Black & Veatch
Deputy CISO
Black & Veatch, Overland Park, Kansas, United States, 66213
Together, we own our company, our future, and our shared success.
As an employee-owned company, our people are Black & Veatch. We put them at the center of everything we do and empower them to grow, explore new possibilities and use their diverse talents and perspectives to solve humanity's biggest challenges in an ever-evolving world. With over 100 years of innovation in sustainable infrastructure and our expertise in engineering, procurement, consulting and construction, together we are building a world of difference.
Company :
Black & Veatch Corporation
Req Id :
105487
Opportunity Type :
Staff
Relocation eligible :
Yes
Full time/Part time :
Full-Time
Project Only Hire :
No
Visa Sponsorship Available:
No
The Opportunity
Black and Veatch seeks an experienced, dynamic, and engaging Deputy Chief Information Security Officer (CISO) to be a senior leader within the Black and Veatch Digital and Information Technology (D&IT) organization, and to lead its cyber governance capabilities by driving the strategic planning, development, and execution of enterprise-wide cybersecurity initiatives in a fast-paced, global, and innovative business environment. The Deputy CISO possesses exceptional leadership skills, creates credible connections with internal and external stakeholders and cultivates a robust cyber ecosystem, inclusive of core competencies (people), managing processes (process), and integrated platforms (technology).
The Deputy CISO reports to the CISO, assuming the role when necessary, and plays a crucial part in driving transformational improvements in cybersecurity processes and capabilities. In addition to a broad understanding of cyber risk management, reference frameworks, and mitigation strategies, this role requires the ability to think strategically, act decisively, and prioritize cyber investments to deliver outcomes that reduce the likelihood, risk, and impact of a cyber incident.
The Deputy Chief Information Security Officer (CISO) is responsible for overseeing the execution of the Black and Veatch information security portfolio of initiatives (POI) intended to programmatically mature the Black and Veatch security posture as baselined by the NIST CSF 2.0. Along with the CISO, the Deputy CISO is accountable to the Black and Veatch Board of Directors for the on-going maturity of the Black and Veatch security posture. A strong candidate will demonstrate the ability to:
Understand the evolving and fluid threat landscape and adapt the security governance program to effectively process, mitigate, and report on cyber risk.
Support the overarching cybersecurity strategy and own the mission, strategy, and roadmap for security governance activities. Foster transparency by developing, maintaining, and reporting upon the governance program's key performance indicators/metrics.
Maintain strong oversight of vendors, business partners, and other third parties to manage and report upon supply chain cyber risk.
Liaise with internal and external auditors and other third parties to execute cyber-related audit and assessment activities. Analyze risk findings and document, recommend, and report upon the mitigation status of identified gaps to leadership.
Mentor team members, enhance their influence and negotiation skills, and promote professional growth.
Demonstrate strong understanding of administrative, physical, and technical controls used to govern, identify, protect, detect, respond, and recover from cyber threats and attacks.
Collaborate with and influence cross-functional stakeholders to adopt a security mindset, abide by security policies and standards, identify security weaknesses, and proactively manage and report on cyber risks. Promote a "secure by design" framework across product development lifecycles.
Advocate for resources necessary for the cybersecurity team's success through compelling and data-driven business cases; lead the cybersecurity program, advocate for needed investment, and administer budget in partnership with CISO and domain leads.
Key Responsibilities
Collaborate in the creation of the Black and Veatch cybersecurity strategy, roadmap, and standards. Ensure alignment with Black and Veatch strategy, enterprise policies, and regulatory obligations.
Establish, maintain, and report upon cyber key performance indicators that provide visibility into the operation of key elements of the Black and Veatch cybersecurity program and foster responsibility and accountability for overall cyber health across the Black and Veatch cyber ecosystem.
Oversee the daily operations of the information security program; Ensure delivery of critical projects, manage internal status reporting and risk mitigation for these projects.
Demonstrate excellent business judgment, engender trust, and educate Black and Veatch leaders on the "why" behind cyber investment and its relationship to mitigating enterprise risk and maturing the Black and Veatch security posture.
Build cyber resilience into strategic initiatives, such as new digital product deployments, M&A playbooks, novel technologies (e.g., AI and GenAI) and cloud adoption.
Provide security advisory services that instill a security mindset across Black and Veatch, helping all users understand their role in the cybersecurity ecosystem.
Foster cyber-aware behaviors; inspire the adoption of reasonable security practices; and understand, manage, and report upon cyber risk.
