[Hiring] Associate Director of Cybersecurity, Physical Security, and AI Governance @ECG Management Consultants

Role Description

Your Opportunity with ECG:

Associate Director of Cybersecurity, Physical Security, and Artificial Intelligence (AI) Governance

Reporting to the IT director, the associate director is responsible for defining and advancing the organization’s long‑term approach to cybersecurity, physical security, data governance, and responsible AI use. This role is heavily strategic and governance focused. The associate director establishes vision, policy, and guardrails; evaluates risk; and provides executive‑level insight—while partnering with IT, data and analytics, facilities, legal, compliance, and business leaders to support execution.

Your Responsibilities May Include

• Enterprise Security, Data, and AI Governance Strategy
  • Define and maintain a multiyear enterprise strategy spanning:
    • Cybersecurity.
    • Physical security.
    • Data analytics governance (internal data focus, external client data protection).
    • AI and automation risk.
  • Ensure security, data, and AI considerations are embedded into IT architecture, cloud platforms, analytics initiatives, and application delivery.
  • Advise IT leadership on risk, opportunity, and investment priorities related to emerging technologies.
  • Translate technical, physical, and AI‑related risks into clear business impact for executive decision‑making.
• AI and Data Governance
  • Establish and maintain the organization’s AI governance framework, including:
    • Acceptable and responsible AI use.
    • Data privacy, security, and ethical guardrails.
    • Oversight and accountability for AI‑enabled tools.
  • Partner with data and analytics teams to define standards for data classification, protection, and analytics platform security.
  • Serve as the escalation point for AI‑related risk, misuse, or policy exceptions.
  • Balance security needs with business needs in a manner that ensures safe practices while not prohibiting key components of business objectives.
• Governance, Policy, and Risk Management
  • Own enterprise governance for cybersecurity, physical security, data protection, and AI use within the ECG organization.
  • Develop and maintain policies, standards, and control objectives.
  • Lead or oversee enterprise risk assessments across cyber, physical, data, and AI domains.
  • Align governance practices with recognized frameworks, such as NIST, ISO, and applicable privacy or AI standards.
• Cross‑Functional Leadership and Collaboration
  • Provide strategic oversight into cybersecurity, physical security, and data governance functions (direct or matrixed).
  • Partner closely with IT infrastructure, applications, architecture, data and analytics, HR, legal, and compliance teams.
  • Act as the security, data, and AI-governance authority within IT leadership forums.
  • Promote a culture of responsible innovation that enables progress while maintaining trust and control.
• Investment, Metrics, and Executive Reporting
  • Advise IT leadership on security, analytics, and AI investment priorities.
  • Define and track KPIs and KRIs related to security posture, data governance maturity, and AI risk.
  • Deliver executive‑ready reports on trends, risks, and program effectiveness.
• Incident Preparedness and Oversight
  • Define enterprise‑level strategies for cyber incidents, physical security events, data breaches, and AI misuse scenarios.
  • Ensure leadership readiness for high‑impact incidents.
  • Lead post‑incident strategic reviews focused on systemic improvement and governance maturity.
• Collaboration with Legal and Compliance
  • Partner with SHS and ECG compliance to ensure AI and data governance aligns with regulatory, contractual, privacy, and ethical obligations.
  • Codevelop policies addressing acceptable AI use, intellectual property, confidentiality, and third‑party risk.
  • Support coordinated responses to AI‑related incidents, audits, or regulatory inquiries.

Qualifications

• Bachelor’s degree in information security, computer science, data management, or a related field (or equivalent experience)
• Typically, 7+ years of experience in cybersecurity, risk management, enterprise IT, data governance, or related leadership roles
• Demonstrated experience leading enterprise‑level security strategy and governance
• Strong understanding of:
  • Cybersecurity and physical security principles
  • Data analytics platforms and data protection
  • AI and generative AI risk, governance, and ethical considerations
• Proven ability to communicate complex risk topics to executive audiences

Requirements

• Advanced degree (MBA, MS, or equivalent)
• Relevant certifications such as CISSP, CISM, CRISC, CPP, CDMP, or AI-governance credentials
• Experience supporting cloud‑based, analytics‑driven, and AI‑enabled enterprise environments
• Experience presenting to executive leadership or governance committees
• Experience with Microsoft environments (Azure, Fabric)
• Experience with security products, including but not limited to:
  • Defender
  • Sentinel
  • Purview
  • Entra
  • Azure Web Application Firewall
  • Brivo badging system

Benefits

• Attractive compensation package
• Challenging work
• Entrepreneurial environment where you can take ownership of your career
• Eligible to participate in ECG’s annual incentive compensation program
• Eligible to participate in ECG’s benefit plans, which include:
  • Medical, dental, and vision coverage
  • 401(k) matching program
  • Unlimited PTO
  • Other wellness programs