Apply on Employer Site

SRM Concrete · 2 months ago

Director of Information Security

Smyrna, TN

Full-time

Onsite

Director/Executive

10+ years exp

Smyrna Ready Mix (SRM) is a growing leader in the ready-mix concrete industry, recognized for excellence, integrity, and innovation. The Director of Information Security will lead the strategy, implementation, and continuous improvement of SRM’s cybersecurity posture, overseeing all aspects of information security governance, risk management, compliance, and operations.

Building MaterialCommercial Real EstateConstructionReal Estate

Responsibilities

The Director of Information Security is responsible for the full lifecycle of SRM’s cybersecurity program — from strategic planning and design through implementation, monitoring, and continuous improvement

Develop and execute SRM’s enterprise-wide information security strategy, roadmap, and governance framework, ensuring consistent control design, secure system integration, and architectural alignment with Zero Trust principles

Lead and mentor the information security team, fostering a culture of collaboration, accountability, and ongoing professional development

Establish and maintain cybersecurity policies, standards, and procedures in alignment with industry best practices (NIST, CIS, ISO 27001)

Design and oversee the implementation of security controls across network, system, application, and cloud infrastructures (Azure, OCI, O365)

Collaborate with IT leadership to integrate security into all technology projects, ensuring secure design, configuration, and deployment practices

Manage risk assessments, vulnerability management, and remediation activities, prioritizing mitigation efforts based on business impact

Oversee identity and access management (IAM) strategy, ensuring proper integration with Microsoft Entra ID (Azure AD), Active Directory, and role-based access controls, as well as other identity strategies to be evaluated and implemented

Oversee enterprise security operations and incident response, leveraging SIEM, threat intelligence, and analytics to detect and mitigate risks, while leading disaster recovery planning, simulation exercises, periodic threat assessments and penetration testing, and post-incident reviews to strengthen organizational resilience

Coordinate audits and compliance efforts related to security, privacy, and data protection (SOX, PCI, GDPR, etc. as applicable)

Define and track risk metrics on key cybersecurity performance indicators (KPIs) including health, incidents, and strategic initiatives and provide executive reports to CIO and IT leadership regularly and C-suite as needed

Partner with CIO and IT Leadership, along with Legal and HR teams to ensure adherence to evolving data privacy and regulatory requirements

Develop security strategies for operational technology (OT) and industrial IoT environments, including plant networks, weigh systems, and telemetry

Develop and manage enterprise-wide security awareness and training programs to promote a strong security culture

Evaluate emerging threats and technologies, recommending appropriate security solutions and investments

Establish and oversee third-party and supply-chain risk management processes, ensuring that vendor systems and services meet SRM’s security and privacy requirements

Collaborate across IT disciplines (systems, networking, applications) to ensure end-to-end resilience, visibility, and alignment of security priorities with operational needs

Qualification

Information Security StrategyCybersecurity GovernanceCloud Security (Azure/OCI)Risk Management FrameworksIncident Response ManagementIdentityAccess ManagementSecurity Compliance ProgramsSecurity Awareness TrainingAnalytical SkillsBudget ManagementEmerging Threats EvaluationLeadership SkillsCommunication SkillsInterpersonal SkillsStrategic ThinkingTeam CollaborationProject Management

Required

Bachelor's degree in Information Security, Computer Science, or related field (Master's preferred)

10+ years of progressive experience in IT and information security, including at least 5 years in a leadership or management role

Strong technical foundation in network, system, and cloud security, including firewalls, SIEM, endpoint protection, identity management, and incident response

Proven experience implementing and managing security programs across hybrid (on-prem/cloud) infrastructures

Deep understanding of various security suites for endpoint management and security (Defender, Entra ID, Intune, SentinelOne, Avanon, Azure Security Center and similar)

Knowledge of risk management frameworks such as NIST CSF, ISO 27001, and CIS Controls

Demonstrated success developing policy, governance, and compliance programs

Strong analytical and strategic thinking skills with the ability to translate complex security issues into business terms

Excellent communication, leadership, and interpersonal skills; able to influence across technical and executive levels

Relevant certifications such as CISSP, CISM, CISA, or CRISC

Experience with industrial or operational technology (OT) environments is a plus

Experience with Zero Trust architecture and cloud-native security solutions

Experience leading incident response teams or managing security operations centers (SOC)

Knowledge of data loss prevention (DLP), MFA, SIEM/SOAR, and endpoint detection and response (EDR) platforms

Proven ability to develop, budget for, and manage information security projects ensuring strategic investment in technologies, tools, and personnel are implemented timely and with minimal service impact