Director, Cyber Defense

ABOUT THE DEPARTMENT

The University of Southern California (USC) is advancing its cybersecurity posture with a renewed focus on resilience, cyber risk management, and threat-informed defense. As a world-class research institution, USC is building a culture of security that supports its academic and research mission in a rapidly evolving threat landscape.

This role sits within a newly restructured cybersecurity organization that’s leading this transformation. You’ll join a team focused on scalable, proactive defense strategies, incident preparedness, and operational excellence—working alongside experts who are deeply committed to service, innovation, and impact.

If you’re driven by purpose, thrive in complexity, and want to help shape the future of cybersecurity at a leading university, we invite you to bring your leadership to the table.

POSITION SUMMARY

As the Director, Cyber Defense you will be an integral leader of the cybersecurity department while also collaborating with stakeholders across the university ecosystem and reporting to the Chief Information Security Officer. This is a full-time exempt position, eligible for all of USC’s fantastic Benefits + Perks. This opportunity is hybrid.

The Director, Cyber Defense provides strategic oversight and leadership for the Cyber Defense program, ensuring alignment with the university's cybersecurity objectives and enterprise risk posture. Responsible for key areas including incident response, security monitoring, cyber threat intelligence, attack surface and vulnerability management, and coordination with managed security service providers. Leads the development of a threat-informed defense program and serves as a key advisor to executive leadership during cyber incidents. Drives the evolution of Cyber Defense to secure the university's diverse digital ecosystem including cloud, SaaS, IoT/OT, and research environments. Partners with data governance and privacy leaders to safeguard institutional data. Manages relationships with key IT stakeholders across university Departments, Schools, and Units, providing efficient and consistent Cyber Defense services, and provides technical leadership and mentorship to ensure a high-performing Cyber Defense team. Oversees and coordinates relationships and operations with managed services (SLM, SOC, and IR) and third-party providers.

The Director, Cyber Defense will:

• Provides oversight, guidance, and direction for the Cyber Defense program. Directs and executes the Cyber Defense strategy, ensuring alignment with the university's cybersecurity objectives. Provides expertise and understanding of all aspects of the Cyber Defense landscape, working with executive leadership to expand and enhance the Cyber Defense footprint. Identifies opportunities for enhanced coverage of threat intelligence and security monitoring. Provides informed recommendations to senior leadership regarding the university's security monitoring and incident response strategy. Leads the development of threat informed defense practices including adversary emulation, purple teaming, and threat modeling to ensure detection and response capabilities are aligned to the current threat landscape.

• Serves as a key member of the university’s cyber crisis response team, providing briefings to executive leadership, participating in tabletop exercises, and supporting legal and reputational risk management during major incidents. Oversees the Incident Response (IR) program, ensuring alignment with the university's IR Plan. Reviews the status of Level 2 and Level 3 risks and maintains high-level monitoring of all IR activities. Defines security monitoring expectations and goals in alignment with the university's cybersecurity strategy. Approves or coordinates approval for security monitoring policies, procedures, standards, and roles, as needed. Ensures proper involvement of legal, compliance, and regulatory stakeholders in addressing forensics issues and risks (e.g., Legal, Compliance, General Counsel).

• Manages vendor contractual commitments, Service Level Agreements (SLAs), and performance. Oversees the integration of university associates with managed security service providers. Reviews ongoing status updates from the Cyber Defense and ASM Managers regarding vendor performance.

• Collaborates with Legal, Compliance, and General Counsel on cybersecurity incidents requiring forensic investigation. Ensures Cyber Defense activities adhere to legal, regulatory, and compliance requirements. Establishes and enforces policies for threat intelligence, vulnerability management, and application security.

• Oversees the planning, budgeting, and directing of Cyber Defense activities. Ensures optimal allocation of resources to maximize security effectiveness and risk mitigation. Develops and maintains Cyber Defense performance indicators and dashboards to communicate effectiveness, drive accountability, and continuously improve program maturity based on frameworks such as MITRE ATT&CK, NIST CSF, or D3FEND.

• Accountable for all aspects of staff management, (e.g., hiring, coaching, training, performance reviews, pay actions, and promotions within the Cyber Defense organization). Provides technical leadership and mentorship to ensure a high performing Cyber Defense team.

• Drives the evolution of Cyber Defense practices to meet the needs of modern technologies (e.g., SaaS platforms, hybrid cloud environments, IoT/OT devices, emerging AI workloads). Partners with infrastructure and engineering teams to evaluate, implement, and optimize the use of modern security technologies (e.g., SIEM enhancements, automation/orchestration tools, AI-driven threat detection systems).

