Director of Information Security

Overview

Leads SRM's enterprise cybersecurity strategy, governance, risk, and operations across hybrid clouds.

Key Responsibilities

• security strategy
• risk management
• incident response
• iam strategy
• vulnerability management
• security architecture

Tasks

-Develop security strategies for operational technology (OT) and industrial IoT environments, including plant networks, weigh systems, and telemetry. -Design and oversee the implementation of security controls across network, system, application, and cloud infrastructures (Azure, OCI, O365). -Establish and oversee third-party and supply-chain risk management processes, ensuring that vendor systems and services meet SRM’s security and privacy requirements. -Oversee enterprise security operations and incident response, leveraging SIEM, threat intelligence, and analytics to detect and mitigate risks, while leading disaster recovery planning, simulation exercises, periodic threat assessments and penetration testing, and post-incident reviews to strengthen organizational resilience. -Partner with CIO and IT Leadership, along with Legal and HR teams to ensure adherence to evolving data privacy and regulatory requirements. -The Director of Information Security is responsible for the full lifecycle of SRM’s cybersecurity program — from strategic planning and design through implementation, monitoring, and continuous improvement. -Develop and manage enterprise-wide security awareness and training programs to promote a strong security culture. -Oversee identity and access management (IAM) strategy, ensuring proper integration with Microsoft Entra ID (Azure AD), Active Directory, and role-based access controls, as well as other identity strategies to be evaluated and implemented. -Manage risk assessments, vulnerability management, and remediation activities, prioritizing mitigation efforts based on business impact. -Lead and mentor the information security team, fostering a culture of collaboration, accountability, and ongoing professional development. -Coordinate audits and compliance efforts related to security, privacy, and data protection (SOX, PCI, GDPR, etc. as applicable). -Establish and maintain cybersecurity policies, standards, and procedures in alignment with industry best practices (NIST, CIS, ISO 27001). -Evaluate emerging threats and technologies, recommending appropriate security solutions and investments. -Collaborate with IT leadership to integrate security into all technology projects, ensuring secure design, configuration, and deployment practices. -Develop and execute SRM’s enterprise-wide information security strategy, roadmap, and governance framework, ensuring consistent control design, secure system integration, and architectural alignment with Zero Trust principles. -Define and track risk metrics on key cybersecurity performance indicators (KPIs) including health, incidents, and strategic initiatives and provide executive reports to CIO and IT leadership regularly and C-suite as needed. -Collaborate across IT disciplines (systems, networking, applications) to ensure end-to-end resilience, visibility, and alignment of security priorities with operational needs.

Requirements

• nist
• iso 27001
• siem
• zero trust
• cissp
• 10+ years

What You Bring

-Knowledge of risk management frameworks such as NIST CSF, ISO 27001, and CIS Controls. -Proven ability to develop, budget for, and manage information security projects ensuring strategic investment in technologies, tools, and personnel are implemented timely and with minimal service impact. -Knowledge of data loss prevention (DLP), MFA, SIEM/SOAR, and endpoint detection and response (EDR) platforms. -Proven experience implementing and managing security programs across hybrid (on-prem/cloud) infrastructures. -10+ years of progressive experience in IT and information security, including at least 5 years in a leadership or management role. -Experience with industrial or operational technology (OT) environments is a plus. -Excellent communication, leadership, and interpersonal skills; able to influence across technical and executive levels. -Experience with Zero Trust architecture and cloud-native security solutions. -Strong analytical and strategic thinking skills with the ability to translate complex security issues into business terms. -Demonstrated success developing policy, governance, and compliance programs. -Strong technical foundation in network, system, and cloud security, including firewalls, SIEM, endpoint protection, identity management, and incident response. -Deep understanding of various security suites for endpoint management and security (Defender, Entra ID, Intune, SentinelOne, Avanon, Azure Security Center and similar). -Experience leading incident response teams or managing security operations centers (SOC). -Bachelor’s degree in Information Security, Computer Science, or related field (Master’s preferred). -Relevant certifications such as CISSP, CISM, CISA, or CRISC.

People Also Searched For

About Srm Concrete

-Founded with a commitment to providing top-quality ready-mix concrete solutions. -Serves a broad range of industries, focusing on timely and efficient delivery. -Has grown to become a trusted partner for residential, commercial, and large-scale infrastructure projects. -Invests in state-of-the-art equipment and fleet for consistent delivery performance. -Specializes in projects requiring precision and flexibility, including challenging construction environments. -Footprint spans multiple regions, with an emphasis on supporting long-term community growth. -Portfolio includes small-scale residential developments to large municipal and industrial builds. -Known for deep understanding of the concrete supply chain and ability to execute complex logistics with ease.

Sector Specialisms