When you join Hines, you will embark on a career journey fueled by vision and guided by leaders who set the standards of our industry. Our legacy is rooted in innovation and excellence, earning us a spot on Fast Company’s esteemed annual list of the World’s Most Innovative Companies, as well as recognition as one of U.S. News & World Report’s Best Companies to Work For in 2024. Discover endless opportunities to grow and make your mark at Hines.

The Senior Director, Cybersecurity is a strategic leader with hands-on in-the-trenches experience responsible for the design, implementation, and governance of enterprise security solutions across cloud, on-premises, and end-user environments. This role develops and maintains a comprehensive security architecture that protects user devices, collaboration platforms, productivity suites, identity systems, and core infrastructure—ensuring secure, resilient, and compliant security operations for all employees and business units. The Director leads a team of security engineers and architects, drives adoption of modern security frameworks (such as Zero Trust), and partners with IT, business, and compliance stakeholders to embed security into daily operations and technology initiatives, in alignment with various compliance frameworks such as NIST, ISO 27001, SOC 2, SOX, GDPR, CCPA, and internal security policies.

Strategic Responsibilities 

This position will be responsible for four primary functions:

• Security Architecture/Design
• Security Engineering/Implementation
• Security Enforcement/Adherence (Governance)
• Escalated Incident Response (Escalations from Security Operations Center)

Across the following areas:

Cloud & On-Premise

• Microsoft Azure anything related to security
• Microsoft Entra and On-premise Active Directory
• Microsoft M365
• SaaS/In-house applications

Data Protection & Privacy

• Data Loss Prevention (DLP) solutions, encryption (Azure Key Vault, BitLocker), files and folder sharing, and privacy controls (GDPR, CCPA, NIST Privacy Framework)
• Ensure secure handling of user data across devices, cloud storage, and collaboration platforms

Endpoint & Network Security

• Endpoint protection Artic Wolf Aurora, Microsoft Defender, web filtering, and secure email gateway solutions

Securing AI

• Providing a security framework in which to utilize IT for Security and Business operations

Vulnerability Management

• Identifying vulnerabilities and prioritize remediation, patch management, penetration testing, etc.

Application Security /Develop Security Operations

• Strengthening the security posture for the production application and development environments

Identity and Access Management

• Framework of policies and technologies for identifying, authenticating, and controlling user access to applications, systems, and networks

Cyber Threat Intelligence

• Work with the SOC to integrate CTI best practices for threat feeds and mechanisms

Operational Technology

• Partner with various groups to update OT policies

Security Awareness

• Continuously improve the enterprise-wide security awareness and training program to foster a security-first culture among all employees and contractors
• Customize security messaging for diverse audiences, including remote workers, executives, IT staff, and business users, ensuring relevance to current threats and organizational priorities
• Measure program effectiveness through behavioral analytics, participation metrics, and simulated attack results; report findings to leadership and refine strategies accordingly
• Collaborate with HR, IT, and business units to automate onboarding/offboarding training workflows and deliver role-based content
• Promote proactive reporting of suspicious activity and empower users to act as the first line of defense against cyber threats

Minimum Requirements include: 

• Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or related field
• 10+ years of experience in security architecture and engineering, with proven hands-on technical leadership in real estate, finance, or infrastructure-heavy sectors
• Deep security expertise and direct security experience in:
  • Microsoft Entra ID, Conditional Access, Privileged Identity Management (PIM)
  • Azure Security Center, Azure Sentinel (SIEM), Defender for Cloud, Defender for Identity, Defender for Endpoint
  • Azure Key Vault, Azure Policy, Azure Blueprints, Azure RBAC, Azure Firewall, Azure DDoS Protection
  • Azure Virtual Network, Network Security Groups (NSG), Application Gateway, Azure VPN Gateway
  • Azure Monitor, Log Analytics, and integration with Microsoft Intune for device management
  • Secure configuration and hardening of Azure resources, automation with ARM templates and Azure CLI/PowerShell
  • Hands-on Project Example: Led the migration of legacy on-premises applications to Azure, implementing Azure Security Center for unified threat detection, and deploying Azure Policy and Blueprints to enforce compliance across multiple subscriptions. Automated resource provisioning and security baselines using ARM templates and Azure DevOps pipelines
  • Cloud security (Azure): architecture, deployment, and management
  • Identity management (SSO, MFA, RBAC, PAM) and application security
  • Security operations: SIEM, EDR, IDS/IPS, vulnerability management, and incident response
  • Secure configuration and hardening of Windows, Linux, and cloud environments
  • Scripting and automation (Python, PowerShell, Bash) for security operations
• Strategic thinker with deep technical knowledge and hands-on experience in enterprise security architecture and operations
• Strong communication skills to engage with property managers, IT teams, and executive leadership
• Proven leadership in cross-functional environments and vendor management
• Ability to translate complex technical risks into business-aligned decisions
• Demonstrated ability to lead by example, working directly with engineering teams on technical challenges and solutions
• Deep expertise in cybersecurity frameworks and methodologies, including NIST, ISO 27001, and the MITRE ATT&CK framework, with a strong understanding of risk management and compliance requirements
• Proven ability to facilitate high-level discussions, drive consensus among stakeholders, and lead collaborative security solutions across various teams

Preferred Attributes

• Certifications such as CISSP, CISM, CCSP, Azure Security Engineer Associate, SABSA, or equivalent are highly preferred

At Hines, we strive for excellence as a leading global real estate investment manager, driven by our by our belief that real estate is fundamentally about people. Our diverse portfolio spans $93.2 billion¹ of assets across such property types as living, office, retail, mixed-use, logistics and life science projects – all designed to enhance value, connection and inspiration. Our strategic approach integrates local expertise with global knowledge, taking calculated risks aligned with our convictions to exceed expectations and tailor solutions to our clients' needs.

While our projects are renowned for enhancing cities and pioneering sustainable practices, we recognize that the true driving force behind Hines' success is our 5,000 dedicated employees in 30 countries who draw on our 65-year history to build the world forward. This is why we prioritize investing in our people, offering comprehensive training, competitive compensation, robust benefits and generous vacation packages. By centering our focus on the growth and wellbeing of our team, we cultivate an inclusive environment where everyone, including our clients, can thrive.

Hines is proud to be named to Fast Company’s prestigious annual list of the World’s Most Innovative Companies for 2024. ¹Includes both the global Hines organization and RIA AUM as of December 31, 2023.

We are an equal opportunity employer and support workforce diversity.

No calls or emails from third parties at this time please.