Director, Cybersecurity Architecture

At Oshkosh, we build, serve and protect people and communities around the world by designing and manufacturing some of the toughest specialty trucks and access equipment. We employ over 18,000 team members all united by a common purpose. Our engineering and product innovation help keep soldiers and firefighters safe, is critical in building and keeping communities clean and helps people do their jobs every day.

JOB SUMMARY:

Oshkosh Corporation owns significant assets in the form of information.  Some of these assets lose substantial value if they are improperly disclosed, and similar disclosure of other assets could result in significant harm to the organization.  This role will support the Global Cyberscurity Office mission by working with the business as a trusted advisor to reduce information security risks to acceptable levels.  

ESSENTIAL DUTIES AND RESPONSIBILITIES:

These duties are not meant to be all-inclusive and other duties may be assigned.

• Direct the activities of the Cybersecurity Architecture team, responsible for enterprise security architecture, secure solution design, and OT cybersecurity

• Contribute to the development, maintenance, and execution of the Cybersecurity strategy by providing thought leadership on all aspects of Cybersecurity. Partner with business leadership to align and integrate cybersecurity and business strategies.

• Advocate for security policy compliance and risk mitigation during planning sessions and implementation of new services, applications, platforms and oversee projects and technical implementation as needed.

• Provide leadership support of security audits, assessments, contractual requirement analyses, and forensic investigation activities.

• Monitor compliance with existing security policies and propose changes to improve operating efficiency, regulatory alignment and risk mitigation.

• Coordinate with business team (e.g. IT, HR, Engineering) to establish plans to mitigate new cyber risks associated with new business activities. Partner closely with business leadership to effectively communicate alternatives and risk mitigation recommendations.

• Manage a staff of information security professionals, hire and train new staff, conduct performance reviews, and provide leadership and coaching, including technical and personal development programs for team members.

MINIMUM QUALIFICATIONS:   

• Bachelor’s degree in Information Systems, Management or equivalent.

• Ten (10) or more years of Information Security/Cybersecurity experience.

• Five (5) or more years of Information Security/Cybersecurity management experience.

• Ability to travel 10% of time.

PREFERRED QUALIFICATIONS: 

• Graduate degree in Information Systems, Management or equivalent.

• Relevant industry recognized certifications (CISSP, CISM, CEH, GIAC, Security+, etc.).

• Ability to interact with company personnel, build strong relationships at all levels and across all business units and organizations, and understand business imperatives.

• Strong understanding of the business impact of security tools, technologies and policies.

• Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.

• Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with the IT organization, management and business personnel.

• Hold an active U.S. Government Secret level clearance.

• Experience with project management, audit, defense-in-depth security systems, incident response, vulnerability management, IT infrastructure, regulatory laws/framework.

BASIC COMPETENCIES:

• Internal Contacts:  Contact with employees or others primarily at a routine level involving basic information exchange; Contact with peers and others involving explanation of information (these contacts may be within or outside department or division), and the gathering of factual information; may include the communication of sensitive or confidential information; Contact across departments or divisions with employees involving persuasion of others, absent formal authority, to conform to a policy interpretation or recommend course of action.

• External Contacts:  External contact involving a requirement to maintain a continuing external working relationship with individuals or organizations.

• Communication Skills:  Read, write and comprehend simple instructions, short correspondence and memos; Read and interpret safety rules, operating/maintenance instructions and procedure manuals; Write routine reports, correspondence and speak effectively before both internal and external groups; Read, analyze, and interpret business manuals, technical procedures and/or government regulations; Read, analyze, and interpret scientific and technical journals, financial reports and legal documents; Prepare and/or present written communications that pertain to controversial and complex topics. Language Skills: English.

• Decision-Making:  Significant responsibility for decisions and final results, affecting more than one function or a function with multiple unites.  Substantial analysis is required and many factors must be weighed before a decision can be reached. 

• Complexity, Judgment and Problem Solving:  Work requires the ability to plan and perform work in light of new or constantly changing problems, work from broad instruction, and deal with complex factors not easily evaluated.  Decisions require considerable judgment, initiative, and ingenuity in areas there is little precedent.

• Supervisory/Managerial:  Scheduling, supervision, and evaluation of work as a superior of “managers”.  Administers through subordinate managers, function multi-functional duty programs or operations.

WORKING CONDITIONS:

• Physical Demands: Frequent Sitting, Hearing, Talking, Visual, Typing, and Manual Dexterity.

• Non-Physical Demands: Frequent Analysis/Reasoning, Communication/Interpretation, Math/Mental Computation, Reading, Sustained Mental Activity (i.e., auditing, problem solving, grant writing, composing reports, etc.), and Writing.

• Environmental Demands: Occasionally Works Alone.

• Work Schedule:  Routine shift hours. Infrequent overtime, weekend, or shift rotation.

• Demands/Deadlines: High volume and variable work demands and deadlines impose strain on routine basis or considerable stress intermittently; OR regular direct contacts with distressed individuals within the immediate work environment; and/or exposure to demands and pressures from persons other than immediate supervisor.

#LI-VR

Pay Range:

The above pay range reflects the minimum and maximum target pay for the position across all U.S. locations. Within this range, individual pay is determined by various factors, including the scope and responsibilities of the role, the candidate's experience, education and skills, as well as the equity of pay among team members in similar positions. Beyond offering a competitive total rewards package, we prioritize a people-first culture and offer various opportunities to support team member growth and success.

Oshkosh is committed to working with and offering reasonable accommodation to job applicants with disabilities. If you need assistance or an accommodation due to disability for any part of the employment process, please contact us at corporatetalentacquisition@oshkoshcorp.com.

Oshkosh Corporation is a merit-based Equal Opportunity Employer. Job opportunities are open for application to all qualified individuals and selection decisions are made without regard to race, color, religion, sex, national origin, age, disability, veteran status, or other protected characteristic. To the extent that information is provided or collected regarding categories as provided by law it will in no way affect the decision regarding an employment application.

Oshkosh Corporation will not discharge or in any manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with Oshkosh Corporation's legal duty to furnish information.

Certain positions with Oshkosh Corporation require access to controlled goods and technologies subject to the International Traffic in Arms Regulations or the Export Administration Regulations. Applicants for these positions may need to be "U.S. Persons," as defined in these regulations. Generally, a "U.S. Person" is a U.S. citizen, lawful permanent resident, or an individual who has been admitted as a refugee or granted asylum.