Head of IT Security (CISO), Infrastructure Engineering & Architecture

Job Description:

The San Francisco Chronicle has recognized Nextracker (Nasdaq: NXT) as one of the Top Workplaces. Join our growing team!

This position is a hybrid role (4x/week) based at our headquarters in Fremont, California. We are seeking an experienced cybersecurity leader to oversee and advance our infrastructure and cybersecurity strategy, controls, and capabilities.

As our CISO & Head of IT Infrastructure Engineering & Architecture, you will play a key role in defining and architecting IT infrastructure components. You will also be responsible for establishing and maintaining a robust and relevant cybersecurity program, ensuring that information assets, technology, applications, systems, infrastructure, and processes are adequately protected in the digital ecosystem.

Reporting to the CIO, you will drive the architecture and engineering of a resilient future-state network, cloud, and web infrastructure. You will work closely with IT operations for a global rollout and implementation. Additionally, you will be responsible for maintaining a strong cybersecurity posture for the company, identifying risks, implementing necessary remediation, deploying required tools, and ensuring compliance.

Our ideal candidate will be an innovative infrastructure and cybersecurity leader with a strong background in network, server, cloud architectures, and capable of advancing our cyber defenses while enabling robust infrastructure design.

Please apply if you have the hands-on technical expertise, strategic vision, and leadership skills to excel in this opportunity.

This position calls for a visionary leader with strong business acumen and extensive knowledge of infrastructure across both corporate and operational contexts.

Key Responsibilities

• Infrastructure Architecture & Engineering: Leverage your deep understanding of secure and scalable infrastructure to help architect a zero-trust environment. Define and engineer constructs for a scalable cloud and network ecosystem.

• Cybersecurity Leadership, Program Development & Maturity: Develop and execute a strategic cybersecurity program to protect internal systems, products, and customer environments. Create a comprehensive cybersecurity strategy and operating model in consultation with stakeholders, ensuring alignment with risk management and compliance. Establish a clear cybersecurity vision and secure senior stakeholder support.

• Response & Remediation: Lead vulnerability remediation efforts with the Infrastructure, Compliance, and Product teams. Oversee the SOC team to detect and respond to anomalies promptly. Coordinate incident response, leading forensic investigations, engaging with third-party forensic firms, and ensuring containment and remediation actions.

• Operational Excellence: Drive infrastructure rollout efficiently to prevent business disruption. Implement and oversee NOC/SOC teams for monitoring core infrastructure components like networks, endpoints, and logs, ensuring critical systems and processes are covered.

• Systems & Tools: Manage the selection of infrastructure and cybersecurity tools, ensuring best practices for implementation, monitoring, and management. Build a current and future state architecture for infrastructure and cybersecurity, supporting both Information & Operational Technology.

• Risk Management, Cyber Policy & Training Development: Identify, assess, and prioritize top Cyber/IT risks. Develop roadmaps to mitigate IT/Cyber risks. Manage vendor and customer cybersecurity requirements, aligning contracts and compliance with business goals. Develop policies to drive controls that mitigate risks related to access, data, systems, and physical security. Develop and implement a targeted cybersecurity training program with metrics to measure effectiveness across different audiences.

• Governance and Reporting: Establish and oversee a cybersecurity governance structure, including a steering committee. Provide regular reports on the cybersecurity program’s status to enterprise risk teams and senior leaders, linking outcomes to business objectives. Drive programs around ISO 27001, SOX, and SOC attestations.

Requirements

• 15+ years managing enterprise infrastructure and cybersecurity programs.
• Expert knowledge of tools, systems, and processes related to network, cloud, and security.
• Experience with industry-standard security frameworks and relevant SEC cyber-related requirements.
• Hands-on technical knowledge of network hardening, identity management, Active Directory, and application security.
• Degree in Computer Science or similar.
• Strong leadership, communication, and collaboration skills.

Preferred Experience

• Experience achieving IEC62443 certification is preferred.

Pay Range (Applicable to California) - $250,000-$300,000

At Nextracker, we are leading in the energy transition, providing the most comprehensive portfolio of intelligent solar tracker and software solutions for solar power plants, as well as strategic services to capture the full value of solar power plants for our customers. Our talented worldwide teams are transforming PV plant performance every day with smart technology, data monitoring and analysis services.

For us at Nextracker, sustainability is not just a word. It's a core part of our business, values and our operations. Our sustainability efforts are based on five cornerstones: People, Community, Environment, Innovation, and Integrity. We are creative, collaborative and passionate problem-solvers from diverse backgrounds, driven by our shared mission to provide smart solar and software solutions for our customers and to mitigate climate change for future generations.

Nextracker is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.