Director - Information Security Management

The Opportunity

The Director of Information Security Management will have the opportunity to be accountable to lead and execute all aspects of strategy planning, program and portfolio management, security engineering, performance management, budget management, and provide consulting and advisory services to market sectors on cybersecurity related topics. In this role, the director will support the strategic vision and evolution of a best-in-class cybersecurity and privacy program, partner across functions to drive major security initiatives and programs, effectively communicate program objectives and outcomes, define, and establish acceptable levels of risk tolerance for the organization with continuous risk and compliance management. #LI-NK1 #LI-Hybrid

Key Responsibilities

• Lead and implement IAM program management strategy and governance to ensure alignment with standards and zero trust principles
• Perform other duties as assigned #LI-NK1
• Provide digital product security including threat modeling and security risk management across all stages of the product development life cycle
• Liaises with the enterprise architecture, infrastructure, application, and cloud computing teams to build alignment, thus ensuring that information security requirements are implicit in architecture plans and security is built in by design
• Optimize security functional domains and operations, coordinate the preparation of cybersecurity resiliency plans to respond to cybersecurity and privacy breaches
• Support the CISO in interacting with external counsel, information sharing with industry peers and law enforcement agencies to address IT/OT security trends and incidents
• Assist and manage the cybersecurity capital and operating budget, service provider performance and relationship management
• Drives enterprise wide Information Security roadmaps, priorities, and control execution including future state planning to enhance user experience and secure the digital assets
• Develop and lead risk treatment directives and report on cybersecurity program progress and risk decisions to business stakeholders, as well as the ability to influence across cross-functionally
• Consult and provide support to develop security capabilities and services in partnership with innovation team and market sectors
• Support CISO and provide direct oversight for KPI/KRI development, security effectiveness and efficiency plans, including security transformation function
• Proactively engage across market sectors and enablement functions to assess and implement security best practices and processes to ensure the evolving needs of the organization are addressed based on industry best practices and threat landscape
• Partner and support the CISO as a liaison on cybersecurity and privacy matters, including prioritization of risk remediation, risk quantification, and communication of risk decisions in a way that drives business value
• Monitors regulatory compliance with enterprise security policies and educates business leaders on compliance efforts relative to the Engineering, Procurement and Construction space, IT & OT environments
• Identify, evaluate, and manage innovations, tooling, and technologies to improve the security and compliance program
• Lead solution development and project execution through defined outcomes, coordination, awareness and reporting in an agile way
• Responsible for security technology and portfolio planning, multi-year operational roadmap development and execution, assist in developing security capabilities and processes while striking the right balance between risk management and operational efficiency

Management Responsibilities

Minimum Qualifications

• Strong experience in Zero Trust Architecture and Engineering, Infrastructure, Application, DevSecOps automation, AWS/AZURE/GCP security controls, data security, risk management, IOT/OT, security readiness backed with AI/ML, Identity Access Management, Business resumption and contingency planning, cyber incident, and crisis management, etc.
• Demonstrated experience applying security and risk frameworks, and regulations such as NIST CSF/800-53/800-171, ISO 27001, NERC CIP, CIS, CMMC, OWASP, CSA, etc.
• Bachelor’s degree in Information Security or Information Technology or related field
• All applicants must be able to complete pre-employment onboarding requirements (if selected) which may include any/all of the following: criminal/civil background check, drug screen, and motor vehicle records search, in compliance with any applicable laws and regulations.
• Highly motivated with an exceptional work ethics, problem solving skills, and demonstrated track record of influencing senior leaders and working with peers cross-functionally.
• Minimum 10 years of experience in Information Security leadership role (Director level), as a leader of leaders and teams to drive successful outcomes.
• Up to date and in-depth knowledge of cybersecurity technologies and trends, threat landscape, risk attribution and risk management in a complex global environment.
• One or more security certifications including CISSP, CISM, CIPP, CCSP, CRISC
• Experience managing strategic planning, budgeting, and resource management.
• Must have 8 years of experience in leading and developing global cybersecurity program and execution; product and services development; and risk management.

Preferred Qualifications

• Ability to adapt quickly to shifting priorities, problem solving and decision-making skills with limited information and ambiguity
• Knowledge of current threats and best practices in the Cybersecurity and OT security environments
• Highly motivated individual with the ability to self-start, prioritize, multi-task, and has a "can-do" attitude
• Ability to communicate and work effectively with others, attitude of commitment, accountability, ownership, and follow-through
• Effective at networking, building relationships, solutions and results-oriented with the ability to overcome obstacles, willing to do whatever it takes to deliver a complete solution with quality work product, business mindset and pragmatism
• Experience in managing Global Information Security and Privacy compliance programs
• Excellent written and verbal communication skills, communicate security issues and concepts to technical and non-technical audiences including executives and leadership teams
• This position requires a strong operational leader, a critical thinker, a consensus builder, with proven ability to work at all levels to integrate people, process and technology with strong business acumen and knowledge in Engineering, Procurement and Construction business environment

Work Environment/Physical Demands

• Hybrid Schedule
• Typical office environment

Salary Plan

Job Grade