Director of Cybersecurity (PTX51826)

About Realmanage

RealManage is one of the largest and fastest-growing community association management companies in the United States, serving homeowner associations, condominium communities, master-planned developments, and mixed-use properties nationwide. Our proprietary technology platform, CiraNet, powers every dimension of community operations, from financials and communications to service delivery and compliance, setting the standard for transparent, tech-enabled management. We are entering a transformative chapter, investing aggressively in AI and intelligent automation to redefine how communities are managed at scale.

The Opportunity

We are seeking a Director of Cybersecurity to build and lead RealManage's enterprise security program. This role blends strategic program leadership with hands-on operational ownership, responsible for strengthening our security posture, advancing our compliance maturity, and laying out the roadmap that aligns RealManage to a common, recognized security framework.

You will start as a senior individual contributor, partnering closely with the VP of Cloud Engineering and broader Technology & Product leadership to assess our current state, recommend the right framework direction (such as NIST CSF, ISO 27001, SOC 2, CIS Controls, or a blended approach), and execute the work to get there. As the program matures and the roadmap demands additional capacity, you will hire and lead a growing team.

The right leader is a player-coach who can sit at the executive table one hour and review IAM policies, cloud configurations, or incident playbooks the next. You bring deep operational fluency across cloud security, identity, and incident response, paired with the program-management discipline to drive a multi-year compliance and maturity journey.

What You Will Do

Security Strategy & Roadmap

• Assess RealManage's current security posture, identify gaps, and recommend the right common framework direction (NIST CSF, ISO 27001, SOC 2, CIS Controls, or a blended approach) to align our program against.
• Build a multi-year cybersecurity roadmap with clearly defined milestones, control objectives, and measurable outcomes.
• Translate framework requirements into prioritized, funded workstreams with executive sponsorship and clear business alignment.
• Establish security policies, standards, and governance structures that scale with RealManage's growth and M&A activity.
• Present security strategy, risk posture, and program progress to the executive leadership team and the Board.
  
  

Compliance & Risk Management

• Own RealManage's compliance program, with primary focus on PCI DSS for resident and board payment data and SOC 2 / SOX-style control attestations.
• Lead audit readiness, evidence collection, and remediation across in-scope systems, applications, and third-party processors.
• Build and maintain a risk register, vendor risk management program, and exception process that gives leadership clear visibility into residual risk.
• Establish data protection standards aligned with applicable U.S. state privacy laws and HOA-specific data handling and fiduciary obligations.
• Partner with Legal, Finance, and Internal Audit to ensure security controls integrate cleanly with enterprise risk and compliance functions.
  
  

Cloud Security & Platform Hardening

• Drive secure-by-default patterns into the cloud platform in partnership with the VP of Cloud Engineering and platform teams.
• Implement and tune cloud security posture management, vulnerability management, and continuous compliance monitoring.
• Embed security into CI/CD pipelines and SDLC practices without slowing engineering delivery velocity.
• Address emerging risks tied to AI and intelligent automation, including model and data protection, prompt injection, and securing AI agents and service identities in production.
  
  

Incident Response & Security Operations

• Build and operate the incident response program, including playbooks, tabletop exercises, on-call rotations, and post-incident review processes.
• Stand up detection and response capabilities, whether fully in-house, through MSSP partnership, or a hybrid model, with clear SLAs and operating metrics.
• Lead threat hunting, log analysis, and continuous monitoring across cloud, endpoint, and SaaS surfaces.
• Serve as the primary point of escalation for security events, coordinating cross-functional response and external notifications when required.
  
  

Identity & Access Management

• Lead the enterprise IAM strategy, including SSO, MFA, privileged access management, and zero-trust principles.
• Roll out and continuously improve identity hygiene across employees, contractors, and integrated partners.
• Establish re.ole-based access controls, least-privilege standards, and joiner/mover/leaver processes that satisfy both audit and operational requirements.
• Secure machine identities, service accounts, and AI agent credentials as the platform and its automation footprint scale
  
  

Talent, Culture & Awareness

• Start as a hands-on individual contributor, then build, attract, and retain a high-caliber security team as the program and roadmap grow.
• Champion security awareness across the organization, including phishing simulations, role-based training, and clear security guidance for engineering and operations teams.
• Foster a culture where security is a shared responsibility rather than a gate, partnering with engineering, product, and operations teams to make secure choices the easy choices.
• Manage security tooling budgets, vendor relationships, and ROI for the cybersecurity portfolio.
  
  

Disclaimer

This description is not intended to be an exhaustive list of duties. The employee may perform other duties as assigned to meet the ongoing needs of the organization. Reasonable accommodations may be made to enable qualified individuals to perform the essential functions of this position