We are now looking to appoint an Information Security (InfoSec) Director who will play a critical role in leading and spearheading Information Security, Cybersecurity, Technology Risk Management and Compliance across Information Technology (IT) and Operational Technology (OT).
As InfoSec Director you will collaborate closely with OT, IT, and business stakeholders at all levels across our Water, Wastewater, and Natural Gas sectors, with this role tasked with ensuring the development, implementation and operation of programs, capabilities, governance, and policies that enable the organization to innovate and operate efficiently while effectively managing cyber risks and ensuring compliance with regulatory requirements.
Key accountabilities include:
- Functioning as the strategic leader for Information Security, Cybersecurity, Compliance and Privacy, acting as a subject matter expert responsible for strategy, standards, policies, and control frameworks.
- Direct and provide a strategic risk management vision to effectively secure the business while supporting innovation and execution.
- Experience developing multi-year strategic roadmaps addressing the threat and compliance landscapes for both IT and OT/ICS/SCADA.
- Ensuring alignment with regulatory compliance obligations and emerging cybersecurity standards.
- Foster an enterprise-wide culture of security awareness for both IT and OT.
- Oversees and manages the teams and functions for Security Operations & Engineering, Governance Risk and Compliance (GRC), Identity & Access Management, and SAP Security.
- Ensure operation and continuous improvement of capabilities for vulnerability management, threat management, and incident response.
- Engage with regulators and industry groups on topics related to cybersecurity in critical infrastructure.
The ideal candidate will possess strong technical expertise in environments with large, complex, and distributed technology environments with experience in enterprise IT and OT, with regulated utilities experience preferred. Ability to communicate with both technical teams and executive leadership appropriately, with effective stakeholder management at all levels.
Required Experience, Education, Licenses, and Certifications:
- Minimum of 10 years leadership role in technology with at least five having direct responsibility for Information Security programs and strategy management.
- B.S. or equivalent degree in Computer Science, Engineering, Information Sciences & Technology, Information Assurance, or related field.
- Certifications: CISSP and CISM strongly preferred with other advanced certifications (e.g. GCIH, CRISC, GRID, GICSP, CISA, ISSMP/ISSEP/ISSAP, etc.) considered a plus.
- Expert in cyber risk management, knowing how to effectively use both qualitative and quantitative approaches, and ability to define effective risk treatment strategies.
- Experience effectively leveraging security frameworks, guidance and best practices including NIST CSF, CIS Critical Security Controls, CIS Benchmarks.
- Experience with critical industrial operations including SCADA/ICS, with utilities industry experience preferred.
- Expert level knowledge of security technologies, functions and services including Threat Intelligence, Security Operations Centers, SIEM, Firewall Engineering, Network Security, Authentication, EDR/Anti-Malware, Encryption, PKI, Forensics, Intrusion Detection and Prevention.