,
Governance, Risk & Compliance will work closely with senior leadership to continuously improve
Neptune’s cybersecurity posture and support the business goals & objectives.
Responsibilities:
Governance, & Compliance Management
- Governance & Assurance: Lead continuous governance, assurance, and risk management
across Neptune’s cybersecurity environment, ensuring that all business activities comply with
relevant regulatory, corporate, and governmental requirements. - Regulatory Compliance: Ensure compliance with key regulatory standards such as SOX,
GDPR, and ISO 27001, and ensure cybersecurity practices meet these evolving requirements. - Audit Leadership: Coordinate and manage both internal and external security audits, including
Roper Cybersecurity & Privacy Audits, annual internal SOX audits, and external PWC SOX
audits. - Security Metrics & Reporting: Maintain and report on key cybersecurity metrics and KPIs,
delivering regular updates to senior leadership on a monthly, quarterly, and annual basis. Use
data-driven insights to inform decision-making and risk management strategies.
Application & Product Security
- Product Security Strategy: Develop and implement product security strategies that integrate
security best practices into all stages of the product lifecycle, from design to development and
deployment. - Security by Design: Ensure security is embedded in the design of Neptune’s products and
services by collaborating closely with product development teams to integrate secure coding
practices, architecture reviews, and vulnerability testing. - Application Security: Lead application security initiatives, including secure code reviews (i.e.
SAST/DAST, SCA), application vulnerability assessments/remediations, and penetration testing
for all Neptune applications. - Vulnerability Management: Ensure the timely identification and remediation of vulnerabilities in
both internal applications and customer-facing products. Implement automated testing and
security validation tools to enhance the organization’s security posture.
Risk Management, Data Privacy & Cyber Awareness - Risk Assessments: Conduct internal and external cyber risk assessments to identify
vulnerabilities and drive the implementation of risk mitigation strategies. - Cyber Risk Register: Maintain and update Neptune’s Cyber Risk Register, providing accurate
and timely reporting to leadership on potential risks and their mitigation status. - Third-Party Risk Management: Oversee the third-party risk management program, conducting
thorough risk assessments on vendors and partners to ensure they meet Neptune’s
cybersecurity standards. - Policy Development & Maintenance: Lead the development, implementation, and
enforcement of Neptune's cybersecurity and IT security policies and procedures. Ensure these
policies are regularly reviewed and updated to remain aligned with current best practices and
regulatory requirements. - Cybersecurity Training Program: Maintain and enhance Neptune’s cybersecurity awareness
and training program. Ensure all employees understand security best practices, are aware of
current threats, and adhere to company policies and procedures. - Culture Development: Foster a security-first mindset across the organization, ensuring
cybersecurity is embedded in every facet of business operations and product development
Strategic Leadership & Team Development - Team Leadership & Development: Lead and mentor a team of cybersecurity professionals
specializing in governance, risk management, product security, and application security. Provide
guidance and support to ensure high performance and professional growth. - Cross-Functional Collaboration: Collaborate with product development, IT, legal, compliance,
and other departments to ensure that cybersecurity initiatives align with broader organizational
objectives.
Stakeholder Engagement
- Executive Communication: Partner with the VP – Cyber Security & Compliance and other
leaders within the security team to provide regular updates to senior leadership and
stakeholders on Neptune’s cybersecurity risks, compliance efforts, product security initiatives,
and key operational metrics. Ensure clear and consistent communication with investors and
other external stakeholders.
Requirements
Education
- Bachelor’s degree in Cybersecurity, Information Technology, or a related field. A master’s
degree in a relevant discipline is preferred.
Experience
- Minimum of 10 years of experience in relevant fields such as Digital technology, cybersecurity,
governance, risk management, application & product security, and compliance. - Proven experience in implementing security best practices within the product development
lifecycle, including secure coding, architecture reviews, and application security testing. - Strong background in regulatory compliance, including SOX, GDPR, PCI, and conducting
internal and external audits. - Experience managing third-party vendor assessments and maintaining risk registers.
Technical Skills
- Deep expertise in Governance Risk & Compliance, Product security, Application security, and
Application vulnerability management. Proficiency with security tools and technologies used for
secure software development and automated security testing. - Strong knowledge of security frameworks such as NIST, COBIT, OWASP, and ISO 27001, with
experience integrating these frameworks into product security strategies. - Previous experience with coding and quality/secure code reviews (SAST, DAST, SCA)
Leadership & Soft Skills
- People Management: Proven ability to lead, mentor, and manage a diverse team of
cybersecurity professionals across various domains including governance, compliance, product
security, and application security. - Strategic Vision: Demonstrated experience in building and executing cybersecurity strategies
that are aligned with both technical and business objectives. - Communication Skills: Strong verbal and written communication skills, capable of presenting
complex security concepts to non-technical stakeholders, executives, and board members. - Problem Solving & Analytical Skills: Advanced problem-solving abilities, with a strong focus on
anticipating security challenges and proactively addressing them.
Certifications
- Relevant certifications such as GSLC, GSNA, CISSP, CISM, CRISC, or CSSLP (Certified
Secure Software Lifecycle Professional) are highly desirable.
Languages
- Proficiency in English is required, Spanish would be a plus.
Travel Requirements: Typically requires overnight travel less than 10% of the time.
Location: Tallassee, AL; Duluth, GA
#HP1
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)
Information Systems