Enterprise Cyber Security Manager

  • NPA WorldWide
  • Seattle, Washington
  • 07/18/2026
Full time

Job Description

Job description:

The Enterprise Cybersecurity Manager is expected to interface with peers in the Information technology department as well as with leaders of business units, to share the agency security vision and ensure compliance with existing and new security requirements as they relate to the network, servers, cloud, applications and other infrastructure activities.

Key Responsibilities

Lead the selection, deployment, and management of security solutions.

Oversee vulnerability assessments, penetration testing, and security audits.

Manage incident response and recovery efforts, including postincident reviews.

Provide executivelevel reporting on security posture, risks, and incidents.

Partner with business leaders to embed security into operations and projects.

Ensure security requirements are embedded in procurement and vendor contracts.

Drive continuous improvement of the security program through maturity assessments and roadmaps.

Duties (E = Essential Functions)

Leadership & Governance

Develop, maintain, and communicate the Agencys information security strategy and roadmap. E

Provide regular briefings to the CIO, executive leadership, and Board/Audit Committee on security posture, risks, and incidents. E

Integrate security risk management into the Agencys enterprise risk management (ERM) framework. E

Develop and maintain security policies, standards, baselines, guidelines, and procedures. E

Program Maturity & Continuous Improvement

Conduct regular security program maturity assessments and develop multiyear improvement roadmaps. E

Champion adoption of industry best practices and frameworks (e.g., NIST ISO 27001, CIS Controls). E

Define and track security KPIs and metrics to measure program effectiveness.

Technology Oversight

Create and maintain the Agencys security architecture design. E

Oversee security for onpremises, cloud, and hybrid environments. E

Evaluate and mitigate risks associated with emerging technologies (AI, IoT, OT). E

Oversee Identity & Access Management (IAM) strategy, including MFA and privileged access controls.

Incident Preparedness

Lead the incident response process, including investigation, containment, eradication, recovery, and postincident review. E

Conduct regular tabletop exercises and simulations for incident preparedness. E

Collaborate with legal counsel and law enforcement when necessary.

Vendor & Partner Security

Evaluate and manage thirdparty/vendor security risks. E

Lead security due diligence for strategic partners and service providers. E

Negotiate and enforce security requirements in contracts and SLAs.

Leadership & Culture

Build, mentor, and retain a highperforming security team. E

Foster a culture where security is viewed as a business enabler. E

Launch and maintain a Security Champions program to embed security awareness across departments.

Acquisition & Deployment

Maintain uptodate knowledge of the threat landscape, emerging technologies, and evolving regulatory requirements. E

Recommend and implement security solutions or enhancements to improve overall security posture. E

Oversee deployment, integration, and configuration of new security solutions in accordance with best practices and Agency standards. E

Operational Management

Ensure the confidentiality, integrity, and availability (CIA) of Agency data and systems. E

Monitor security events and coordinate with SOC or monitoring teams to respond to threats.

Oversee compliance with relevant laws, regulations, and frameworks (e.g., NIST, ISO 27001, FedRAMP,).

Personal Attributes

Strong leadership and influencing skills.

Exceptional analytical and problem-solving abilities.

Ability to prioritize and execute in high-pressure environments.

Excellent communication skills, with the ability to present complex topics to non-technical audiences.

High integrity and commitment to ethical practices.

Collaborative mindset with the ability to build trust across the organization.

Work Conditions

40-hour on-site work week with on-call availability

Sitting for extended periods of time.

Sufficient dexterity of hands and fingers to efficiently operate a computer keyboard, mouse and other computer components.

Qualifications:

Education experience

Bachelor's degree in computer science, Information Security, Cybersecurity, Information Technology, or a related field.

Masters degree in Cybersecurity, Information Assurance, or Business Administration (MBA) with a technology focus is preferred.

Equivalent combination of education and relevant work experience will be considered.

One or more of the following certifications (strongly preferred)

CISSP Certified Information Systems Security Professional (ISC)

CISM Certified Information Security Manager (ISACA)

CISA Certified Information Systems Auditor (ISACA)

GIAC Security Leadership Certification (GSLC) or GIAC Security Essentials Certification (GSEC)

CCSP Certified Cloud Security Professional (ISC)

ISO/IEC 27001 Lead Implementer or Lead Auditor

Microsoft Certified: Cybersecurity Architect Expert or equivalent vendor-specific security certification

AWS Certified Security Specialty or Azure Security Engineer Associate

Knowledge & Experience

Proven experience in enterprise security architecture and governance.

Demonstrated ability to develop and enforce security policies and procedures.

Minimum 57 years in IT security leadership roles.

Experience managing large-scale IT projects and cross-functional teams.

Strong background in incident response, threat management, penetration testing, and vulnerability management.

Familiarity with cloud security (AWS, Azure, GCP) and hybrid environments.

Ability to present ideas in business-friendly and user-friendly language.

Highly self-motivated and directed.

Keen attention to detail.

Strong leadership and influencing skills.

Exceptional analytical and problem-solving abilities.

Ability to prioritize and execute in high-pressure environments.

Excellent communication skills, with the ability to present complex topics to non-technical audiences.

High integrity and commitment to ethical practices.

Preferred Background (Highly Desirable)

Experience implementing Zero Trust Architecture principles.

Oversight of a Security Operations Center (SOC) or managed security services.

Hands-on experience with security automation and orchestration (SOAR) tools.

Familiarity with DevSecOps practices and integrating security into CI/CD pipelines.

Knowledge of data loss prevention (DLP), endpoint detection and response (EDR), and extended detection and response (XDR) platforms.

Experience leading cybersecurity maturity assessments and roadmap development.

Track record of executive-level communication and board presentations on cybersecurity risk.

Why is This a Great Opportunity:

We are a mission-driven organization that does good in the community every single day. We believe safe, secure, and affordable housing is the foundation for thriving lives and our work directly supports thousands of residents across Seattle.

Here, your expertise in security will not only protect critical systems it will help safeguard the mission