Full-time
Global Chief Information Security Officer - Black & Veatch - Overland Park, KS

Senior director level leader responsible for maintaining and advancing the corporate-wide, global information risk and security management program and organization. Reporting to the CIO, the Global Chief Information Security Officer (CISO) partners with all functional leadership to
direct the strategic vision for, and lead the evolution of a shared vision for a “best in class” global information security program to ensure information assets are adequately protected. Responsibilities include identifying, evaluating, protecting against and reporting on information security risks globally in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise.

Proactively works with business units to implement techniques that meet defined policies and standards for information security. Oversees a variety of IT –related risk management activities including Information Security, Cyber Security, Data Governance, Data Protection and various Compliance requirements. Serves as the process owner of all ongoing activities related to the availability, integrity and confidentiality of customers, business partners, employees and business information in compliance with the organization’s information security policies.

Principal Duties and Responsibilities:IT Risk Assessment:
Chair of committee that brings together key security and risk stakeholders to develop and review enterprise security and risk strategies Directs the strategic vision for and leads the evolution of the Company's global information security program. Ensures completion of company-wide information security strategy and action plans based on risk assessment and gap analysis. Understands the trade-offs required to manage the different levels of risk tolerance and risk exposure across the organization and balances this with risk assessments. Understands potential and emerging information security threats, vulnerabilities, and control techniques and ensures communication of this information to appropriate professionals occurs on a timely basis. Develops and directs technical teams in the investigation and resolution of complex privacy and security problems. IT / Business Risk Management:
Develops, implements and monitors a strategic, comprehensive enterprise information security and risk management program to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the organization. Advise the Executive Committee and Board of Directors on risk issues that are related to information security and recommend actions in support of the company’s wider risk management program, as appropriate. Management of system technology to support information and security requirements. Manages project timelines, deliverables and information requests for all functions within IT Security. Responsible for committee ownership that brings together key security and risk stakeholders to develop and review enterprise security and risk strategies Works with Legal Counsel and Human Resource counterparts relative to difficult privacy and security issues. Creates an information security awareness program to customize communication tools and campaigns for the various business units. IT Standards, Procedures, and Policies Formulation:
Directs the development, publication and maintenance of comprehensive information security standards, policies, procedures and guidelines. Monitors information security trends and evolving technologies; keeps senior leadership informed about related information security issues and implications for the company. Sets usage and security policies for information sharing on internal and external platforms. Ensures the establishment and maintenance of technical computer and network security systems and protocols IT Continuity Management and Disaster Recovery:
Acts as the primary corporate control point during follow-up on significant information security incidents, oversees development of response plans and provides timely update reporting. Supports the strategic vision and evolution of a best in class disaster recovery program for critical IT assets. Engineering/Procurement/Construction:
Monitors regulatory compliance with enterprise security policies and educates business leaders on compliance efforts relative to the EPC space. Writes and assists others in writing various types of policies and procedures in order to maintain proper compliance relative to industry information security and privacy. Supervisory Responsibility:
Direct management of IT Information Security Team. Indirect management of 3rd party information security, disaster recovery, and business continuity teams. Senior Leadership responsibility within the Office of the CIO Minimum Qualifications:
Experience: 10-15 years’ experience leading the information security system office and applying information security, risk management and privacy practices in the Engineering, Procurement and Construction industry.
Minimum of 10 years practical experience designing and implementing enterprise information technology security required. Education: Bachelor degree in CS or MIS, or equivalent experience required, MBA with emphasis in MIS, or Business administration a strong plus. Security accreditations including CISSP, CISM, and CIPT.

Contact Compensation All applicants must be able to complete pre-employment onboarding requirements (if selected) which may include any/all of the following: criminal/civil background check, drug screen, and motor vehicle records search, in compliance with any applicable laws and regulations.

Preferred Job Qualifications:
This position requires a visionary leader with strong business acumen and a detailed working knowledge of information security technologies, practices, policies, and their application in a global Engineering, Procurement and Construction market. The successful candidate must be highly knowledgeable about the Engineering, Procurement and Construction business environment and must ensure that information systems are maintained in a fully functional, secure mode. The ideal candidate is a thought leader, a consensus builder, and an integrator of people, process and technology. This role is ultimately a business leader and should have a track record of competency in the field of information security with direct experience in a significant leadership role. A demonstrated track record and capability of “Board-level discussion” on the enterprise Risk and Information strategy and position is a must. Excellent written and verbal communications skills with proven experience presenting to board-level executives and leadership teams with the ability to communicate security and risk-related concepts to technical and non-technical audiences Experience leading a security practice across global teams based in Europe, Asia, and the United States Strong demonstrated knowledge of technologies including network, server, desktop, storage, and how security relates to the overall IT environment Experience with information disaster recovery planning and testing, auditing, risk analysis, business system resumption and contingency planning and data privacy. Business system continuity planning, auditing and risk management experience as it relates to information security Extensive experience in strategic planning, budgeting and allocation Very strong business analysis skills, problem solving techniques, and follow-up

Apply for this job  or Save to My Jobs

Around the Network