Position Overview

The IT Director, Information Security, leads the company’s cybersecurity strategy, ensuring data, assets, and operations are protected. Reporting to the VP of IT, this role oversees Security Operations, Governance Risk Compliance, Cybersecurity Infrastructure Design, and IT Business Continuity/Disaster Recovery.

The Director develops and maintains security programs, ensuring compliance with regulations and risk management standards. They collaborate with executives to align cybersecurity with business objectives and communicate risks effectively to senior leadership.

This role requires a strategic leader with expertise in cybersecurity, business management, and risk assessment. The ideal candidate is a consensus builder, capable of integrating people, processes, and technology to strengthen the company’s security posture.

Key Responsibilities:

Strategic Governance

Manage the enterprise-wide cybersecurity strategy to align with business goals.Provide regular security updates to senior leadership and the Board.Lead cybersecurity risk management and ensure cybersecurity is integrated into IT and business processes.Manage cybersecurity budget and resource allocation efficiently.Oversee security training programs to foster awareness across employees and contractors.Build and manage a high-performing cybersecurity team.Foster a culture of security awareness and risk-based decision-making.Serve as the company’s cybersecurity representative for external agencies and industry groups.

Security Operations

Oversee Security Operations, threat intelligence, and incident response.Conduct risk assessments, penetration testing, and security audits.Lead the vulnerability management programPerform threat hunting to proactively find unknown/ advanced threats in the network

Governance, Risk and Compliance

Lead internal and external security audits and drive continuous compliance improvements.Maintain cybersecurity certifications (ISO 27001, SOC 2).Ensure adherence to cybersecurity regulations (CMMC, NIST 800-171, GDPR, ITAR).Maintain security policies and frameworks (NIST, ISO 27001, etc.) to ensure compliance with regulations (CMMC, GDPR, ITAR).Collaborate with vendors and partners to enforce cybersecurity requirements.

Cybersecurity Infrastructure Design

Liaises with the enterprise architecture team to build alignment between the security and enterprise (reference) architectures, ensuring that cybersecurity is built in by designSecure critical data, intellectual property, and enterprise systems.Strengthen cloud security and protect job site digital assets.Define cybersecurity controls for IT infrastructure.

IT Business Continuity Disaster Recovery

Oversee a comprehensive Business Continuity Plan and Disaster Recovery strategy to ensure organizational resilience and protect critical systems and data.Collaborate with departments to develop, document, and test continuity plans.Establish recovery objectives (RTOs/RPOs) and ensure robust DR capabilities.Ensure DR plans align with cybersecurity, cloud computing, and data protection best practices.Monitor and assess emerging risks that could impact business operations.Lead crisis management efforts during real-world incidents, ensuring timely communication and coordination.