Sr. Director, Chief Information Security Officer (CISO)

KBR, Inc.•Houston, TX

1d•Hybrid

About The Position

KBR is seeking a Senior Director, Chief Information Security Officer, to provide enterprise leadership for corporate cybersecurity and information protection. This role is responsible for defining and executing KBR’s global corporate information security strategy, safeguarding corporate systems, data, intellectual property, and digital platforms while enabling secure business growth and transformation. This position focuses on corporate IT and shared services environments, including cloud platforms, SaaS applications, enterprise systems, and workforce technologies. The role operates as a trusted advisor to executive leadership, partnering across functionally to manage cyber risk and strengthen enterprise resilience. The role may be based in the Middle East, United Kingdom or United States and includes periodic global travel.

Requirements

Bachelor’s degree in computer science, Information Security, Engineering, or a related field
15+ years of progressive experience in information security, IT risk, or technology leadership
10+ years leading enterprise or cybersecurity programs in a global organization
Proven experience securing IT environments, including cloud, SaaS, identity, and enterprise applications
Proven executive communication skills with the ability to translate technical risk into business impact
Ability and willingness to travel internationally as required (approximately 10–20%)
Professional certifications such as CISSP, CISM, or CRISC

Nice To Haves

Master’s degree or MBA
Experience supporting public company environments, including SOX and internal audit collaboration
Experience leading information protection initiatives and building security culture in an international organization.
Cloud security expertise (AWS, Azure, or similar platforms)
Prior experience supporting large‑scale digital transformation or enterprise modernization initiatives
Demonstrated success operating within a matrixed, multinational organization
Effective leadership presence with the ability to influence

Responsibilities

Define, lead, and execute KBR’s information security strategy, operating model, and multi‑year roadmap aligned with enterprise objectives
Serve as the enterprise authority on cyber risk, threat posture, and resilience, advising executive leadership on risk‑based decision making
Establish and maintain corporate information security policies, standards, and governance aligned to frameworks such as NIST CSF, ISO 27001, SOX ITGCs, GDPR, Australia and UK data protection requirements
Oversee enterprise-wide risk management and compliance, conduct regular risk and information security assessments to identify security vulnerabilities and threats, both internal and external.
Develop and implement risk mitigation strategies and security controls to reduce and manage identified risks.
Monitor compliance with applicable laws, regulations, and contractual obligations related to information security.
Lead incident response and breach management, including executive communications, regulatory coordination, and post‑incident remediation
Partner with IT and Digital teams to embed secure‑by‑design practices into cloud adoption, enterprise applications (ERP, HRIS, CRM), data platforms, and automation initiatives
Oversee third‑party and supplier cyber risk management for vendors and technology partners
Support enterprise initiatives including M&A, divestitures, and system integrations from a cybersecurity and risk perspective
Build, lead, and develop a high‑performing global information security organization
Drive enterprise‑wide security awareness, training, and accountability to strengthen KBR’s cyber culture
Collaborate across regions and functions in alignment with KBR’s team of teams operating model