Director of Information Security

SRM Concrete•Smyrna, TN

68d

About The Position

Smyrna Ready Mix (SRM) is seeking an accomplished and forward-thinking Director of Information Security to lead the strategy, implementation, and continuous improvement of SRM’s cybersecurity posture across a rapidly growing enterprise environment. This leadership role will oversee all aspects of information security governance, risk management, compliance, and operations, ensuring that SRM’s systems, data, and infrastructure remain secure, resilient, and aligned with business objectives. The Director of Information Security will collaborate with IT Leadership and operational teams to develop scalable security policies, incident response capabilities, and proactive defense measures across both on[1]premises and cloud (Azure/OCI) environments. This role requires a balance of technical expertise, leadership acumen, and business insight to protect SRM’s expanding digital footprint. This position reports directly to the Chief Information Officer (CIO) and partners closely with senior IT and business leadership. The Director of Information Security will play a pivotal role in safeguarding SRM’s operations and empowering the company’s continued growth through secure, reliable, and innovative technology practices.

Requirements

Bachelor’s degree in Information Security, Computer Science, or related field (Master’s preferred).
10+ years of progressive experience in IT and information security, including at least 5 years in a leadership or management role.
Strong technical foundation in network, system, and cloud security, including firewalls, SIEM, endpoint protection, identity management, and incident response.
Proven experience implementing and managing security programs across hybrid (on-prem/cloud) infrastructures.
Deep understanding of various security suites for endpoint management and security (Defender, Entra ID, Intune, SentinelOne, Avanon, Azure Security Center and similar).
Knowledge of risk management frameworks such as NIST CSF, ISO 27001, and CIS Controls.
Demonstrated success developing policy, governance, and compliance programs.
Strong analytical and strategic thinking skills with the ability to translate complex security issues into business terms.
Excellent communication, leadership, and interpersonal skills; able to influence across technical and executive levels.
Relevant certifications such as CISSP, CISM, CISA, or CRISC.
Proven ability to develop, budget for, and manage information security projects ensuring strategic investment in technologies, tools, and personnel are implemented timely and with minimal service impact.

Nice To Haves

Experience with industrial or operational technology (OT) environments is a plus.
Experience with Zero Trust architecture and cloud-native security solutions.
Experience leading incident response teams or managing security operations centers (SOC).
Knowledge of data loss prevention (DLP), MFA, SIEM/SOAR, and endpoint detection and response (EDR) platforms.

Responsibilities

The Director of Information Security is responsible for the full lifecycle of SRM’s cybersecurity program — from strategic planning and design through implementation, monitoring, and continuous improvement.
Develop and execute SRM’s enterprise-wide information security strategy, roadmap, and governance framework, ensuring consistent control design, secure system integration, and architectural alignment with Zero Trust principles.
Lead and mentor the information security team, fostering a culture of collaboration, accountability, and ongoing professional development.
Establish and maintain cybersecurity policies, standards, and procedures in alignment with industry best practices (NIST, CIS, ISO 27001).
Design and oversee the implementation of security controls across network, system, application, and cloud infrastructures (Azure, OCI, O365).
Collaborate with IT leadership to integrate security into all technology projects, ensuring secure design, configuration, and deployment practices.
Manage risk assessments, vulnerability management, and remediation activities, prioritizing mitigation efforts based on business impact.
Oversee identity and access management (IAM) strategy, ensuring proper integration with Microsoft Entra ID (Azure AD), Active Directory, and role-based access controls, as well as other identity strategies to be evaluated and implemented.
Oversee enterprise security operations and incident response, leveraging SIEM, threat intelligence, and analytics to detect and mitigate risks, while leading disaster recovery planning, simulation exercises, periodic threat assessments and penetration testing, and post-incident reviews to strengthen organizational resilience.
Coordinate audits and compliance efforts related to security, privacy, and data protection (SOX, PCI, GDPR, etc. as applicable).
Define and track risk metrics on key cybersecurity performance indicators (KPIs) including health, incidents, and strategic initiatives and provide executive reports to CIO and IT leadership regularly and C-suite as needed.
Partner with CIO and IT Leadership, along with Legal and HR teams to ensure adherence to evolving data privacy and regulatory requirements.
Develop security strategies for operational technology (OT) and industrial IoT environments, including plant networks, weigh systems, and telemetry.
Develop and manage enterprise-wide security awareness and training programs to promote a strong security culture.
Evaluate emerging threats and technologies, recommending appropriate security solutions and investments.
Establish and oversee third-party and supply-chain risk management processes, ensuring that vendor systems and services meet SRM’s security and privacy requirements.
Collaborate across IT disciplines (systems, networking, applications) to ensure end-to-end resilience, visibility, and alignment of security priorities with operational needs.