Leverage security tools, independent third parties, internal audit, and the cybersecurity team to identify security weaknesses and take actions to reduce Black and Veatch exposure to harmful threats, including insider risk.
Engage with regulators, clients, and employee owners to educate on the Black and Veatch cybersecurity program, assist deal teams with cyber diligence upon request.
Ensure cyber risks identified in security assessments, audits, and security testing are centrally recorded, reported upon quarterly, and tracked through closure.
Administer the cyber risk acceptance process.
Influence the adoption of secure design patterns, embed security-related value streams into the agile development lifecycle, and align new and existing technology deployments with evolving security standards.
Deploy new security technologies and enhancements to existing security technologies and processes to strengthen Black and Veatch cyber resilience.
Listen to stakeholders; attract, develop, and retain cyber talent; and partner with cross-functional areas to protect Black and Veatch from brand, financial, legal & regulatory and operational harm resulting from a cyber breach.
Demonstrate exemplary team building skills with a focus on recruitment, retention, career development, and succession planning. Inspire and motivate team members to identify and achieve bold cyber goals.
Administer Security budget and oversee quarterly budget planning and forecasting.
Leverage agile principles to gain efficiency in cyber security program execution to deliver on value streams within budget and consistent with rolling 12-month roadmap.
Management Responsibilities
Supervises work of others. Responsible for hiring, discipline, and pay administration of their subordinates.
Preferred Qualifications
Bachelor’s degree in Computer Science, Information Technology, or a related field.
Security certifications: CISSP, CISA or CISM, required.
12+ years of experience as a security professional including a breadth of experience covering multiple areas of security and compliance.
5+ years of management experience, managing teams of 5-10 individual contributors and proven ability to grow the skillset and careers of technical professionals.
Prior experience working in federally regulated, preferred.
Strong history of managing and developing high performing teams, and retaining and attracting top cyber talent, preferred.
Possesses excellent interpersonal, relationship building and influencing skills; has demonstrated success in influencing key decision makers and business partners to build positive working relationships and in gaining support for cybersecurity investment to execute against strategic initiatives.
Uses excellent written/verbal communication and presentation skills to bolster cyber acumen and advocacy across diverse stakeholders, including senior executives, end users, and board members.
Successful track record as a change agent, setting priorities and delivering cyber outcomes across diverse and dynamic environments. Strong ability to assess the current and future value of a wide spectrum of cyber technologies and to make informed recommendations regarding the introduction of new business enabling technology solutions. Demonstrates prudent financial management in the delivery of key results.
Deep understanding of cybersecurity program planning and managing interdependence across a complex technology landscape, including governance, risk management, architecture, technology onboarding, vulnerability management, awareness and training, and cyber third-party risk management. Experience in the development, implementation, and operationalizing on-going cyber capabilities / solutions.
Strong execution skills and an understanding of how to create, monitor and report on project execution and on how to measure and report on program success.
Strong technical foundation, including security architecture, vulnerability management, threat modeling, assessment and testing, and secure software development.
Strong understanding and knowledge of common information security management frameworks, such as ISO/IEC 27001, and the NIST CSF.
Experienced in general cybersecurity regulatory and compliance (e.g., SOX, SOC2, HITRUST, FedRamp, DFARS, CMMC, etc.).
Minimum Qualifications
All applicants must be able to complete pre-employment onboarding requirements (if selected) which may include any/all of the following: criminal/civil background check, drug screen, and motor vehicle records search, in compliance with any applicable laws and regulations.
Work Environment/Physical Demands
Typical office environment.
Competencies
Customer focus
Manages ambiguity
Builds effective teams
#J-18808-Ljbffr
As an employee-owned company, our people are Black & Veatch. We put them at the center of everything we do and empower them to grow, explore new possibilities and use their diverse talents and perspectives to solve humanity's biggest challenges in an ever-evolving world. With over 100 years of innovation in sustainable infrastructure and our expertise in engineering, procurement, consulting and construction, together we are building a world of difference.
Company :
Black & Veatch Corporation
Req Id :
105487
Opportunity Type :
Staff
Relocation eligible :
Yes
Full time/Part time :
Full-Time
Project Only Hire :
No
Visa Sponsorship Available:
No
The Opportunity
Black and Veatch seeks an experienced, dynamic, and engaging Deputy Chief Information Security Officer (CISO) to be a senior leader within the Black and Veatch Digital and Information Technology (D&IT) organization, and to lead its cyber governance capabilities by driving the strategic planning, development, and execution of enterprise-wide cybersecurity initiatives in a fast-paced, global, and innovative business environment. The Deputy CISO possesses exceptional leadership skills, creates credible connections with internal and external stakeholders and cultivates a robust cyber ecosystem, inclusive of core competencies (people), managing processes (process), and integrated platforms (technology).
