Director, Cyber Defense

** ABOUT THE DEPARTMENT
** The University of Southern California (USC) is advancing its cybersecurity posture with a renewed focus on resilience, cyber risk management, and threat-informed defense. As a world-class research institution, USC is building a culture of security that supports its academic and research mission in a rapidly evolving threat landscape.

This role sits within a newly restructured cybersecurity organization that’s leading this transformation. You’ll join a team focused on scalable, proactive defense strategies, incident preparedness, and operational excellence—working alongside experts who are deeply committed to service, innovation, and impact.

If you’re driven by purpose, thrive in complexity, and want to help shape the future of cybersecurity at a leading university, we invite you to bring your leadership to the table.
** POSITION SUMMARY
** As the Director, Cyber Defense, you will be an integral leader of the cybersecurity department, collaborating with stakeholders across the university ecosystem and reporting to the Chief Information Security Officer. This is a full-time exempt position, eligible for all of USC’s fantastic Benefits + Perks. This opportunity is hybrid.

The Director, Cyber Defense provides strategic leadership and operational oversight for the Cyber Defense program, ensuring alignment with the university’s cybersecurity objectives and enterprise risk posture. The role is accountable for incident response, security monitoring, cyber threat intelligence, attack surface and vulnerability management, and coordination with managed security service providers. The Director leads the continued evolution and maturation of a threat-informed defense program and serves as a key advisor to executive leadership during high-impact cyber incidents.

This role supports a complex, multi-environment ecosystem, including cloud, SaaS, IoT/OT, research, and academic environments. The Director partners closely with data governance, privacy, and IT leaders across Departments, Schools, and Units, providing consistent Cyber Defense services and technical leadership to ensure a high-performing Cyber Defense team. The role also oversees managed services (SLM, SOC, and IR) and third-party provider relationships.

The
** Director, Cyber Defense
** will:
* Provides oversight, guidance, and direction for the Cyber Defense program. Directs and executes the Cyber Defense strategy, ensuring alignment with the university's cybersecurity objectives. Provides expertise and understanding of all aspects of the Cyber Defense landscape, working with executive leadership to expand and enhance the Cyber Defense footprint. Identifies opportunities for enhanced coverage of threat intelligence and security monitoring. Provides informed recommendations to senior leadership regarding the university's security monitoring and incident response strategy.

Leads the development of threat informed defense practices including adversary emulation, purple teaming, and threat modeling to ensure detection and response capabilities are aligned to the current threat landscape.
* Serves as a key member of the university’s cyber crisis response team, providing briefings to executive leadership, participating in tabletop exercises, and supporting legal and reputational risk management during major incidents. Oversees the Incident Response (IR) program, ensuring alignment with the university's IR Plan. Reviews the status of Level 2 and Level 3 risks and maintains high-level monitoring of all IR activities.

Defines security monitoring expectations and goals in alignment with the university's cybersecurity strategy. Approves or coordinates approval for security monitoring policies, procedures, standards, and roles, as needed. Ensures proper involvement of legal, compliance, and regulatory stakeholders in addressing forensics issues and risks (e.g., Legal, Compliance, General Counsel).
* Manages vendor contractual commitments, Service Level Agreements (SLAs), and performance. Oversees the integration of university associates with managed security service providers. Reviews ongoing status updates from the Cyber Defense and ASM…