Senior Director of Information Security
About The Position
The Senior Director of Information Security will build and lead the enterprise cybersecurity and information risk program for a rapidly scaling construction and engineering organization operating across distributed jobsites, cloud platforms, ERP ecosystems, BIM environments, AI-enabled workflows, and acquisition-driven expansion. This role is structured as a CISO-in-development position. The selected leader will establish a scalable, defensible, audit-ready security program that enables growth, strengthens operational resilience, and supports compliance objectives, while developing into the future Chief Information Security Officer.
Requirements
- 10 or more years progressive cybersecurity experience
- 5 or more years leading security teams
- Experience implementing NIST SP 800-171 controls
- Experience leading CMMC 2.0 and SOC 2 Type II programs
- Experience in distributed multi-site environments
Nice To Haves
- Experience supporting federal or defense-related contracts preferred
- Experience in acquisition-driven growth environments preferred
- CISSP or equivalent certification preferred
Responsibilities
- Maintain enterprise cyber risk register with measurable scoring
- Align controls to NIST CSF, NIST SP 800-171, and regulatory requirements
- Lead policy, standards, and control documentation development
- Partner with Legal and Finance on cyber insurance and risk disclosures
- Oversee 24 hour monitoring strategy through internal capabilities or managed detection and response
- Establish centralized logging and SIEM capabilities
- Lead enterprise vulnerability management with defined remediation service level agreements
- Oversee endpoint detection and response strategy
- Implement Zero Trust principles across identity, endpoint, and network
- Ensure secure and immutable backup and recovery capabilities
- Lead CMMC 2.0 Level 2 control implementation and certification readiness
- Oversee System Security Plan and POA and M lifecycle management
- Lead SOC 2 Type II readiness and coordinate external audit examination
- Conduct cybersecurity due diligence for acquisitions
- Assess inherited risk and integration complexity
- Standardize identity, endpoint, logging, and governance controls across subsidiaries
- Secure Microsoft 365, ERP, BIM, and project management platforms
- Implement segmentation and control standards for distributed jobsites
- Assess and mitigate risk in operational technology environments
- Develop enterprise AI governance and data protection framework
- Protect Controlled Unclassified Information where applicable
- Maintain incident response program aligned to NIST 800-61
- Conduct executive ransomware simulations annually
- Align disaster recovery and business continuity with enterprise risk posture
Benefits
- Medical, dental, and vision insurance
- 401(k) retirement plan with company match
- Paid time off (PTO) and holiday pay
- Life and disability insurance
- Professional development and training opportunities
- Employee assistance program (EAP)
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Director
Education Level
No Education Listed
Number of Employees
101-250 employees
