Chief Information Security Officer

This CISO will lead and operationalize cybersecurity across a diverse and decentralized enterprise. This is a hands-on leadership role ideal for a seasoned cybersecurity leader with experience in maturing programs, establishing process discipline, and driving alignment across multiple business units.

Reporting to the VP IT, the CISO will be responsible for standing up and scaling a modern cybersecurity program — from policy development and risk management to security operations and compliance. The successful candidate will bring a pragmatic, business-aligned approach to cybersecurity while championing the adoption of Zero Trust architecture across the enterprise.

Key Responsibilities

Program Development & Execution

• Build and implement a foundational cybersecurity program across a multi-business unit enterprise with varying levels of maturity and technology adoption.
• Establish core processes, governance models, and controls to drive consistency and visibility across the organization.
• Develop an actionable roadmap for short-, mid-, and long-term cybersecurity initiatives, including tooling, process, and capability development.

Zero Trust Strategy & Implementation

• Lead the assessment and phased implementation of Zero Trust principles, including identity, device, application, and network security.
• Partner with IT and business unit teams to modernize access controls, segmentation, and authentication mechanisms.

Security Operations

• Stand up and lead security operations processes including monitoring, threat detection, incident response, and vulnerability management.
• Oversee or partner with vendors for SIEM, endpoint protection, penetration testing, and incident response services.
• Manage day-to-day operational execution of cybersecurity tools, alerts, and incident handling.

Governance, Risk & Compliance

• Develop and enforce cybersecurity policies, standards, and procedures that align with regulatory frameworks (e.g., NIST, SOX, CMMC).
• Conduct security risk assessments across business units and coordinate remediation efforts.
• Support internal and external audits, ensuring documentation and evidence of controls are maintained.

Business Partnership & Enablement

• Collaborate closely with IT, legal, compliance, HR, and operations leaders to ensure cybersecurity supports business operations, rather than hindering them.
• Serve as a trusted advisor to business unit IT leads, helping them implement consistent security practices without disrupting workflows.
• Lead security awareness and training efforts across the company.

Vendor & Tool Management

• Evaluate and recommend cybersecurity tools and service providers to support operational effectiveness and strategic goals.
• Manage existing relationships with MSSPs and other third-party vendors.

Qualifications

• 8–12 years of cybersecurity experience, with a minimum of 3–5 years leading security programs in a mid-to-large enterprise setting.
• Demonstrated experience standing up or significantly maturing a cybersecurity function — ideally in a decentralized or multi-entity environment.
• Deep understanding of Zero Trust concepts and how to implement them in legacy and modern IT environments.
• Experience with leading security platforms and tools such as Tenable, LogRhythm, SentinelOne, Microsoft Defender, Abnormal Security, and Varonis is highly desirable.
• Strong working knowledge of security frameworks (e.g., NIST CSF, ISO 27001, CMMC).
• Experience managing or overseeing security operations, including detection, response, and vulnerability management.
• Proven ability to communicate and collaborate effectively across technical and business audiences.
• Bachelor's degree in information security, Computer Science, or a related field required; advanced degree or MBA a plus.
• Industry certifications such as CISSP, CISM, or similar strongly preferred.