Director of Cybersecurity & Compliance

Job Description

Company: L+M Development Partners

Location: New York, US

Position Summary

L+M Development Partners is seeking a hands-on Director of Cybersecurity & Compliance to lead and execute the company’s information security strategy. This is a practitioner-level role – not a purely advisory or oversight position – requiring someone who can configure controls, manage platforms, and drive real security outcomes alongside the IT team.

The Director will own the day-to-day operation of L+M’s security stack, manage MDR vendor relationships, lead the company’s response to cyber security incidents, build a formal governance and compliance program, and serve as the internal security authority for staff, leadership, and vendors.

Key Responsibilities

Security Operations & Platform Management
• Administer and optimize Microsoft 365 / Entra ID security configurations, including Conditional Access, MFA policies, and re-authentication session controls.
• Manage and tune email security platforms, MDR and firewalls for threat detection and PII content filtering;
• Oversee email security and MDR engagement for 24/7 threat monitoring; serve as primary internal contact for escalation and incident triage
• Administer firewall and other network security controls and access policies
• Manage restrictions on personal email access, personal device access to SharePoint/company resources, and shared drive to OneDrive/SharePoint migration security controls
• Implement and maintain DLP policies to prevent PII from being transmitted via email, with programmatic deletion of historical PII from employee mailboxes
• Own incident response, remediation and data breach management and reporting
• Investigate and document security incidents; produce post-incident reports for leadership and the board

Governance, Risk & Compliance
• Build and maintain a NIST-aligned cybersecurity governance framework, incorporating the findings from third-party pen tests, cyber assessment and governance strategy engagement
• Develop and enforce company-wide information security policies, including acceptable use, data classification, PII handling, and vendor security requirements
• Create a vendor security program with tiered controls based on risk level; ensure new and high-risk vendors meet MFA, cybersecurity training, and contractual security requirements
• Manage PII data handling policies for all company platforms; define retention, access, and deletion procedures
• Coordinate with legal counsel on multi-state regulatory compliance, notification windows, and data privacy obligations
• Support cyber insurance renewals and carrier requirements; work with the Insurance team to assess and close coverage gaps.

Security Awareness & Culture
• Design and operate an employee security awareness training program; manage phishing simulation campaigns and track employee performance
• Help develop and enforce consequences for repeat security policy violations, including integration of phishing test results into annual performance review processes
• Provide advance training prior to new policy enforcement
• Communicate clearly with non-technical staff on security changes that affect daily workflows

Leadership & Strategic Reporting
• Serve as the internal subject matter expert on cybersecurity for the CTO, executive team, and board
• Prepare and present cybersecurity metrics, risk posture updates, and strategic recommendations to leadership
• Manage vendor relationships and procurement for security tools; evaluate and recommend platforms
• Define and track a cybersecurity roadmap aligned with NIST maturity milestones

Required Qualifications

• 7+ years of progressive experience in cybersecurity, with at least 3 years in a senior or lead technical role
• Hands-on, practitioner-level expertise – this role requires the ability to configure, operate, and troubleshoot security tools directly
• Deep expertise with Microsoft 365 security, Entra ID / Azure AD, Conditional Access, and Defender suite
• Experience managing or overseeing Managed Email Security and MDR engagements
• Experience with email security platforms.
• Strong working knowledge of PII handling obligations, data breach notification laws, and multi-state regulatory requirements
• Familiarity with NIST Cybersecurity Framework and the ability to translate it into practical operational controls
• Experience developing and enforcing security policies, vendor security requirements, and employee training programs

Preferred Qualifications

• CISSP, CISM, CISA, or equivalent professional certification
• Experience in real estate, property management, affordable housing, or regulated industries with PII-intensive operations
• Familiarity with property management platforms and their data security considerations
• Experience working with outside legal counsel and cyber insurance carriers
• Background conducting or managing external cybersecurity assessments
• Exposure to DLP tools, SIEM/SOAR platforms, and network access control within a Microsoft-heavy environment

L+M offers competitive compensation and benefits and tremendous potential with a growing residential real estate developer/builder organization.

Disclaimer: Nothing in this job description restricts management’s right to assign or reassign duties and responsibilities to this job at any time.

Source: Ladders