Chief Information Security Officer

About The Position

Requirements

• Bachelor’s degree in Information Systems, Computer Science, Engineering, or a related field.
• Executive-level certifications (CISM, CISSP, GIAC) required
• 10+ years of progressive IT leadership experience, including executive leadership responsibility.
• Experience overseeing infrastructure, networking, and cybersecurity functions in a multi-site industrial or manufacturing environment.
• Proven experience managing infrastructure operations in a mid-size company (500M)
• Proven experience developing and managing a cybersecurity framework in a mid-size company (500M)
• Familiarity with manufacturing systems, OT/IT security, SCADA, and industrial networking.
• Experience with Cisco networks, firewalls and security frameworks such as ISE and Umbrella.
• Deep expertise with SIEM, SOAR, EDR, and threat-intelligence tools.
• Proven experience managing mixed teams of employees, contractors, and managed service providers.
• Strong familiarity with frameworks such as NIST CSF, MITRE ATT&CK, and incident response methodologies.
• Executive leadership and strategic thinking.
• Strong financial and budget planning skills.
• Excellent communication with senior leaders, board members, and plant personnel.
• Ability to operate in a fast-paced, asset-intensive, safety-focused industrial environment.
• Strong decision-making, problem-solving, and crisis-management capabilities.

Nice To Haves

• Master’s degree in Business, Engineering, or Information Systems (MBA or MSc) preferred
• Cisco certification a plus
• Experience with Nessus and Palo Alto Cortex a plus

Responsibilities

• Strategic Leadership & Vision Develop and execute a multi-year Information Systems Security and Infrastructure strategy aligned with business objectives and cyber security best practices
• Ensure the availability of systems and networks meet or exceeds the uptime requirements of business operations
• Lead the enterprise cybersecurity function ensuring continuous monitoring, detection and response to cyber threats
• Oversee IT Infrastructure and security including systems, networks and enterprise security domains such as endpoint protection, email security, vulnerability management and attack surface management
• Conduct regular pentesting for both external and internal environments.
• Conduct annual tabletop exercises for the cybersecurity incident response process
• Maintain strong situational awareness of emerging threats and vulnerabilities relevant to the steel industry
• Cybersecurity & Risk Management Own the enterprise cybersecurity strategy, including security architecture, threat mitigation, identity and access management, and security incident response.
• Lead the Security Systems Engineer in building and maintaining a robust security posture across IT and OT systems.
• Ensure compliance with Canadian and U.S. regulations (e.g. PIPEDA, CCPA, NIST, SOX where applicable).
• Oversee key security technologies, including SIEM, SOAR, EDR, and threat-intelligence platforms.
• Drive automation and orchestration to reduce mean time to detect (MTTD) and mean time to respond (MTTR).
• Oversee business continuity planning, disaster recovery, and risk management programs.
• Technology Governance & Financial Leadership Develop and manage the Information Infrastructure and Systems Security budget, including capital planning, operational expenditures, and technology investments.
• Establish infrastructure and security governance frameworks, policies, and standards for enterprise IT and OT operations.
• Manage and set priorities for the design, maintenance, development and evaluation of all infrastructure and cybersecurity systems
• Manage vendor relationships, contracts, and negotiations for hardware, software, services, and telecommunications.
• Team Leadership & Development Lead and mentor a multi-disciplinary technology team with managers and engineering specialists across multiple sites.
• Ensure clear organizational structure, succession planning, and employee development.
• Foster a culture of accountability, collaboration, cyber awareness, safety, and continuous improvement.
• Cross-Functional Collaboration Advise senior management on risk levels and information system security posture
• Advise senior management on cost/benefit analysis of information security programs, policies, processes, systems and elements
• Communicate the value of information technology security throughout all levels of the organization
• Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies
• Work closely with plant leadership to ensure technology adheres to cybersecurity best practices
• Act as the primary liaison between enterprise IT and Operational Technology (OT) groups.

Benefits

• Competitive wages and bonus opportunities
• Family medical, dental, and prescription coverage at minimal employee cost
• Short and long term disability programs
• Competitive retirement plans
• Flexible Spending and Health Savings Accounts
• Employer-provided and Voluntary Life Insurance options
• Paid vacation and recognized statutory holidays
• Apprenticeship and career advancement within the company
• Tuition reimbursement
• Wellness program