Apply on Employer Site

Tecta America Commercial Roofing · 1 month ago

Director of Information Security and Data Governance

Rosemont, Illinois

Full-time

Onsite

Director/Executive

$140K/yr - $190K/yr

7+ years exp

Tecta America is the leading commercial roofing company in the U.S. and they are seeking a dynamic leader to drive their enterprise-wide cybersecurity and data governance strategy. In this role, you will safeguard sensitive data and IT infrastructure across a distributed environment while overseeing advanced security technologies and shaping the organization's security posture.

Construction

Responsibilities

Develop and execute a comprehensive cybersecurity strategy, with a focus on risk management, threat detection, and incident response

Oversee the implementation and management of Fortinet firewalls for network security, ensuring optimal performance in protecting internal and external assets

Lead the management and optimization of SentinelOne for endpoint protection, ensuring the security of devices across the organization and the rapid detection of potential threats

Collaborate with IT Operations to embed security across all IT initiatives and operations, ensuring proactive security measures are taken from the start

Work closely with development teams to integrate secure software development practices (e.g., threat modeling, secure coding, code reviews, and penetration testing) into the SDLC for in-house developed software solutions

Develop and enforce a data governance framework to classify, protect, and secure sensitive data across the company’s distributed operations

Implement and maintain encryption and access control mechanisms to safeguard PII, financial data, and other sensitive information

Leverage Veeam backups and disaster recovery solutions to ensure data availability and resilience in case of cyber incidents or natural disasters

Coordinate with external vendors to ensure data security standards are maintained for managed services and third-party integrations

Conduct regular security risk assessments, vulnerability scanning, and penetration testing to identify and address potential threats

Ensure compliance with relevant data privacy and security regulations (e.g., GDPR, CCPA, SOC 2, ISO 27001) and guide the company through audit and certification processes

Develop and enforce policies to mitigate risks associated with cloud-based services, on-premise infrastructure, and remote locations

Lead the development and execution of an incident response plan that addresses potential data breaches, ransomware attacks, and other security incidents

Oversee the management and configuration of Fortinet firewalls, SentinelOne endpoint protection, and Veeam backup systems to ensure continuous data protection and rapid incident detection and recovery

Monitor and respond to security alerts, utilizing SentinelOne and other tools to investigate, contain, and mitigate potential threats in real time

Develop and execute a company-wide security awareness program to educate employees on the importance of data protection and best practices for securing sensitive information

Provide targeted training on phishing prevention, secure data handling, and threat awareness, tailored to employees at all levels of the organization

Partner with the CIO to define and implement a roadmap for evolving the organization’s security strategy, with the goal of transitioning into a CISO role as the company’s security needs mature

Serve as a thought leader in the organization, guiding teams on emerging threats, industry best practices, and innovative security solutions

Mentor and support cross-functional teams in integrating security into their workflows and operational processes

Qualification

Cybersecurity strategyData governanceFortinet firewallsSentinelOneCISSP certificationVMware serversVeeam backupsCybersecurity frameworksLeadership skillsCommunication skillsProblem-solving skills