• Provides strategic oversight and tuning guidance for phishing defense in collaboration with SOC and email security teams. Aligns simulated phishing campaigns and user education programs with current threat actor lures targeting higher education. Ensures Cyber Defense strategies include visibility and protection for ICS, OT, and research-centric platforms. Coordinates with Facilities and specialized labs to deploy compensating controls and timely patching of high impact vulnerabilities.

• Maintains awareness and knowledge of current changes within legal, regulatory, and technology environments which may affect operations. Encourages a workplace culture where all employees are valued, value others and have the opportunity to contribute through their ideas, words and actions, in accordance with the USC Code of Ethics.

MINIMUM QUALIFICATIONS

Great candidates for the position of Director, Cyber Defense will meet the following qualifications:

• 10 years of experience in key Cyber Defense areas (e.g., incident response, security monitoring, cyber threat intelligence, attack surface and vulnerability management).

• A bachelor’s degree or combined experience/education as substitute for minimum education.

• In-depth knowledge of industry standards, regulations, and new industry developments/trends.

• Understanding and technical knowledge of Cyber Defense concepts, (e.g., incident response, security monitoring, cyber threat intelligence, attack surface and vulnerability management, data and networking.)

• Demonstrable strong management skills and the ability to develop, mentor and coach others.

• Strong written and oral executive communication.

• Experience in working in large or federated enterprises, preferably in the university environment.

• Ability to design and evaluate processes to build security functions and review processes for ongoing improvement.

• Ability to develop Cybersecurity operations operating plans consistent with the strategy and vision of USC.

• Ability to delegate work to team members and provide clear and effective guidance on implementation of processes.

• Experience in the management and/or implementation of security monitoring, anti-malware, and vulnerability management technologies.

• Ability to collaborate extensively with business units, academic departments, IT operations and research teams to align cybersecurity strategies with institutional priorities and risk appetite.

• A Cyber Certification (e.g., CISSP, GIAC, CISM)

PREFERRED QUALIFICATIONS

Exceptional candidates for the position of Director, Cyber Defense will also bring the following qualifications or more:

• MBA or master's degree in computer science or in related field(s)

• 15 years of experience in key Cyber Defense areas (e.g., incident response, security monitoring, cyber threat intelligence, attack surface and vulnerability management).

In addition, the successful candidate must also demonstrate, through ideas, words and actions, a strong commitment to USC’s Unifying Values of integrity, excellence, community, well-being, open communication, and accountability.

SALARY AND BENEFITS

The annual base salary range for this position is $247,993.07 to $298,497.02. When extending an offer of employment, the University of Southern California considers factors such as (but not limited to) the scope and responsibilities of the position, the candidate’s work experience, education/training, key skills, internal peer alignment, federal, state, and local laws, contractual stipulations, grant funding, as well as external market and organizational considerations.

To support the well-being of our faculty and staff, USC provides benefits-eligible employees with a broad range of perks to help protect their and their dependents’ health, wealth, and future. These benefits are available as part of the overall compensation and total rewards package. You can learn more about USC’s comprehensive benefits here.

Join the USC cybersecurity team within an environment of innovation and excellence.

Minimum Education: Bachelor's degree Minimum Certifications: Cyber Certification (e.g., CISSP, GIAC, CISM) Addtional Education Requirements Combined experience/education as substitute for minimum education Minimum Experience: 10 years in key Cyber Defense areas (e.g., incident response, security monitoring, cyber threat intelligence, attack surface and vulnerability management). Minimum Skills: In-depth knowledge of industry standards, regulations, and new industry developments/trends. Understanding and technical knowledge of Cyber Defense concepts, (e.g., incident response, security monitoring, cyber threat intelligence, attack surface and vulnerability management, data and networking.) Demonstrable strong management skills and the ability to develop, mentor and coach others. Strong written and oral executive communication. Experience in working in large or federated enterprises, preferably in the university environment. Ability to design and evaluate processes to build security functions and review processes for ongoing improvement. Ability to develop Cybersecurity operations operating plans consistent with the strategy and vision of USC. Ability to delegate work to team members and provide clear and effective guidance on implementation of processes. Experience in the management and/or implementation of security monitoring, anti-malware, and vulnerability management technologies. Ability to collaborate extensively with business units, academic departments, IT operations and research teams to align cybersecurity strategies with institutional priorities and risk appetite. Preferred Education: MBA Or Master's degree In Computer Science Or in related field(s) Preferred Experience: 15 years