• Director, Cybersecurity

    Job Locations US-VA-Manassas
    Job ID
    Information Technology
  • Overview

    Founded in 1925, ATCC is a non-profit organization with a mission to acquire, authenticate, preserve, develop, standardize, and distribute biological materials and information for the advancement and application of scientific knowledge.  

    The Director, Cybersecurity is responsible for the overall security strategy, policy, enterprise architecture and program execution required to ensure ATCC’s digital assets are adequately protected and resilient. This position will employ a portfolio management approach to adapting industry security solutions, standards and best practices that align with and enable ATTC’s organizational strategy and fit within budget; will employ a risk management approach to evaluate the technology control implications of compliance with industry regulatory requirements and evaluate portfolio priorities. Position works closely with legal, the compliance officer, the risk management committee and the executive leadership to validate the efficacy of the cybersecurity system.


    This position must work and think independently; duties of this position are to be completed under minimal to no guidance. Decision making is a key component of this position, and decisions have a significant impact on the overall success of the Organization. Discretion in handling assigned responsibilities, including the ability to resolve problems and exercise good judgment while maintaining confidentiality is expected from all ATCC employees.  Functions are to be completed in a timely manner with acceptable quality.


    1. Lead cybersecurity strategy and governance activities for ATCC and regularly update the cybersecurity roadmap based on new technology and threat information.
    2. Develop and implement plans, policies and procedures to maintain systems, application, network, database and/or Web security.
    3. Oversee the development, implementation, and maintenance of information security, including access management, vulnerability assessments, penetration testing and security-related infrastructure.
    4. Manage reporting, investigation, resolution and response planning for data security incidents.
    5. Advise on compliance with the changing laws and applicable regulations.
    6. Develop a cybersecurity framework to identify, assess and respond to risk as well as recover from attacks.
    7. Evaluates potential business impacts from security breaches and provides strategic and tactical guidance to business decision-makers.
    8. Advise on organization plans for business continuity and disaster recovery.
    9. Participate as a key member of the enterprise architecture development and the technology selection and implementation processes.
    10. Provide management, training and mentoring to security team members.
    11. Manage cybersecurity budget.
    12. Raise organizational awareness of the importance of cybersecurity best practices through security awareness training and other communication events.
    13. Perform other duties as assigned.


    Education and Experience:


    • Requires a bachelor's degree in Computer Science with Security specialization or equivalent experience.
    • Requires fifteen (15) + years’ of experience in the field.  

    Knowledge, Skills and Abilities:

    • Information Protection and Cybersecurity experience with a demonstrated successful track record of implementing and monitoring secure technology.
    • Ability to develop and execute plan and follow through with set objectives and adhere to and enforce deadlines.
    • Must be a strong leader with assertiveness and have excellent communication (written and verbal), negotiation and presentation skills; able to effectively convey messages to a variety of audiences.
    • Must have strong organizational skills, quality-conscious and a structured way of working.
    • Able to think and operate on both the strategic and tactical levels; develop short term solutions that complement longer term goals.
    • Ability to work effectively with all levels of an organization and develop effective relationships with executive leadership; able to develop and maintain productive relationships through use of effective interpersonal and conflict resolution skills.
    • Adaptable; comfortable with ambiguity, flexible, and positive temperament.
    • Fast and adaptive thinker that sees opportunities and challenges to help teams come along toward a common goal.
    • Self-starter, motivated and takes initiative; strong interpersonal and problem-solving skills; able to work collaboratively with all levels (internally and externally) to resolve problems to maximize performance, creativity, problem solving and results all while also motivating others.
    • Seek, learn, and apply new skills/knowledge to perform job responsibilities.
    • Attentive to detail with a high level of accuracy; exercise sound judgment.
    • Strong analytical skills and organized; completes tasks ahead of schedule.
    • Follow all company safety practices, Standard Operating Procedures (SOP’s) and policies. 

    Preferred Qualifications:


    • Certified Information Systems Security Professional (CISSP).
    • Certified Information Systems Auditor (CISA).
    • Masters’ Degree in Computer Science or related field.
    • Experience working in Biotech or related Life Sciences industries.
    • Experience working with or for Federal Contractors.
    • Experience working with multiple privacy and regulatory requirements and associated cybersecurity ramifications including export controls (EAR/ITAR), payment card industry (PCI), current Good Manufacturing Practices (cGMP), Food and Drug Administration (FDA), Clinical Laboratory Improvement Amendments (CLIA) and European Union General Data Protection Regulations (GDPR).
    • Experience working with best practice and security control frameworks including NIST Cybersecurity Framework (CSF), ISO 17799/27001/27002, NIST 800-53, FedRAMP, and ISA 62443
    • Awareness of IT Governance best practices including: COBIT, Val IT, COSO or ITIL.

    ATCC is an Equal Opportunity Employer and does not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed