Location: Houston,TX, USA
Job Description
Primary Purpose: A Leading energy infrastructure company, is seeking an experienced and strategic Chief Information Security Officer (CISO) to join their mission-driven and innovative organization. The CISO will be responsible for creating and managing an enterprise-wide cybersecurity program, playing a crucial role in safeguarding Sempra Infrastructure's critical information assets and infrastructure, as well as enabling secure digital transformation.
Key Responsibilities:
• Strategy & Risk Management:
• Develop and implement a robust information security strategy and program aligned with organizational objectives and regulatory requirements.
• Assess and manage cybersecurity risks across the organization's digital infrastructure, networks, and sensitive data.
• Implement risk mitigation strategies and ensure regular risk assessments and audits.
• Oversee security operations, including incident response, threat intelligence, and vulnerability management.
• Lead the organization's response to cybersecurity incidents and breaches, ensuring quick recovery and minimal impact.
• Oversee the selection and implementation of appropriate security technologies.
• Manage the security aspects of the company's digital transformation initiatives, including cloud adoption, OT, and IoT integration.
• Brief the board of directors on the cybersecurity program and develop metrics to show measurable impact and progress.
• Stay informed on emerging threats, technologies, and regulatory requirements in the energy sector.
• Governance, Risk & Compliance (GRC) & Security Awareness:
• Establish and enforce security policies and procedures that comply with relevant legal, industry standards, regulations, and best practices (e.g., NERC CIP, ISO/IEC 27001).
• Drive security awareness and training programs for employees at all levels.
• Oversee the business continuity and resiliency plan in collaboration with the CIO and other business leaders.
• Leadership & People Management:
• Lead and mentor the cybersecurity team, fostering a culture of security awareness and continuous improvement.
• Develop, attract, and retain top talent for high performance and agility.
• Create a work climate that values diversity, promotes teamwork, and emphasizes quality, customer satisfaction, creativity, continuous improvement, and cost-effectiveness.
• Collaboration & Communication:
• Collaborate with executive leadership, including the CIO, and business unit leaders to ensure security initiatives support overall company goals.
• Integrate cybersecurity into business processes and decision-making.
• Work closely with IT, operations, and other departments to ensure a cohesive approach to cybersecurity.
• Engage with vendors and external stakeholders to maintain and integrate security standards into all projects and processes.
• Serve as the liaison for collaboration and interaction with local and federal law enforcement agencies.
• Additional Duties:
• Perform other duties as assigned (no more than 5% of duties).
Qualifications
Required Qualifications:
• Education: Bachelor's degree in Computer Science, Information Security, Cybersecurity, or a closely related field, or equivalent related experience.
• Experience: 15 years of progressive experience in information security roles, with at least 5 to 7 years in a senior management role within a large, complex organization, preferably in the energy sector or related industries.
• Cybersecurity Practices and Technologies: Deep understanding of the latest cybersecurity technologies, practices, and methodologies, including intrusion detection systems, firewalls, anti-virus software, data encryption, and other industry-standard techniques and practices. Knowledge of emerging technologies and their security implications (e.g., AI, IoT, cloud computing).
• Critical Infrastructure: Experience in managing security for critical infrastructure and operational technology (OT) environments.
• Regulatory Compliance: Extensive knowledge of relevant standards and regulations such as GDPR, NERC CIP, ISO/IEC 27001, and NIST frameworks, including specific regulatory requirements applicable to the energy sector.
• Information Technology Systems: Broad knowledge of IT systems and architectures, with a strong grasp of cloud security, network security, and data security solutions.
• Crisis Management and Incident Response: Experience in crisis management and incident response.
• Strategic Planning: Strategic thinker with the ability to align security initiatives with business objectives. Proven track record of developing and implementing successful cybersecurity strategies in large, complex organizations.
• Analytical Skills: High-level analytical skills to assess security systems, foresee potential vulnerabilities, and devise strategies to mitigate risks.
• Communication: Excellent verbal and written communication skills, capable of clearly explaining complex security risks and strategies to stakeholders at all levels, including non-technical audiences.
• Leadership and Team Management: Demonstrated leadership ability to guide and inspire a team of security professionals, fostering a culture of continuous improvement and proactive security posture.
Preferred Qualifications:
• Education: Master's degree in Computer Science, Computer Information Systems Engineering, Business, or a related discipline, MBA, or equivalent training and/or experience.
• Language Skills: Bilingual (English/Spanish) highly desirable.
• Certifications:
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Chief Information Security Officer (CCISO)
• Other relevant industry certifications such as CompTIA Security+, GIAC Security Essentials, or Certified Information Systems Auditor (CISA)
Work Schedule:
• Hybrid: Work a combination of onsite and remote days each week, typically 3 days per week onsite.