NES Fircroft
posted 5 days ago
Full-time - Senior
51-100 employees
Administrative and Support Services
About the position
The Chief Information Security Officer (CISO) will lead the development and management of an enterprise-wide cybersecurity program for Sempra Infrastructure. This strategic role is essential for safeguarding critical information assets and infrastructure while enabling secure digital transformation. The CISO will oversee security operations, risk management, and compliance, ensuring alignment with organizational objectives and regulatory requirements.
Responsibilities
- Develop and implement a robust information security strategy and program aligned with organizational objectives and regulatory requirements.
- Assess and manage cybersecurity risks across the organization's digital infrastructure, networks, and sensitive data.
- Implement risk mitigation strategies and ensure regular risk assessments and audits.
- Oversee security operations, including incident response, threat intelligence, and vulnerability management.
- Lead the organization's response to cybersecurity incidents and breaches, ensuring quick recovery and minimal impact.
- Oversee the selection and implementation of appropriate security technologies.
- Manage the security aspects of the company's digital transformation initiatives, including cloud adoption, OT, and IoT integration.
- Brief the board of directors on the cybersecurity program and develop metrics to show measurable impact and progress.
- Stay informed on emerging threats, technologies, and regulatory requirements in the energy sector.
- Establish and enforce security policies and procedures that comply with relevant legal, industry standards, regulations, and best practices.
- Drive security awareness and training programs for employees at all levels.
- Oversee the business continuity and resiliency plan in collaboration with the CIO and other business leaders.
- Lead and mentor the cybersecurity team, fostering a culture of security awareness and continuous improvement.
- Develop, attract, and retain top talent for high performance and agility.
- Collaborate with executive leadership, including the CIO, and business unit leaders to ensure security initiatives support overall company goals.
- Integrate cybersecurity into business processes and decision-making.
- Work closely with IT, operations, and other departments to ensure a cohesive approach to cybersecurity.
- Engage with vendors and external stakeholders to maintain and integrate security standards into all projects and processes.
- Serve as the liaison for collaboration and interaction with local and federal law enforcement agencies.
Requirements
- Bachelor's degree in Computer Science, Information Security, Cybersecurity, or a closely related field, or equivalent related experience.
- 15 years of progressive experience in information security roles, with at least 5 to 7 years in a senior management role within a large, complex organization, preferably in the energy sector or related industries.
- Deep understanding of the latest cybersecurity technologies, practices, and methodologies, including intrusion detection systems, firewalls, anti-virus software, data encryption, and other industry-standard techniques and practices.
- Experience in managing security for critical infrastructure and operational technology (OT) environments.
- Extensive knowledge of relevant standards and regulations such as GDPR, NERC CIP, ISO/IEC 27001, and NIST frameworks, including specific regulatory requirements applicable to the energy sector.
- Broad knowledge of IT systems and architectures, with a strong grasp of cloud security, network security, and data security solutions.
- Experience in crisis management and incident response.
- Strategic thinker with the ability to align security initiatives with business objectives.
- High-level analytical skills to assess security systems, foresee potential vulnerabilities, and devise strategies to mitigate risks.
- Excellent verbal and written communication skills, capable of clearly explaining complex security risks and strategies to stakeholders at all levels, including non-technical audiences.
- Demonstrated leadership ability to guide and inspire a team of security professionals.
Nice-to-haves
- Master's degree in Computer Science, Computer Information Systems Engineering, Business, or a related discipline, MBA, or equivalent training and/or experience.
- Bilingual (English/Spanish) highly desirable.
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Certified Chief Information Security Officer (CCISO)
- Other relevant industry certifications such as CompTIA Security+, GIAC Security Essentials, or Certified Information Systems Auditor (CISA)
Benefits
- Market-leading benefits packages
- Support with securing visas and work permits
- Accommodation assistance for contractors
