Director of Security and Compliance

Overview

Lead enterprise cybersecurity, compliance, privacy, risk and incident response strategy.

Key Responsibilities

• security architecture
• incident response
• risk assessment
• privacy program
• vendor management
• compliance reporting

Tasks

-Build and lead a high performing team. Work collaboratively with direct reports to support their career progression, nurture their development and to help them realize their potential. Have a documented succession plan for critical functions. -Build successful stakeholder relationships with other IT , enterprise risk managers and key business stakeholders by developing a clear understanding of business needs, acting as a trusted advisor, and ensuring cost-effective delivery of security services to meet those needs. -Third-party management, working closely with sourcing and vendor managers -Lead cross-functional Privacy Team to develop and implement a comprehensive enterprise-wide data and personnel privacy program. Maintain current policies, facilitate publication and communication, and ensure all employees receive required privacy training. -Conduct comprehensive enterprise risk assessments and develop strategies that strengthen business continuity, disaster recovery, and incident response capabilities. Build, train, and coordinate cross-functional incident response teams across security, IT, business partners, and executive leadership to ensure effective crisis response and business protection. -Foster an enterprise security culture by embedding compliance and risk management practices into daily business operations. Lead organization-wide training and awareness initiatives that enable informed cybersecurity decision-making across all functions and levels. -Ensure digital and paper archiving (warehouse) systems are complying with corporate data retention policies. Collaborate with Product Managers to ensure they understand policies and their products and services are aligned. -Developing staff including coaching, mentoring and performance management -Develop and control the annual department budget to ensure that it's consistent with the overall strategic objectives of IT and the enterprise and is within plan. -Direct enterprise-wide security architecture and operations across IT and OT environments, ensuring secure design, deployment, and ongoing protection of infrastructure, applications, and data systems. -Ensure compliance with all relevant cybersecurity, compliance and privacy regulations. As part of a strategic enterprise risk management program, conduct compliance assessments and provide regular status reports to risk management teams and senior business leaders including relevant metrics, key performance and risk indicators. -Lead vendor management and negotiations with security service providers. Establish strong vendor relationships ensuring vendors understand and share our focus on security and are capable of meeting requirements. -Sets the mission, vision, and strategy for technology risk management including cybersecurity, compliance and privacy organization. Implementing appropriate risk management and mitigation efforts while ensuring the success of business and IT initiatives, ensuring alignment with business objectives and product priorities. -Develop and actively participate in peer network groups. Stay up on trends and share lessons learned. -Maintain awareness of emerging threats and incorporate appropriate mitigation measures

Requirements

• cissp
• cism
• cisa
• nist 800-53
• nist 800-171
• artificial intelligence

What You Bring

-Excellent analytical, strategic conceptual thinking, strategic planning, and execution skills -3 or more years of leadership responsibilities of an auditable compliance program (ex: NIST 800-171, CMMC, ISO 2700x, SOC 2, NERC-CIP, etc.) -7 or more years of leadership responsibilities, including strategy, budgeting, and staffing -Demonstrated ability to develop and execute a strategic staffing plan that ensures the right people are in the right roles at the right time, and employees are highly engaged and satisfied -Strong business acumen, including industry, domain-specific knowledge of the enterprise and its business units -Deep understanding of current and emerging security technologies and practices, and how other enterprises are employing them -Certification Preferred - Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other similar credentials -Bachelor’s or Master’s degree in business administration or technology related field -Exceptional leadership skills, with the ability to develop and communicate a vision that inspires and motivates staff and aligns with the IT and business strategy -NIST 800-53 -NIST 800-171/CMMC -Artificial Intelligence -Strong awareness of current and changing regulatory landscape -15 or more years of experience in IT Operations, cybersecurity or business/industry -Effective influencing and negotiation skills and the ability to build consensus in complex environments where resources required for success may not be in direct control of this role -Demonstrate collaboration skills across multiple teams including business operating groups, corporate departments and other IT teams -Data management, classification and privacy

People Also Searched For

About Swinerton

-Tackles projects ranging from high-rise buildings to energy facilities with a diverse portfolio. -Known for adaptability in delivering both traditional and cutting-edge projects. -Operates across multiple sectors, including residential, commercial, energy, and industrial developments. -Combines technical knowledge with a focus on quality and value in every project. -Recognized for expertise in large-scale infrastructure, such as bridges, airports, and transport hubs. -Achievements include iconic skyscrapers and sustainable energy projects.

Sector Specialisms