Director - Cybersecurity & Chief Information Security Officer
BH-288955
Posted: 17/12/2024
- Competitive
- United States Texas Houston
- Permanent
-
IT
Job Description
Primary Purpose: A Leading energy infrastructure company, is seeking an experienced and strategic Chief Information Security Officer (CISO) to join their mission-driven and innovative organization. The CISO will be responsible for creating and managing an enterprise-wide cybersecurity program, playing a crucial role in safeguarding Sempra Infrastructure's critical information assets and infrastructure, as well as enabling secure digital transformation.
Key Responsibilities:
• Strategy & Risk Management:
• Develop and implement a robust information security strategy and program aligned with organizational objectives and regulatory requirements.
• Assess and manage cybersecurity risks across the organization's digital infrastructure, networks, and sensitive data.
• Implement risk mitigation strategies and ensure regular risk assessments and audits.
• Oversee security operations, including incident response, threat intelligence, and vulnerability management.
• Lead the organization's response to cybersecurity incidents and breaches, ensuring quick recovery and minimal impact.
• Oversee the selection and implementation of appropriate security technologies.
• Manage the security aspects of the company's digital transformation initiatives, including cloud adoption, OT, and IoT integration.
• Brief the board of directors on the cybersecurity program and develop metrics to show measurable impact and progress.
• Stay informed on emerging threats, technologies, and regulatory requirements in the energy sector.
• Governance, Risk & Compliance (GRC) & Security Awareness:
• Establish and enforce security policies and procedures that comply with relevant legal, industry standards, regulations, and best practices (e.g., NERC CIP, ISO/IEC 27001).
• Drive security awareness and training programs for employees at all levels.
• Oversee the business continuity and resiliency plan in collaboration with the CIO and other business leaders.
• Leadership & People Management:
• Lead and mentor the cybersecurity team, fostering a culture of security awareness and continuous improvement.
• Develop, attract, and retain top talent for high performance and agility.
• Create a work climate that values diversity, promotes teamwork, and emphasizes quality, customer satisfaction, creativity, continuous improvement, and cost-effectiveness.
• Collaboration & Communication:
• Collaborate with executive leadership, including the CIO, and business unit leaders to ensure security initiatives support overall company goals.
• Integrate cybersecurity into business processes and decision-making.
• Work closely with IT, operations, and other departments to ensure a cohesive approach to cybersecurity.
• Engage with vendors and external stakeholders to maintain and integrate security standards into all projects and processes.
• Serve as the liaison for collaboration and interaction with local and federal law enforcement agencies.
• Additional Duties:
• Perform other duties as assigned (no more than 5% of duties).
Qualifications
Required Qualifications:
• Education: Bachelor's degree in Computer Science, Information Security, Cybersecurity, or a closely related field, or equivalent related experience.
• Experience: 15 years of progressive experience in information security roles, with at least 5 to 7 years in a senior management role within a large, complex organization, preferably in the energy sector or related industries.
• Cybersecurity Practices and Technologies: Deep understanding of the latest cybersecurity technologies, practices, and methodologies, including intrusion detection systems, firewalls, anti-virus software, data encryption, and other industry-standard techniques and practices. Knowledge of emerging technologies and their security implications (e.g., AI, IoT, cloud computing).
• Critical Infrastructure: Experience in managing security for critical infrastructure and operational technology (OT) environments.
• Regulatory Compliance: Extensive knowledge of relevant standards and regulations such as GDPR, NERC CIP, ISO/IEC 27001, and NIST frameworks, including specific regulatory requirements applicable to the energy sector.
• Information Technology Systems: Broad knowledge of IT systems and architectures, with a strong grasp of cloud security, network security, and data security solutions.
• Crisis Management and Incident Response: Experience in crisis management and incident response.
• Strategic Planning: Strategic thinker with the ability to align security initiatives with business objectives. Proven track record of developing and implementing successful cybersecurity strategies in large, complex organizations.
• Analytical Skills: High-level analytical skills to assess security systems, foresee potential vulnerabilities, and devise strategies to mitigate risks.
• Communication: Excellent verbal and written communication skills, capable of clearly explaining complex security risks and strategies to stakeholders at all levels, including non-technical audiences.
• Leadership and Team Management: Demonstrated leadership ability to guide and inspire a team of security professionals, fostering a culture of continuous improvement and proactive security posture.
Preferred Qualifications:
• Education: Master's degree in Computer Science, Computer Information Systems Engineering, Business, or a related discipline, MBA, or equivalent training and/or experience.
• Language Skills: Bilingual (English/Spanish) highly desirable.
• Certifications:
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Chief Information Security Officer (CCISO)
• Other relevant industry certifications such as CompTIA Security+, GIAC Security Essentials, or Certified Information Systems Auditor (CISA)
Work Schedule:
• Hybrid: Work a combination of onsite and remote days each week, typically 3 days per week onsite.
With over 90 years' combined experience, NES Fircroft (NES) is proud to be the world's leading engineering staffing provider spanning the Oil & Gas, Power & Renewables, Chemicals, Construction & Infrastructure, Life Sciences, Mining and Manufacturing sectors worldwide. With more than 80 offices in 45 countries, we are able to provide our clients with the engineering and technical expertise they need, wherever and whenever it is needed. We offer contractors far more than a traditional recruitment service, supporting with everything from securing visas and work permits, to providing market-leading benefits packages and accommodation, ensuring they are safely and compliantly able to support our clients.
