Apply on Employer Site

Summit Utilities, Inc. · 1 month ago

Director of Information Security

Fort Smith, AR

Full-time

Hybrid

Director/Executive

10+ years exp

Summit Utilities, Inc. is a growing natural gas utility recognized for its commitment to excellence and innovation. The Director of Information Security is responsible for protecting the company's digital and physical information assets, overseeing cybersecurity governance, risk management, and business continuity while developing a forward-looking security strategy that aligns with operational excellence and compliance obligations.

Natural Resources

Growth Opportunities

Responsibilities

Lead the design, implementation, and continuous improvement of Summit’s enterprise information security program — covering cybersecurity, AI and data protection, risk management, and incident response

Ensure strong alignment between security strategy, business goals, and regulatory requirements, particularly in the context of emerging AI use cases, machine learning models, and data governance

Oversee the IT Business Continuity and Disaster Recovery (BCP/DR) programs, including Business Impact Analysis (BIA) and scenario-based recovery exercises

Develop and enforce comprehensive policies, standards, and procedures aligned with frameworks such as NIST CSF 2.0, C2M2, and ISO 27001

Partner with data, application, and operations leaders to ensure secure design, access control, and model integrity across AI and analytics systems

Direct risk assessments and audits to identify vulnerabilities, ensuring mitigation strategies are financially sound and proportionate to organizational risk appetite

Maintain strict adherence to financial controls — including vendor spend, contract review, and security-related procurement — demonstrating accountability for budget stewardship and cost transparency

Lead and mentor a high-performing information security team, fostering a culture of ethics, service, and continuous learning

Serve as the executive liaison for internal and external audits, compliance reviews, and regulatory reporting related to cybersecurity

Stay ahead of evolving threats, particularly those involving AI misuse, data poisoning, and adversarial attacks, and integrate defenses into enterprise security posture

Provide executive-level reporting on risk posture, incidents, and metrics that connect security outcomes to business and financial value

Qualification

CybersecurityRisk ManagementIncident ResponseAI SecurityFinancial AccountabilitySecurity FrameworksCloud SecurityEthical LeadershipLeadershipCommunication Skills

Required

Bachelor's or Master's degree in information security, Computer Science, Information Technology, or a related field

10+ years of experience in information security, including at least 5 years in a senior leadership or management capacity

Demonstrated experience managing security for cloud and hybrid environments, and integrating controls for AI, analytics, and data platforms

Proven record of financial accountability, including budget ownership, cost optimization, and vendor governance

Experience implementing and auditing against leading security frameworks (NIST CSF, C2M2, ISO 27001, SOC 2) and regulatory standards (GDPR, HIPAA, PCI, etc.)

Deep expertise in cybersecurity, risk management, and incident response, including threat intelligence, vulnerability management, and data protection

Strong knowledge of AI and data security principles, including model governance, data ethics, and emerging threats tied to generative AI

Uncompromising integrity and sound judgment in handling confidential and financial information

Strong grasp of financial concepts related to technology management: budgeting, forecasting, cost-benefit analysis, and vendor contract negotiation

Exceptional leadership and communication skills — able to translate complex security concepts into clear, actionable guidance for executives and teams

Ability to lead under pressure with discipline, humility, and transparency

Demonstrated track record of fostering a culture of trust, compliance, and ethical leadership