Director of IT, Information and Systems Security

The Director of IT, Information and Systems Security takes accountability for the delivery of all digital security within the company, championing the information security agenda, and ensuring that the digital security capability is aligned with the company's business strategy. S/he establishes and maintains the enterprise vision, digital security framework, strategy, and program to ensure information assets, control systems and technologies are adequately protected. The Director of ITInformation and Systems Security develops and delivers a world class security strategy that draws on active threat intelligence and continually adapts to the changing threat landscape and business goals. S/he is responsible for all aspects of the organization's information technology, services, and Systems. 

The Director of IT, Information and Systems Security will perform the following duties in a safe, productive, and effective manner:

• Develops the overall security strategy for both IT and OT security by identifying risks with appropriate responses
• Develops credible business cases for security projects and manages the security budget
• Establishes IT department goals, objectives, and operating procedures 
• Builds and leads a virtual OT security team from various business functions where dedicated resources are needed to make a credible business case to grow a team
• Oversees and guards the welfare of the enterprise IT infrastructure
• Defines an audit and compliance program and reduces audit findings
• Develops and maintains professional business relationships with corporate executives and strategic business unit (SBU) managers to stay informed of business decisions and issues that impact their success
• Develops and maintains a solid relationship with vendors and service providers.  Reviews their value on on-going basis and maintains competent service agreements to ensure against critical outages or loss of data
• Builds and manages excellent customer relationships in support of sales and contractual (cyber) compliance activities.
• Negotiates with vendors on behalf of the company to ensure cost-effective purchasing decisions
• Ensures continuous delivery of IT services through oversight of service level agreements with end users and monitoring of IT systems performance
• Protects the corporation's electronic data; directs the implementation and backup systems to ensure low risk of data loss.
• Directs development and execution of an enterprise-wide disaster recovery and business continuity plan
• Ensures IT system operations adhere to applicable laws and regulations
• Manages multiple projects and competing agendas 
• Supervises, trains, evaluates, and develops direct reports.  Ensures support managers within area of responsibility also supervise, train, evaluate and develop their direct reports
   

• BS/BA focusing on Cybersecurity or related field or an equivalent combination of education and experience of 10 or more years
• Substantial experience at a mid-sized company (or better) managing information systems that includes ERP systems, networked users and their associated applications and supporting systems
• Must be able to travel by automobile or airplane to implement conduct business meetings, review performance audits, etc. 

Certifications: 

• ITIL Foundation Certification
• CISM - Certified Information Security Manager, preferred
• CISSP - Certified Information Systems Security Professional, preferred
• CISA - Certified Information Security Auditor, preferred 
• ITIL Intermediate Certification, preferred 

The following competencies are needed to successfully perform this job:

• Possess a highly respected and well-networked relationship in the cyber industry, particularly the industrial construction sector
• Possess a proven track record of devising, delivering, and overseeing innovative cyber security programs to senior stakeholders, including maintaining technical strategy and budget
• Ability to present ideas in business-friendly and user-friendly language
• Ability to develop business case justifications and cost/benefit analyses for IT spending and initiatives
• Ability to motivate in a team-oriented, collaborative environment
• Ability to evaluate and communicate risks associated with IT investments
• Ability to expertly analyze problems to determine root causes and determine the best course of action for effective resolutions
• Strong knowledge of the construction or related industry and ability to advise senior decision makers in Information and cyber security related matters and support business strategy
• Proven experience in the management of diverse stakeholders and complex IT projects; ensuring cost efficient operation of developed systems
• Excellent written and oral communications skills to communicate effectively at all levels of the company
• Outstanding organizational and communication skills