Director, Cybersecurity

US Remote

About this role

As part of its separation from Carrier, the Commercial and Residential Fire business is building its Information Technology (IT) department. This presents an excellent opportunity for a motivated and strategic thinker to assume the Director of Cybersecurity role within the IT organization. This role represents the opportunity to help build and shape the future of our Cybersecurity function. While reporting directly to the head of Information Technology, this person will work with all members of IT to help solve issues and create true value for the company.

Key Responsibilities

• Leads the cybersecurity function across the company to ensure consistent and high-quality information security management that supports business goals.
• Develops a cybersecurity vision and strategy aligned with organizational priorities, ensuring it supports business objectives and gains senior stakeholder buy-in.
• Creates, implements, and monitors a comprehensive cybersecurity program to maintain the confidentiality, integrity, and availability of information assets, while meeting safety, privacy, reliability, and resilience requirements.
• Determines the cybersecurity approach and operating model in consultation with stakeholders, aligning it with the risk management approach and compliance monitoring of non-digital risk areas.
• Manages the budget for the cybersecurity function, monitoring and reporting any discrepancies.
• Collaborates with the privacy officer to ensure privacy requirements are included where applicable.
• Ensures consistent application of policies and standards across all technology projects, systems, and services, including privacy, risk management, compliance, and business continuity.
• Directs a targeted cybersecurity awareness training program for all employees, contractors, and system users, and measures its effectiveness.
• Advises on the organization's cyber risk posture and the mandatory application of controls.
• Facilitates a metrics and reporting framework to measure the efficiency and effectiveness of the cybersecurity program, ensuring appropriate resource allocation and increasing program maturity, and reviews it with executive and board-level stakeholders.
• Enhances the security posture by adopting a relevant cybersecurity framework, such as ISO 2700X, ITIL, ENISA, ISA-62443, COBIT/Risk IT, or NIST Cybersecurity Framework.
• Develops and maintains a document framework of up-to-date cybersecurity policies, standards, and guidelines, overseeing their approval and publication.
• Manages and contains cybersecurity incidents and events to protect corporate IT assets, intellectual property, regulated data, and the company's reputation.
• Ensures compliance with pertinent government and commercial security and privacy regulations.
• Develops and executes Operational technology (OT) strategy, access, and security requirements.
• Collaborates with engineering organization to define and execute product cybersecurity strategy.

Basic Qualifications

• Bachelors’ Degree
• 12+ years of experience in Information Technology
• 5+ years of experience leading diverse teams, including co-located and remote groups.
• 5+ years of leadership responsibilities, including strategy, and team development.

Preferred Qualifications

• Bachelors’ or Masters’ degree in computer science, information systems, business administration, or a related field
• 12+ years of experience in Information Technology or a relevant business/industry sector.
• Demonstrated experience and success in senior leadership roles in risk management, cybersecurity, or IT security.
• Knowledge and understanding of relevant legal and regulatory requirements, such as SOX, HIPAA, and PCI/DSS.
• Familiarity with common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT, and NIST frameworks including 800-53 and the Cybersecurity Framework.
• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other similar credentials desired.
• Demonstrated success in vendor and stakeholder management.
• Comfortable working in fast-paced, ambiguous environments.
• Creative thinker with a knack for diagnosing issues and crafting effective solutions.

RSRCAR

#LI-Remote