Primary Purpose: A Leading energy infrastructure company, is seeking an experienced and strategic Chief Information Security Officer (CISO) to join their mission-driven and innovative organization. The CISO will be responsible for creating and managing an enterprise-wide cybersecurity program, playing a crucial role in safeguarding Sempra Infrastructure's critical information assets and infrastructure, as well as enabling secure digital transformation.
Key Responsibilities:
• Strategy & Risk Management:
• Develop and implement a robust information security strategy and program aligned with organizational objectives and regulatory requirements.
• Assess and manage cybersecurity risks across the organization's digital infrastructure, networks, and sensitive data.
• Implement risk mitigation strategies and ensure regular risk assessments and audits.
• Oversee security operations, including incident response, threat intelligence, and vulnerability management.
• Lead the organization's response to cybersecurity incidents and breaches, ensuring quick recovery and minimal impact.
• Oversee the selection and implementation of appropriate security technologies.
• Manage the security aspects of the company's digital transformation initiatives, including cloud adoption, OT, and IoT integration.
• Brief the board of directors on the cybersecurity program and develop metrics to show measurable impact and progress.
• Stay informed on emerging threats, technologies, and regulatory requirements in the energy sector.
• Governance, Risk & Compliance (GRC) & Security Awareness:
• Establish and enforce security policies and procedures that comply with relevant legal, industry standards, regulations, and best practices (e.g., NERC CIP, ISO/IEC 27001).
• Drive security awareness and training programs for employees at all levels.
• Oversee the business continuity and resiliency plan in collaboration with the CIO and other business leaders.
• Leadership & People Management:
• Lead and mentor the cybersecurity team, fostering a culture of security awareness and continuous improvement.
• Develop, attract, and retain top talent for high performance and agility.
• Create a work climate that values diversity, promotes teamwork, and emphasizes quality, customer satisfaction, creativity, continuous improvement, and cost-effectiveness.
• Collaboration & Communication:
• Collaborate with executive leadership, including the CIO, and business unit leaders to ensure security initiatives support overall company goals.
• Integrate cybersecurity into business processes and decision-making.
• Work closely with IT, operations, and other departments to ensure a cohesive approach to cybersecurity.
• Engage with vendors and external stakeholders to maintain and integrate security standards into all projects and processes.
• Serve as the liaison for collaboration and interaction with local and federal law enforcement agencies.
• Additional Duties:
• Perform other duties as assigned (no more than 5% of duties).
Qualifications
Required Qualifications:
• Education: Bachelor's degree in Computer Science, Information Security, Cybersecurity, or a closely related field, or equivalent related experience.
• Experience: 15 years of progressive experience in information security roles, with at least 5 to 7 years in a senior management role within a large, complex organization, preferably in the energy sector or related industries.
• Cybersecurity Practices and Technologies: Deep understanding of the latest cybersecurity technologies, practices, and methodologies, including intrusion detection systems, firewalls, anti-virus software, data encryption, and other industry-standard techniques and practices. Knowledge of emerging technologies and their security implications (e.g., AI, IoT, cloud computing).
• Critical Infrastructure: Experience in managing security for critical infrastructure and operational technology (OT) environments.
• Regulatory Compliance: Extensive knowledge of relevant standards and regulations such as GDPR, NERC CIP, ISO/IEC 27001, and NIST frameworks, including specific regulatory requirements applicable to the energy sector.
• Information Technology Systems: Broad knowledge of IT systems and architectures, with a strong grasp of cloud security, network security, and data security solutions.
• Crisis Management and Incident Response: Experience in crisis management and incident response.
• Strategic Planning: Strategic thinker with the ability to align security initiatives with business objectives. Proven track record of developing and implementing successful cybersecurity strategies in large, complex organizations.
• Analytical Skills: High-level analytical skills to assess security systems, foresee potential vulnerabilities, and devise strategies to mitigate risks.
• Communication: Excellent verbal and written communication skills, capable of clearly explaining complex security risks and strategies to stakeholders at all levels, including non-technical audiences.
• Leadership and Team Management: Demonstrated leadership ability to guide and inspire a team of security professionals, fostering a culture of continuous improvement and proactive security posture.
Preferred Qualifications:
• Education: Master's degree in Computer Science, Computer Information Systems Engineering, Business, or a related discipline, MBA, or equivalent training and/or experience.
• Language Skills: Bilingual (English/Spanish) highly desirable.
• Certifications:
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Chief Information Security Officer (CCISO)
• Other relevant industry certifications such as CompTIA Security+, GIAC Security Essentials, or Certified Information Systems Auditor (CISA)
Work Schedule:
• Hybrid: Work a combination of onsite and remote days each week, typically 3 days per week onsite.
With over 90 years' combined experience, NES Fircroft (NES) is proud to be the world's leading engineering staffing provider spanning the Oil & Gas, Power & Renewables, Chemicals, Construction & Infrastructure, Life Sciences, Mining and Manufacturing sectors worldwide. With more than 80 offices in 45 countries, we are able to provide our clients with the engineering and technical expertise they need, wherever and whenever it is needed. We offer contractors far more than a traditional recruitment service, supporting with everything from securing visas and work permits, to providing market-leading benefits packages and accommodation, ensuring they are safely and compliantly able to support our clients.