VP of Cyber Security

Black Duck Software, Inc. Logo
Black Duck Software, Inc.
United States
  • Security
  • FullTime
  • Applications have closed

VP of Cybersecurity — Black Duck (Global)

Location: Remote North America

Reports to: Chief Information Officer (CIO)

Time allocation: Full time; ~20% external client‑facing

Summary

Black Duck seeks an experienced, transformation‑oriented VP of Cybersecurity to lead a global security program and maturity roadmap. This executive will partner with a third‑party security firm to build and implement a two‑year roadmap to meet and exceed NIST, GDPR, and ISO 27001 standards while driving a major transformation of people, processes, and security systems across regions. The role combines enterprise security leadership, hands‑on program delivery, and client engagement.

Key responsibilities

  • Own the 24‑month global security roadmap developed with an external partner; drive planning, resource allocation, cross‑region rollout, milestone tracking, and KPI delivery.

  • Deliver and maintain certifications and frameworks: lead efforts to achieve ISO 27001 certification, align to the NIST Cybersecurity Framework, and ensure GDPR compliance (and applicable regional privacy laws).

  • Lead the cybersecurity transformation: redesign the security operating model, establish regional capability hubs, hire and upskill teams, and integrate security into engineering and product lifecycles (DevSecOps).

  • Modernize security tooling and architecture: define global architecture for IAM, cloud security, vulnerability management, SIEM/XDR, DLP, and secure SDLC integrations; manage vendor selection and lifecycle.

  • Establish enterprise governance and risk programs: policy management, risk assessments, third‑party risk, incident response, crisis management, business continuity, and regular tabletop exercises.

  • Client‑facing responsibilities (~20%): act as a senior security advisor to key global customers, lead security briefings and audits, support RFPs and security questionnaire responses, and maintain strong client relationships.

  • Reporting and stakeholder communication: deliver executive and Board‑level reporting on security posture, program progress, risk, and ROI.

  • Manage external partners and audits: coordinate with the third‑party consulting firm, external auditors, penetration testing vendors, and technology providers.

  • People leadership: recruit, mentor, retain, and scale global security talent; define career paths, training programs, and local leadership to sustain capabilities.

Success measures

  • Successful delivery of the global 24‑month roadmap; major milestones met on schedule and within budget.
  • ISO 27001 certification achieved and maintained; demonstrable NIST alignment and completed GDPR obligations across applicable jurisdictions.
  • Quantifiable reductions in critical vulnerabilities and mean time to detect/respond.
  • Strong customer satisfaction from security engagements and improved win rate on security‑sensitive deals.
  • A stable, scalable global security organization with clear regional leaders, reduced time‑to‑hire for key roles, and high team engagement.

Required qualifications

  • Experience: 10+ years in cybersecurity leadership, including enterprise‑scale, multi‑region transformation and certification programs.
  • Certifications and frameworks: Proven track record delivering ISO 27001 certification, NIST Cybersecurity Framework implementations, and GDPR compliance.
  • Technical breadth: Cloud security (AWS/Azure/GCP), IAM, secure SDLC/DevSecOps, vulnerability management, logging/SIEM/XDR, data protection.
  • Client engagement: Demonstrated experience in client‑facing roles supporting enterprise customers on security and audit matters.
  • Communication: Excellent presentation skills for C‑level and Board audiences across time zones and cultures.
  • Education: Bachelor’s degree in Computer Science, Information Security, or equivalent; relevant certifications such as CISSP, CISM, or ISO 27001 Lead

Preferred qualifications

  • Prior experience at a global SaaS company or security vendor.
  • Hands‑on experience automating security controls and cloud‑native security architectures.
  • Track record building regional security teams and operating models in high‑growth international environments.
  • Familiarity with regional privacy and security regulations beyond GDPR (e.g., CCPA/CPRA, UK GDPR, APAC privacy laws).
Apply for job