Chief Information & Security Officer

Description

Join our team at the Corporate level as a Part Time or Full Time Chief Information & Security Officer, located at one of our facilities in Denver, Colorado or Batavia, New York. 

Job Title: Chief Information & Security Officer

Reports To: CEO

FLSA Status & EEO Code: Part Time / Full Time / Senior Level Official and Manager

Division/Department: GHM Corporation / Information Technology

Level of Work: Level III - IV

Position Summary: The dual-role Chief Information Officer (CIO) / Chief Information Security Officer (CISO) will collaborate with Corporate Leaders and Business Unit IT Managers to develop and implement the Corporate information technology strategy and security program aligned with industry best practices to effectively and efficiently serve the business, its customers, and stakeholders. Demonstrates strong leadership, strategic vision, technical expertise, and a robust understanding of cybersecurity principles to create a secure, efficient, and scalable IT environment. Responsible for leading technology innovations, IT governance, risk management, and cybersecurity efforts to safeguard the organization’s digital infrastructure, data, and assets. 

Key Results Areas:  

IT Strategy & Leadership

• Develop and execute the Corporate IT strategy via 5-year roadmap, ensuring alignment with the overall business objectives and goals, customer requirements, and regulatory environments.
• Setup and lead the Corporate IT Change Advisory Board to ensure all changes are aligned with long-term strategic roadmap.
• Provide guidance and mentorship to ensure the Business Units successfully meet business and security requirements.
• Lead corporate application lifecycle management and negotiate contracts for bulk licensing.
• Oversee the development and implementation of technology initiatives, ensuring they deliver value, innovation, and efficiency across the organization.
• Collaborate with Business Units and Corporate leadership to identify IT solutions that drive business growth, optimize IT resources, and improve operational efficiency.
• Publish an annual IT strategy and technology report. Relevant details shall be integrated into the public reporting documentation.

Information Security & Risk Management

• Ensure the organization's IT infrastructure and systems are secure, implementing robust security practices and policies for both domestic and international business.
• Lead efforts to design, implement, and maintain an effective information security program to protect sensitive data and ensure compliance with security regulations.
• Leverage CISSP knowledge to integrate security best practices across the organization’s systems, including risk management, access control, cryptography, and disaster recovery.
• Conduct regular security assessments and audits to identify vulnerabilities and ensure compliance with industry regulations.
• Oversee the IT risk management plan and development of incident response plans and coordinate responses to security incidents and data breaches.
• Lead cybersecurity reporting to the Board of Directors.

IT Governance & Compliance

• Ensure compliance with relevant legal and regulatory requirements related to IT and data security including ITAR, EAR, PCI, CUI, CMMC, and NN801.
• Establish and enforce IT governance frameworks and policies that maintain operational efficiency and data protection.
• Define authority, responsibilities, reporting, controls, approvals, and metrics to optimize IT value to the company and its stakeholders.
• Ensure that the organization adheres to data privacy laws, industry standards, and regulations, working closely with legal teams and external auditors.
• Develop and manage IT audits, ensuring that security measures and policies are continually monitored and improved. Oversee audits by external entities.

Technology Infrastructure & Operations

• Support the Business Unit management and optimization of IT infrastructure, including networks, servers, cloud systems, and software applications.
• Ensure IT systems are reliable, scalable, and cost-efficient while delivering optimal performance.
• Define and implement standardized project management methodology to ensure effective resource planning and implementation standards.
• Implement industry best practices for IT operations, including system monitoring, backups, data integrity, and uptime, ensuring high availability of critical systems.
• Lead the development and implementation of cloud migration strategies, ensuring efficient data storage and quick recovery capability.

Digital Transformation & Innovation

• Lead the organization’s digital transformation efforts, identifying opportunities for innovation through new technologies.
• Stay abreast of emerging technology trends (e.g., AI, machine learning, IoT) and assess their potential impact on the organization.
• Promote a culture of continuous improvement within the IT department, encouraging innovation and the adoption of best practices.

Development & Leadership

• Mentor and develop the Business Unit IT teams by fostering a culture of collaboration, accountability, and continuous learning.
• Provide strategic direction and technical leadership to IT, ensuring alignment with organizational goals.
• Develop and implement IT talent management strategy.
• Provide input for yearly IT team performance reviews including development and career growth recommendations.
• Promote a culture of security awareness across all teams, ensuring all employees understand their role in protecting organizational assets.

Qualifications:

To qualify for this position, an individual must possess the knowledge, training, experience and abilities required. 

Education and Training

• Bachelor’s Degree in Information Technology, Computer Information Systems, or related field. Preferably a technical Master’s Degree with Business acumen.
• Certified Information Systems Security Professional (CISSP) required

Experience: 

• 10+ years of IT leadership experience in information technology with expertise depth in information security, application management, network infrastructure, risk management, compliance, and IT governance.
• Extensive knowledge and experience complying with NIST 800, CMMC, CUI, NN801 and ITAR requirements.
• Demonstrated expertise in IT strategy, digital transformation, and technology innovation within small business framework.
• Management and leadership of a multi-site IT organization with international offices
• Solid understanding of cloud platforms, infrastructure management, and emerging technologies.
• Strong knowledge of IT frameworks and methodologies (e.g., ITIL, COBIT, TOGAF, NIST).

Other: 

• Must be willing to work overtime as required.
• National travel may be required.
• Travel up to 10% of working time.

Skills:

To perform the job successfully, an individual should demonstrate the following competencies: 

• Proven ability to mentor, lead, influence, and collaborate with diverse stakeholders
• Ability to translate strategic vision to tactical implementation
• Effective change management fundamentals
• Sponsors creativity and innovation
• Experience providing clear guidance to organization employees connecting policies to practices ensuring the overall compliance and ethical behavior of an organization.
• Strong risk assessment / management, problem-solving, and communication skills

Physical and Mental Demands

The physical demands and work environment characteristics described here are representative of those that must be met by an employee to successfully perform the essential functions of the position. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Physical demands: While performing the duties of this position, the incumbent is primarily required to sit, stand, walk, stoop, and bend. Required to speak and communicate clearly with others. 
• Mental demands: While performing the duties of this position, the incumbent is required to read, write, analyze data and reports, exercise judgment, develop plans, procedures and goals, present information to others and work under pressure.
• Work Environment: This job primarily operates in a clerical office setting. This role routinely uses standard office equipment such as computers, phones, photocopiers and filing cabinets. 

Work Authorization/Security Clearance

Must be able to work in the U.S without sponsorship. U.S. government security clearance will be required.

This job description is not all inclusive but rather serves as a general guideline of the current needs of the position and can be modified at the discretion of management to meet current business needs. Experience and education requirements are the primary basis for awarding this position, however substitutions that are essentially equivalent may be made as they relate to the essential functions, duties, and responsibilities of this position