Director, Cybersecurity

Primary Work Address: 4000 Jones Bridge Road, Chevy Chase, MD, 20815

Current HHMI Employees, click here to apply via your Workday account.

HHMI is focused on supporting and moving science forward in a variety of different ways ranging from conducting basic biomedical research, empowering educators, inspiring students, developing the next generation of scientists - even stretching into film and media production. Our Headquarters is in the greater Washington, DC metro area and is home to over 300 employees with expertise in investments, communications, digital production, biomedical sciences, and everything in between. The work housed here supports and augments the groundbreaking research conducted in HHMI labs across the nation. As HHMI scientists continue to push boundaries in laboratories and classrooms, you can be sure that your contributions while working here are making a difference.

Summary:

Howard Hughes Medical Institute (HHMI) advances scientific discovery and education in the life sciences. The Technology & Systems Management (TSM) team supports that mission by delivering secure, resilient, and forward-looking technology solutions across the Institute.

We are seeking a Director, Cybersecurity to lead HHMI's enterprise information security program and strengthen the Institute's overall security posture in an evolving threat landscape.

The Director, Cybersecurity serves as the Institute's senior cybersecurity leader and trusted advisor to the CTO and executive leadership on risk posture and emerging threats. This role is responsible for ensuring the confidentiality, integrity, and availability of digital assets across enterprise systems, infrastructure, and applications.

The Director leads internal cybersecurity and identity and access management (IAM) teams, partners with an external SOC/MSSP for continuous monitoring and response, and collaborates across TSM and Institute leadership to embed security into technology strategy and operations. This role also works closely with Risk and Compliance and the Office of General Counsel to align cybersecurity governance with regulatory requirements and the protection of sensitive research and regulated data.

This position reports to the Chief Technology Officer and is based at HHMI's headquarters in Chevy Chase, Maryland. It follows a hybrid schedule with three in-office days per week and will have occasional travel to our Janelia Research Campus in Ashburn, VA.

What You'll Get:

• Mission-Focused Work: The opportunity to safeguard world-class scientific research by leading security efforts in a research-intensive, innovation-driven environment

• Strategic Partnership in Cutting-Edge Work: Working directly with senior leadership to shape enterprise-wide strategy and influence AI governance and emerging technology security.

• Competitive Total Rewards Package: Comprehensive healthcare, generous retirement contributions, paid leave, and additional programs that support well-being and professional development.

• Develop, implement, and continuously evolve a comprehensive cybersecurity strategy aligned with organizational priorities and risk appetite.

• Serve as senior advisor to executive leadership on cybersecurity risk, posture, and emerging threats.

• In coordination with the EverydayAI team, lead development of governance frameworks and security practices for emerging technologies, including artificial intelligence and machine learning systems.

• Lead and develop cybersecurity and IAM teams across two locations, setting priorities, guiding technical direction, and fostering professional growth.

• Oversee enterprise security operations, including monitoring, vulnerability management, threat intelligence, and incident response.

• Direct and optimize relationships with external SOC and managed security partners to ensure effective 24/7 coverage.

• Partner with Risk and Compliance, the Office of General Counsel and other stakeholders to develop and enforce security policies, standards, and procedures; lead internal assessments and coordinate external audits.

• Establish and communicate security metrics to senior leadership that reflect performance, maturity, and risk reduction.

• Embed security principles into infrastructure, applications, and business systems design, including secure architecture, network segmentation, and identity and access management best practices.

• Provide strategic guidance and leadership for a team responsible for internal security/access assessments, coordinating external audits, and supporting regulatory and compliance initiatives across financial systems and other technology areas.

• Lead enterprise incident response and recovery efforts, and develop and test disaster recovery and business continuity plans from a security perspective.

• Oversee cybersecurity budgeting, including operational expenses, service agreements, equipment, and special projects.

• Bachelor's degree

• CISSP, CISM, CISA, or equivalent advanced security certification

• 12+ years of progressive experience in information security

• 5+ years of leadership experience managing teams and vendors

• Knowledge of emerging technologies, including Artificial Intelligence

• Deep understanding of cybersecurity frameworks (NIST, CIS Controls) and risk management methodologies

• Experience with SOC operations, IAM platforms, cloud security, and endpoint protection technologies

• Strong understanding of identity governance, privileged access management, and authentication technologies

• Experience developing security governance frameworks for AI/ML systems and third-party AI tools

• Proven ability to build high-performing teams and foster a culture of accountability, transparency, and continuous improvement

• Excellent communication skills with the ability to translate technical risks into business context

• Demonstrated problem-solving ability with strong communication, interpersonal, and organizational skills, and a high level of initiative.