What are the responsibilities and job description for the Director Cyber Security position at New-Indy Containerboard?
Job Details
Who We Are:
📦 New-Indy—Where Innovation Meets Opportunity! 🚀
New-Indy is an independent, privately-owned manufacturer and supplier of corrugated boxes, recycled containerboard and virgin linerboard in the industrial packaging industry. Founded as a joint venture between The Kraft Group and Schwarz Partners LP, New-Indy was built on a bold vision—to be the newest independent leader in sustainable packaging solutions.
We invest in our people with industry-leading training, career development programs, and growth opportunities designed to build long-term success. If you’re a self-starter, passionate about making a difference, and ready to grow with a company that’s shaping the future of packaging, we want to hear from you!
New-Indy Containerboard (NICB) is seeking a transformational Director, Enterprise Security & Operations responsible for architecting, developing and implementing effective security strategies and protocols to protect the company against threats, theft, vandalism and other information and operational security risks, while directing and overseeing end-user support operations and overall service management to achieve organizational goals. This involves relentless pursuit of operational excellence by seamlessly converging the two critical domains of NICB’s IT/OT Infrastructure: Security Operations (SecOps) and IT Operations (ITOps), while routinely conducting risk assessments and benchmarks, identifying vulnerabilities, trends and gaps devising appropriate and reasonable measures to improve NICB’s overall security posture, in conjunction with the integration of existing siloed IT support operations across all containerboard mills and packaging plants to improve effectiveness of IT/OT operations services provided on a 24x7x365 basis.
This newly created role will be collaborating with all NICB Enterprise IT/OT Teams on architecture and engineering of solutions, hardware and software standards, service portfolios and catalogue’s management, defining and governing policies to ensure consistency of security mechanisms and critical process across the organization, such as Asset Management (CMDB, DCIM), Service Management (ITSM), Identity & Access Management to effectively control data’s and network’s access to employees, contractors, and 3rd party providers across all NICB’s IT/OT Infrastructure.
To ensure success, the ideal candidate should have in-depth knowledge of complex manufacturing environments, IT & OT landscapes and their convergence, solid experience running IT Operations and Support Teams, and excellent organizational change management skills to enable the integration of these traditional silos. The candidate should be driven to understand all aspects of NICB’s businesses and vested in the success of both New-Indy IT and OT in supporting the individual sites, driving risk mitigation and cyber security best practices, and protecting the company's data.
Responsibilities – Security
• Manage all resources, including leadership support, financial resources, key security personnel and critical partner(s) teams, to support information technology (IT/OT) security goals and objectives and reduce overall organizational risk.
• Advise senior management on risk levels and security posture.
• Advise appropriate senior leadership or Authorizing Official of changes affecting the organization's cybersecurity posture.
• Collect and maintain data needed to meet system cybersecurity reporting (e.g., insurers).
• Communicate the value of information technology (IT) and operational technology (OT) security throughout all levels of the organization stakeholders.
• Ensure that security improvement actions are evaluated, validated, and deployed as required.
• Ensure that cybersecurity inspections, tests, and reviews are coordinated for the network environment.
• Ensure that cybersecurity requirements are integrated into the continuity planning for that system and/or organization(s).
• Evaluate and approve development efforts to ensure that baseline security safeguards are appropriately installed.
• Identify alternative information security strategies to address organizational security goals.
• Identify information and operational technology (IT/OT) security program implications of new technologies or technology upgrades.
• Interpret patterns of noncompliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise's cybersecurity program.
• Manage the monitoring of information security data sources to maintain organizational situational awareness.
• Oversee the information security training and awareness program.
• Lead information & network security risk assessments.
• Lead the development or modification of the computer environment cybersecurity program plans and requirements.
• Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations.
• Provide system-related input on cybersecurity requirements to be included in statements of work and other appropriate procurement documents.
• Recognize a possible security violation and take appropriate action to report the incident, as required.
• Recommend resource allocations required to securely operate and maintain an organization's cybersecurity requirements.
• Supervise or manage protective or corrective measures when a cybersecurity incident or vulnerability is discovered.
• Track audit findings and recommendations to ensure that appropriate mitigation actions are taken.
• Promote awareness of security issues among management and ensure sound security principles are reflected in the organization's vision and goals.
• Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies.
• Identify security requirements specific to an information or operational technology (IT/OT) system in all phases of the system life cycle.
• Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
• Assure successful implementation and functionality of security requirements and appropriate information and operational technologies (IT/OT) policies and procedures that are consistent with the organization's mission and goals.
• Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).
• Continuously validate the organization against policies, guidelines, procedures, regulations, and laws to ensure compliance.
Responsibilities – Operations
• Manage all resources, including leadership support, financial resources, key help-desk personnel and critical partner(s) teams, to support information technology operations and service management goals and objectives for the Enterprise IT/OT Teams.
• Oversee regular patching schedules for IT systems to ensure that vulnerabilities are identified and remediated swiftly.
• Direct daily operations of the service desk, ensuring prompt and effective handling of support requests and SLA compliance.
• Lead and mentor the support staff, fostering a collaborative atmosphere and encouraging professional growth.
• Formulate and implement a technical strategy that aligns with the organization’s goals and enhances service delivery.
• Evaluate and manage the tools and systems utilized by the support team, including ticketing software and self-service platforms.
• Analyze key performance indicators (KPIs) and service level agreements (SLAs) such as First Time Resolutions, Resolution Time, Customer Satisfaction, Ticket Volume, among others to identify and act on areas for improvement.
• Deliver high-quality technical assistance to both customers and internal users, ensuring issues are resolved efficiently.
• Organize training sessions to enhance team members' technical skills and customer service capabilities.
• Coordinating with other IT/OT departments to understand their needs and address any issues that may affect their operations. This cross-departmental collaboration is vital to ensure that all parts of the organization are supported adequately by IT/OT services.
• Maintaining IT/OT documentation, ensuring that all processes, configurations, and procedures are documented thoroughly.
• Develop IT/OT Support Policies & SOPs – Standard Operating Procedures.
Who We Need:
Core Competencies:
• Cybersecurity, Vulnerabilities Assessment & Threat Analysis
• Enterprise Architecture & Business Continuity
• Information & Operational (IT/OT) Systems/Network Security
• Information & Operational Technology (IT/OT) Assessment
• IT/OT Infrastructure, Network & Operations Management
• Operating Systems & Database Administration
• Policy & Risk Management
• SOC/IR Management
• ITSM – IT Service Management & ITIL – IT Infrastructure Library
• Vendor & Contract Management
• Customer Service Management
Core Knowledge:
• Knowledge of data backup, resilience and recovery.
• Knowledge of business continuity and disaster recovery continuity of operations plans.
• Knowledge of intrusion detection methodologies and techniques for detecting host, network-based intrusions, and of current and emerging threats/threat vectors.
• Knowledge of controls related to the use, processing, storage, and transmission of data.
• Knowledge of encryption algorithms.
• Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
• Knowledge of measures or indicators of system performance and availability.
• Knowledge of network traffic analysis methods, and tools.
• Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.
• Knowledge of server and client operating systems.
• Skill in creating policies that reflect system security objectives.
• Knowledge of new and emerging information and operational technologies (IT/OT) and cybersecurity technologies.
• Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).
• Knowledge of what constitutes a network attack and a network attack's relationship to both threats and vulnerabilities.
• Knowledge of penetration testing principles, tools, and techniques.
Other Skills & Qualifications:
• Bachelors in relevant science and engineering technology fields, business, or commensurate equivalent work experience.
• Organizational skills, attention to detail, follow up, documentation preparation and maintenance skills, and customer service orientation are crucial for success in this role.
• Exceptional interpersonal skills, with a focus on rapport-building, listening, conflict resolution and questioning.
• Experience in managing cross-functional teams and processes.
• Exceptional written and oral communication skills.
• Ability to conduct research into a wide range of issues as required.
• Ability to absorb and retain information quickly.
• Ability to present ideas in user-friendly language.
• Highly self-motivated and directed.
• Proven analytical and problem-solving abilities.
• Ability to effectively prioritize and execute tasks in a high-pressure environment.
• Experience working in a team-oriented, collaborative environment.
• Reliable and available to work a flexible schedule including nights and weekends.
Work Conditions:
• 40-hour on-site work week. Emergency call-in availability for 24-hour production environment.
• Ability to work on-site at industrial facilities, which may include working in hazardous environments or under strict safety protocols.
• Dexterity of hands and fingers to operate a computer keyboard, mouse, power tools, and other computer components. Be able to lift 40 lbs. unassisted.
• Physically able to participate in sessions, presentations, and meetings.
• Some travel may be required for the purpose of offsite software and system integration efforts, and team building and development activities.