Jobs · Manufacturing

Chief Information Security Officer (CISO)

Mission Critical Group · United States · Yesterday
RemoteRemoteManufacturing$5/hrFull-time

Key Responsibilities

  • Develop and execute the enterprise cybersecurity strategy aligned with business objectives.
  • Present cybersecurity risks, metrics, investment strategies, and emerging threats to executive leadership.
  • Build a security-first culture throughout the organization.
  • Develop long-term cybersecurity roadmaps supporting mergers, acquisitions, and business growth.
  • Lead the enterprise security program including: Information Security Governance, Cyber Risk Management, Security Policies and Standards, Enterprise Security Architecture, Third-Party Risk Management, Data Governance, AI Governance, Security Awareness Program, Enterprise Vulnerability Management.
  • Develop security scorecards and executive dashboards to measure organizational risk.
  • Lead security initiatives protecting: Industrial Control Systems (ICS), SCADA Environments, PLC Networks, Manufacturing Execution Systems (MES), Robotics, IoT Devices, Plant Networks, Building Automation Systems.
  • Provide oversight for: Microsoft 365, Azure Active Directory / Entra ID, Identity Governance, Privileged Access Management (PAM), Endpoint Detection & Response (EDR), SIEM / SOAR, Email Security, Secure Cloud Architecture, Data Loss Prevention (DLP), Network Security, VPN, Firewalls, Secure Remote Access.
  • Ensure compliance with: NIST Cybersecurity Framework (CSF), NIST SP 800-53, NIST SP 800-171, CMMC Level 2 (if applicable), ISO 27001, SOC 2 Type I, II, III, CMMC, ITAR, DFAR, GDPR, CCPA, HIPAA (where applicable).
  • Lead internal and external security audits.
  • Establish enterprise processes for: Cyber Risk Assessments, Business Impact Analysis, Risk Register Management, Vendor Security Reviews, Penetration Testing, Security Architecture Reviews, Application Security, Secure Software Development, M&A Security Due Diligence, Security Operations Center (SOC), Incident Response, Threat Hunting, Threat Intelligence, Digital Forensics, Vulnerability Management, Patch Governance, Security Monitoring, Identity Monitoring, Endpoint Protection, Cyber Incident Response Plan, Business Continuity & Disaster Recovery, Ransomware Recovery, Crisis Management, Tabletop Exercises, Executive Incident Simulations, Data Protection, Disaster Recovery Testing, Ransomware Recovery Readiness, Security Budget Performance.
  • Develop and test the Cyber Incident Response Plan.
  • Lead enterprise resiliency programs including: Disaster Recovery, Business Continuity, Cyber Recovery, Ransomware Recovery, Crisis Management, Tabletop Exercises, Executive Incident Simulations.
  • Develop enterprise data protection strategies covering: Intellectual Property, Engineering Designs, CAD Files, ERP Data, Manufacturing Data, Customer Information, Financial Information, Supplier Information.
  • Implement: Data Classification, Encryption, Rights Management, Data Loss Prevention, Secure Collaboration.
  • Provide executive oversight for: AI Governance Program, Secure AI Adoption, LLM Risk Management, AI Vendor Assessments, Responsible AI Policies, AI Data Protection, AI Security Controls, Shadow AI Prevention, AI Risk Assessments.
  • Develop and manage a mature vendor security program including: Security Assessments, Contract Security Requirements, Continuous Monitoring, Supply Chain Risk Management, Software Risk Reviews, Cloud Vendor Governance.
  • Lead and mentor teams responsible for: Security Engineering, Security Operations, Governance, Risk & Compliance (GRC), Identity & Access Management, OT Security, Cloud Security, Security Architecture, Security Awareness, Disaster Recovery.
  • Manage cybersecurity budgets, staffing, strategic planning, and technology investments.

Qualifications

  • Bachelor's degree in Cybersecurity, Computer Science, Information Systems, Engineering, or related field.
  • 15+ years of progressive IT and cybersecurity leadership experience.
  • 8+ years leading enterprise cybersecurity organizations.
  • Experience in securing manufacturing environments.
  • Experience securing Operational Technology (OT).
  • Experience presenting to executive leadership and Boards.
  • Experience leading enterprise incident response.
  • Experience managing cybersecurity budgets exceeding $5M.
  • Strong knowledge of Microsoft enterprise security technologies.

Key Competencies

  • Leadership
  • Strategic planning
  • Cyber risk management
  • Board communication
  • Manufacturing cybersecurity
  • OT/ICS security
  • Crisis leadership
  • Regulatory compliance
  • Enterprise architecture
  • Cloud security
  • AI governance
  • Vendor negotiations
  • Team development
  • Financial management
  • Change leadership

Additional Information

A Note to our Recruitment Partners: We really appreciate the interest, but MCG currently manages hiring through our internal team. We love getting to know our candidates directly! Because of this, we don’t accept unsolicited resumes from agencies at this time. If we ever need an extra hand, we’ll be sure to reach out to the community. Thanks for understanding!

MCG is an equal opportunity employer prohibiting discrimination based on race, color, creed, religion, sex, marital status, physical or mental disability, and any other protected classes stated by applicable federal and state laws. MCG is committed to providing equal employment opportunities to qualified individuals with disabilities and to act in accordance with regulations and guidance issued by the Equal Employment Opportunity Commission (EEOC).

Similar jobs