Global Chief Information Security Officer (CISO)

About The Position

Requirements

• Bachelor’s degree in computer science, Information Technology, cybersecurity, or a related field
• Minimum of fifteen (15) years of progressive experience in cybersecurity
• Minimum of seven (7) years in a senior management role in an information security function
• Experience in managing, responding to, and mitigating cyber incidents
• Experience or familiarity with government contracting and public and private company cybersecurity reporting requirements
• Hands-on cyber incident response coordination and oversight experience
• Expertise in risk-based frameworks (NIST CSF, ISO 27001, SOC 2, CMMC, NIST 800-171) and familiarity with applicable regulatory regimes (SEC, GDPR, state breach laws, etc.)
• Proven ability to engage with CEO, Board of Directors, and Executive Team on cybersecurity strategy and governance
• Ability to operate effectively as both strategist and practitioner, a player-coach who drives global cybersecurity direction while engaging hands-on to guide, mentor, and resolve complex technical and operational challenges
• Strong leadership skills as well as the ability to work and communicate (verbal, written, and interpersonal) effectively with other leadership and their teams
• An entrepreneurial and innovative mindset regarding cybersecurity development and operations
• A strong understanding of the business impact of cybersecurity policies, tools, and technologies, including leveraging existing assets and talent to efficiently manage cybersecurity spend

Nice To Haves

• Recognized security certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), etc.

Responsibilities

• Develop and execute a global, risk-based cybersecurity strategy and program aligned with Allied Universal’s business objectives
• Establish, communicate, and oversee governance of enterprise-wide cybersecurity policies, standards, and controls that are appropriate for the company’s diverse global operations
• Lead, mentor and manage Regional Cybersecurity Leaders to promote consistency, accountability, and operational effectiveness across all regions
• Define and monitor key risk indicators, cybersecurity metrics, and maturity objectives to inform executive decision-making and drive ongoing program improvement
• Oversee global monitoring, detection, and response capabilities that provide 24×7 visibility into potential cyber risks and support timely containment activities
• Identify and assess emerging threats, technologies, and vulnerabilities to support informed planning and risk mitigation efforts
• Provide recommendations regarding cybersecurity investments and resource allocation, helping prioritize efforts based on risk, business impact, and value
• Foster a culture of cybersecurity awareness, ownership, and accountability across all functions and geographies
• Coordinate, develop, and implement programs designed to train Allied Universal’s workforce regarding the company’s cybersecurity requirements, including applicable cybersecurity laws and requirements and responding to evolving cybersecurity threats
• Evaluate emerging threats and vulnerabilities, driving continuous improvement of the company’s cybersecurity posture as appropriate
• Direct recurring global cybersecurity risk assessments; oversee associated cybersecurity risk management activities, including maintenance of a risk register, remediation tracking, and risk decisions
• Oversee periodic internal and external cybersecurity audits to verify adherence to policies, standards and regulatory requirements
• Report promptly on cybersecurity risks to relevant Allied Universal Leadership upon identifying risks that exceed tolerance levels
• Support compliance with regulatory requirements as well as any Allied Universal and customer contractual obligations for cyber security
• Remain current and knowledgeable regarding applicable cybersecurity laws and regulations, including laws and regulations applicable to government contractors
• Lead on various external cybersecurity initiatives, including compliance for protecting sensitive data such as responding to regulators and customer audits
• Direct and continuously improve the enterprise incident-response program, including playbooks, tabletop exercises, and post-incident reviews
• Lead cross-functional coordination with Legal, Technology, Operations, and Regional CIOs to contain and recover from major cyber incidents
• Oversee specialized incident-response and investigative resources for critical events
• Provide timely updates to the CEO, Global General Counsel, and Board on incident status, impact, and remediation progress
• Review and assess the effective deployment of cybersecurity technologies, tools and software by Allied Universal, third parties, and related vendors
• Coordinate and respond to various cybersecurity assessments, including, as required, certifications to process certain government-related data or other sensitive data
• Monitor and manage cybersecurity aspects of the third-party lifecycle and confirm that third parties’ cybersecurity practices align with Allied Universal’s cybersecurity risk tolerance
• Communicate/respond to requests regarding the effectiveness of Allied Universal’s cybersecurity program regarding third-party diligence, selection, and monitoring (e.g., insurance, debt financing, public accounting, initial public offering, etc.) in coordination with Allied Universal Leadership, including IT, Legal and Procurement
• Provide regular briefings to the CEO, Global General Counsel, and Board of Directors on cybersecurity posture, key risks, and, if applicable, major incidents.
• Communicate with internal and external stakeholders (including government and prime contractor customers) regarding Allied Universal’s cybersecurity program
• Prepare and present reports on Allied Universal’s cybersecurity posture to the CEO and Board of Directors, and other Allied Universal Leadership
• Partner with IT and Operations to ensure business-continuity and disaster-recovery programs incorporate cybersecurity risk considerations, are regularly tested, and effectively support enterprise resilience objectives

Benefits

• Medical, dental, vision, supplemental income plan with a company match, basic life, AD&D, and disability insurance
• Eight paid holidays annually, five sick days, and four personal days
• Executive Flex Vacation Plan