Cyber Security Lead (Information Security)

Cyber Security Lead (Information Security)

Nesco Resource, a national staffing company has a long‑term remote contract role (EST hours) for this position.

Role Overview

We are seeking a seasoned Cyber Security professional to lead the development and implementation of the organization’s enterprise information security strategy. This role is responsible for strengthening the organization’s security posture by designing and implementing security controls, guiding secure architecture, managing cyber risk, and protecting critical information assets. The ideal candidate combines deep technical security expertise with strong experience in threat management, security operations, and enterprise security architecture. Experience with security governance and regulatory frameworks is beneficial but secondary to strong hands‑on information security expertise.

Key Responsibilities

Security Strategy & Architecture

• Develop and implement enterprise cybersecurity policies, standards, and security control frameworks.
• Contribute to the design and implementation of secure, scalable, and resilient security architecture across enterprise platforms.
• Partner with enterprise architects, infrastructure teams, and application teams to embed security into system design, cloud platforms, and enterprise technology initiatives.
• Establish security baselines and architecture patterns for infrastructure, cloud services, and applications.

Threat & Risk Management

• Monitor the evolving cybersecurity threat landscape and recommend mitigation strategies.
• Perform threat modeling and define appropriate security controls across applications, infrastructure, and cloud environments.
• Conduct periodic security risk assessments and drive mitigation and remediation activities.
• Identify security vulnerabilities and lead remediation initiatives across enterprise systems.
• Work closely with engineering teams to improve security posture through proactive risk reduction.

Security Operations & Incident Management

• Oversee security incident response and guide teams through established incident response procedures.
• Continuously improve security monitoring, detection, and response capabilities.
• Lead vulnerability management processes including scanning, risk prioritization, and remediation tracking.
• Evaluate and enhance security tooling, processes, and operational effectiveness.

Data & Information Protection

• Ensure protection of organizational data and information assets from unauthorized access, disclosure, modification, or loss.
• Define and implement data protection strategies including:
• Data classification
• Access control models
• Encryption and key management
• Support implementation of security technologies such as encryption, tokenization, and data masking where appropriate.

Security Governance (Supportive Function)

• Support security governance initiatives by contributing to risk reporting and security posture updates for leadership.
• Assist with alignment to industry security frameworks and regulatory expectations where required.
• Collaborate with internal audit, risk, and compliance teams to support security‑related assessments and audits when needed.

Required Qualifications

• Strong understanding of modern cybersecurity threats, attack techniques, and defensive strategies.
• Proven experience designing and implementing enterprise security architecture.
• Hands‑on experience with core security domains including:
• Identity & Access Management (IAM)
• Encryption (data at rest and in transit)
• Key management
• Data protection and secure data handling
• Experience with:
• Data discovery and classification
• Access control models
• Vulnerability management programs
• Security risk assessments
• Strong ability to translate complex security concepts into practical recommendations for technical teams and leadership.
• Excellent stakeholder communication and collaboration skills.

Preferred Qualifications (Nice to Have)

• Experience working with security or compliance frameworks such as:
• CMMC
• NIST SP 800‑171 or NIST Cybersecurity Framework
• ISO 27001
• SOC 2
• CIS Controls
• Familiarity with regulatory environments such as:
• PCI‑DSS
• SOX IT General Controls
• Experience supporting organizations preparing for external security or compliance assessments.
• Security certifications such as CISSP, CISM, CRISC, CCSP , or similar.
• Experience collaborating with CISO or enterprise security governance teams.

Nesco Resource offers a comprehensive benefits package for our associates, which includes a MEC (Minimum Essential Coverage) plan that encompasses Medical, Vision, Dental, 401K, and EAP (Employee Assistance Program) services.

Nesco Resource provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.