Director, Cyber Security

Mark43’s mission is to empower communities and their governments with new technologies that improve the safety and quality of life for all. We build powerful, scalable, and elegant software that sets a new standard for the tools upon which our first responders rely. Our users are diverse, and we are therefore committed to embracing diversity of thought and experience within our team.

We're hiring a Director, Cyber Security to lead security strategy as part of our broader Security & IT leadership function. This role reports directly to the CISO & CIO. This is a high-impact role for a leader who knows how to strengthen security in a regulated SaaS environment without slowing innovation.

This is not a manager who simply keeps the lights on. We need a leader who owns the roadmap, shows up with data, and drives the program forward. You will be a recognized face of cybersecurity at Mark43, someone that engineers, product teams, and executives call when something goes wrong or when they need a trusted opinion. You will bring both the credibility and the presence to earn that trust.

You will help Mark43 navigate the intersection of compliance, customer trust, product velocity, and emerging risks including AI governance and IP protection. You'll shape and scale our security program across application security, identity and access management, vulnerability management, data protection, and security operations. You'll work closely with Engineering, Product, IT, GRC, and executive leadership to build practical, durable security capabilities that protect the business and support growth.

What You'll Do

Security Strategy & Roadmap Ownership

• Build, own, and drive a multi-year cybersecurity roadmap that is tied to business priorities and risk reduction — not just reactive tasks

• Serve as the internal face of the cybersecurity program; every team at Mark43 should know who you are, understand the strategy, and know to come to you first

• Translate complex security challenges into clear plans and decisions for engineering teams, product leaders, and executive stakeholders

• Partner with Engineering, Product, and IT to embed security into systems, workflows, and decision-making from the start

Metrics, Data & Continuous Improvement

• Lead with data. Build and maintain a metrics program that tracks Security Operations ticket volume, themes, and SLAs; vulnerability aging and remediation rates; incident response investigation counts and patterns; and other KPIs that reflect the health and progress of the program

• Use that data to drive decisions, identify trends, and push the team to improve — not to justify headcount requests without evidence

• Regularly report on program health to leadership with clear, honest analysis of where we are and where we need to go

• Challenge the team to do more with what we have before asking for more resources

Automation & AI-Driven Security

• Champion the use of automation and AI tools across security operations, vulnerability management, and threat detection — with appropriate human-in-the-loop controls where needed

• Identify practical opportunities to reduce manual work, speed up response times, and improve coverage through smart tooling

• Build a culture within the security team that sees AI as an opportunity, not a threat to avoid

• Stay current on AI-related security risks and work with GRC and Product on responsible AI governance

Security Operations & Incident Response

• Lead and mature the Security Operations function, ensuring coverage, responsiveness, and quality across alerts, investigations, and escalations

• Strengthen incident readiness through clear runbooks, escalation paths, tabletop exercises, and post-incident reviews that actually improve the program

• Own the incident response lifecycle and ensure the team is always practicing, not just planning

• Advance vulnerability management with a data-driven approach to prioritization, remediation tracking, and risk-based decisions

Application Security, IAM & Data Protection

• Drive progress across application security, identity and access management, vulnerability management, and data protection programs

• Partner closely with R&D and Product teams who have strong security knowledge — earn their respect through credibility, not just authority

• Evaluate and respond to risks related to AI integration, new product features, and emerging technologies

Compliance & Customer Trust

• Work with GRC and customer-facing teams to support audit readiness, security reviews, and customer assurance efforts across FedRAMP, NIST, CJIS, and other applicable frameworks

• Help prioritize security investments and remediation based on risk, compliance requirements, and business impact

Team Leadership & Culture

• Coach and develop leaders and team members across the security function, building a culture of ownership, accountability, and execution

• Create an environment where the team is proud of their data, their metrics, and their results — not just their effort

What You'll Need

We're looking for a seasoned cybersecurity leader who can balance strategy and execution in a fast-moving, highly accountable environment.

You should have:

• 10+ years of cybersecurity experience, with at least 4–5 years in a leadership role managing teams in a cloud or SaaS environment

• Deep, hands-on experience leading programs across security operations, application security, IAM, vulnerability management, and data protection

• A real track record of building and running metrics-driven security programs — you should be able to walk us through your dashboards and what they tell you

• Experience working in regulated and customer-facing environments with frameworks such as FedRAMP, NIST, CJIS, HIPAA, or similar; experience in public safety or government technology is a plus

• Proven ability to lead complex, cross-functional initiatives across Security, Engineering, Product, IT, GRC, and executive stakeholders

• Comfort with AI and automation tools as part of a modern security program

• Strong written and verbal communication skills, with the ability to turn technical issues into clear plans, decisions, and strategies

• Based in or willing to relocate to the Boston area, with the ability to come into the office several days per week

People who thrive in this role tend to be:

• Data-driven leaders who use metrics to improve, not to protect themselves

• Strategic and pragmatic, with a strong instinct for where to invest and how to move

• Collaborative and influential — able to build trust and credibility with technical teams who will challenge them

• Champions of automation and AI as tools that make security teams more effective

• Calm under pressure, especially when incidents or competing priorities create ambiguity

• Visible and present as a leader — not heads-down managers, but someone the whole company knows and trusts

• Mission-driven, with a clear understanding of why secure, reliable technology matters for the communities we serve