VP of Cyber Security

Black Duck Software, Inc. helps organizations build secure, high-quality software, minimizing risks while maximizing speed and productivity. Black Duck, a recognized pioneer in application security, provides SAST, SCA, and DAST solutions that enable teams to quickly find and fix vulnerabilities and defects in proprietary code, open source components, and application behavior. With a combination of industry-leading tools, services, and expertise, only Black Duck helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.

VP of Cybersecurity — Black Duck (Global)

Location: Remote North America
Reports to: Chief Information Officer (CIO)
Time allocation: Full time; ~20% external client‑facing

Summary

Black Duck seeks an experienced, transformation‑oriented VP of Cybersecurity to lead a global security program and maturity roadmap. This executive will partner with a third‑party security firm to build and implement a two‑year roadmap to meet and exceed NIST, GDPR, and ISO 27001 standards while driving a major transformation of people, processes, and security systems across regions. The role combines enterprise security leadership, hands‑on program delivery, and client engagement.

Key responsibilities

• Own the 24‑month global security roadmap developed with an external partner; drive planning, resource allocation, cross‑region rollout, milestone tracking, and KPI delivery.
• Deliver and maintain certifications and frameworks: lead efforts to achieve ISO 27001 certification, align to the NIST Cybersecurity Framework, and ensure GDPR compliance (and applicable regional privacy laws).
• Lead the cybersecurity transformation: redesign the security operating model, establish regional capability hubs, hire and upskill teams, and integrate security into engineering and product lifecycles (DevSecOps).
• Modernize security tooling and architecture: define global architecture for IAM, cloud security, vulnerability management, SIEM/XDR, DLP, and secure SDLC integrations; manage vendor selection and lifecycle.
• Establish enterprise governance and risk programs: policy management, risk assessments, third‑party risk, incident response, crisis management, business continuity, and regular tabletop exercises.
• Client‑facing responsibilities (~20%): act as a senior security advisor to key global customers, lead security briefings and audits, support RFPs and security questionnaire responses, and maintain strong client relationships.
• Reporting and stakeholder communication: deliver executive and Board‑level reporting on security posture, program progress, risk, and ROI.

• Manage external partners and audits: coordinate with the third‑party consulting firm, external auditors, penetration testing vendors, and technology providers.
• People leadership: recruit, mentor, retain, and scale global security talent; define career paths, training programs, and local leadership to sustain capabilities.

Success measures

• Successful delivery of the global 24‑month roadmap; major milestones met on schedule and within budget.
• ISO 27001 certification achieved and maintained; demonstrable NIST alignment and completed GDPR obligations across applicable jurisdictions.
• Quantifiable reductions in critical vulnerabilities and mean time to detect/respond.
• Strong customer satisfaction from security engagements and improved win rate on security‑sensitive deals.
• A stable, scalable global security organization with clear regional leaders, reduced time‑to‑hire for key roles, and high team engagement.

Required qualifications

• Experience: 10+ years in cybersecurity leadership, including enterprise‑scale, multi‑region transformation and certification programs.
• Certifications and frameworks: Proven track record delivering ISO 27001 certification, NIST Cybersecurity Framework implementations, and GDPR compliance.
• Technical breadth: Cloud security (AWS/Azure/GCP), IAM, secure SDLC/DevSecOps, vulnerability management, logging/SIEM/XDR, data protection.
• Client engagement: Demonstrated experience in client‑facing roles supporting enterprise customers on security and audit matters.
• Communication: Excellent presentation skills for C‑level and Board audiences across time zones and cultures.
• Education: Bachelor’s degree in Computer Science, Information Security, or equivalent; relevant certifications such as CISSP, CISM, or ISO 27001 Lead

Preferred qualifications

• Prior experience at a global SaaS company or security vendor.
• Hands‑on experience automating security controls and cloud‑native security architectures.
• Track record building regional security teams and operating models in high‑growth international environments.
• Familiarity with regional privacy and security regulations beyond GDPR (e.g., CCPA/CPRA, UK GDPR, APAC privacy laws).

Black Duck considers all applicants for employment without regard to race, color, religion, sex, gender preference, national origin, age, disability, or status as a Covered Veteran in accordance with federal law. In addition, Black Duck complies with applicable state and local laws prohibiting discrimination in employment in every jurisdiction in which it maintains facilities. Black Duck also provides reasonable accommodation to individuals with a disability in accordance with applicable laws.