HHMI is focused on supporting and moving science forward in a variety of different ways ranging from conducting basic biomedical research, empowering educators, inspiring students, developing the next generation of scientists – even stretching into film and media production. Our Headquarters is in the greater Washington, DC metro area and is home to over 300 employees with expertise in investments, communications, digital production, biomedical sciences, and everything in between. The work housed here supports and augments the groundbreaking research conducted in HHMI labs across the nation. As HHMI scientists continue to push boundaries in laboratories and classrooms, you can be sure that your contributions while working here are making a difference.
Summary:
Howard Hughes Medical Institute (HHMI) advances scientific discovery and education in the life sciences. The Technology & Systems Management (TSM) team supports that mission by delivering secure, resilient, and forward-looking technology solutions across the Institute.
We are seeking a Director, Cybersecurity to lead HHMI’s enterprise information security program and strengthen the Institute’s overall security posture in an evolving threat landscape.
The Director, Cybersecurity serves as the Institute’s senior cybersecurity leader and trusted advisor to the CTO and executive leadership on risk posture and emerging threats. This roleis responsible forensuring the confidentiality, integrity, and availability of digital assets across enterprise systems, infrastructure, and applications.
The Director leads internal cybersecurity and identity and access management (IAM) teams, partners with an external SOC/MSSP for continuous monitoring andresponse, andcollaborates across TSM and Institute leadership to embed security into technology strategy and operations. This role also works closely with Risk and Compliance and the Office of General Counsel to align cybersecurity governance with regulatory requirements and the protection of sensitive research and regulated data.
This position reports to the Chief Technology Officer and is based at HHMI’s headquarters in Chevy Chase, Maryland. It follows a hybrid schedule with three in-office days per weekand will have occasional travel to our Janelia Research Campus in Ashburn, VA.
WhatYou’llGet:
Mission-Focused Work:Theopportunity to safeguard world-class scientific researchbyleadingsecurity efforts in a research-intensive, innovation-driven environment
Strategic PartnershipinCutting-Edge Work:Working directly with senior leadership to shape enterprise-wide strategy andinfluenceAI governance and emerging technology security.
CompetitiveTotal Rewards Package:Comprehensive healthcare, generous retirement contributions, paid leave, andadditionalprograms that support well-being and professional development.
WhatYou’llDo:
Develop, implement, and continuously evolve a comprehensive cybersecurity strategy aligned with organizational priorities and risk appetite.
Serve as senior advisor to executive leadership on cybersecurity risk, posture, and emerging threats.
In coordination with theEverydayAIteam, lead development of governance frameworks and security practices for emerging technologies, including artificial intelligence and machine learning systems.
Lead and develop cybersecurity and IAM teamsacross two locations, setting priorities, guiding technical direction, and fostering professional growth.
Oversee enterprise security operations, including monitoring, vulnerability management, threat intelligence, and incident response.
Direct andoptimizerelationships with external SOC and managed security partners to ensure effective 24/7 coverage.
Partner with Risk and Compliance, the Office of GeneralCounseland other stakeholdersto develop and enforce security policies, standards, and procedures; lead internal assessments and coordinate external audits.
Establish and communicate security metrics to senior leadership that reflect performance, maturity, and risk reduction.
Embed security principles into infrastructure, applications, and business systems design, including secure architecture, network segmentation, and identity and accessmanagementbest practices.
Provide strategic guidanceand leadershipforateam responsible forinternal security/accessassessments, coordinatingexternal audits, and supportingregulatory and compliance initiativesacross financial systemsand other technology areas.
Lead enterprise incident response and recoveryefforts, anddevelop and test disaster recovery and business continuity plans from a security perspective.
Oversee cybersecurity budgeting, including operational expenses, service agreements, equipment, and special projects.
What You Bring:
Education & Certifications
Bachelor’s degree
CISSP, CISM, CISA, or equivalent advanced security certification
Experience
12+ years of progressive experience in information security
5+ years of leadership experience managing teams and vendors
Knowledge of emerging technologies, including Artificial Intelligence
Skills &Expertise
Deep understanding of cybersecurity frameworks (NIST, CIS Controls) and risk management methodologies
Experience with SOC operations, IAM platforms, cloud security, and endpoint protection technologies
Strong understanding of identity governance, privileged access management, and authentication technologies
Experience developing security governance frameworks for AI/ML systems and third-party AI
hhmi