The Deputy CISO reports to the CISO, assuming the role when necessary, and plays a crucial part in driving transformational improvements in cybersecurity processes and capabilities. In addition to a broad understanding of cyber risk management, reference frameworks, and mitigation strategies, this role requires the ability to think strategically, act decisively, and prioritize cyber investments to deliver outcomes that reduce the likelihood, risk, and impact of a cyber incident.
The Deputy Chief Information Security Officer (CISO) is responsible for overseeing the execution of the Black and Veatch information security portfolio of initiatives (POI) intended to programmatically mature the Black and Veatch security posture as baselined by the NIST CSF 2.0. Along with the CISO, the Deputy CISO is accountable to the Black and Veatch Board of Directors for the on-going maturity of the Black and Veatch security posture. A strong candidate will demonstrate the ability to:
Understand the evolving and fluid threat landscape and adapt the security governance program to effectively process, mitigate, and report on cyber risk.
Support the overarching cybersecurity strategy and own the mission, strategy, and roadmap for security governance activities. Foster transparency by developing, maintaining, and reporting upon the governance program's key performance indicators/metrics.
Maintain strong oversight of vendors, business partners, and other third parties to manage and report upon supply chain cyber risk.
Liaise with internal and external auditors and other third parties to execute cyber-related audit and assessment activities. Analyze risk findings and document, recommend, and report upon the mitigation status of identified gaps to leadership.
Mentor team members, enhance their influence and negotiation skills, and promote professional growth.
Demonstrate strong understanding of administrative, physical, and technical controls used to govern, identify, protect, detect, respond, and recover from cyber threats and attacks.
Collaborate with and influence cross-functional stakeholders to adopt a security mindset, abide by security policies and standards, identify security weaknesses, and proactively manage and report on cyber risks. Promote a "secure by design" framework across product development lifecycles.
Advocate for resources necessary for the cybersecurity team's success through compelling and data-driven business cases; lead the cybersecurity program, advocate for needed investment, and administer budget in partnership with CISO and domain leads.
Key Responsibilities
Collaborate in the creation of the Black and Veatch cybersecurity strategy, roadmap, and standards. Ensure alignment with Black and Veatch strategy, enterprise policies, and regulatory obligations.
Establish, maintain, and report upon cyber key performance indicators that provide visibility into the operation of key elements of the Black and Veatch cybersecurity program and foster responsibility and accountability for overall cyber health across the Black and Veatch cyber ecosystem.
Oversee the daily operations of the information security program; Ensure delivery of critical projects, manage internal status reporting and risk mitigation for these projects.
Demonstrate excellent business judgment, engender trust, and educate Black and Veatch leaders on the "why" behind cyber investment and its relationship to mitigating enterprise risk and maturing the Black and Veatch security posture.
Build cyber resilience into strategic initiatives, such as new digital product deployments, M&A playbooks, novel technologies (e.g., AI and GenAI) and cloud adoption.
Provide security advisory services that instill a security mindset across Black and Veatch, helping all users understand their role in the cybersecurity ecosystem.
Foster cyber-aware behaviors; inspire the adoption of reasonable security practices; and understand, manage, and report upon cyber risk.
Leverage security tools, independent third parties, internal audit, and the cybersecurity team to identify security weaknesses and take actions to reduce Black and Veatch exposure to harmful threats, including insider risk.
Engage with regulators, clients, and employee owners to educate on the Black and Veatch cybersecurity program, assist deal teams with cyber diligence upon request.
Ensure cyber risks identified in security assessments, audits, and security testing are centrally recorded, reported upon quarterly, and tracked through closure.
Administer the cyber risk acceptance process.
Influence the adoption of secure design patterns, embed security-related value streams into the agile development lifecycle, and align new and existing technology deployments with evolving security standards.
Deploy new security technologies and enhancements to existing security technologies and processes to strengthen Black and Veatch cyber resilience.
Listen to stakeholders; attract, develop, and retain cyber talent; and partner with cross-functional areas to protect Black and Veatch from brand, financial, legal & regulatory and operational harm resulting from a cyber breach.
Demonstrate exemplary team building skills with a focus on recruitment, retention, career development, and succession planning. Inspire and motivate team members to identify and achieve bold cyber goals.
Administer Security budget and oversee quarterly budget planning and forecasting.
Leverage agile principles to gain efficiency in cyber security program execution to deliver on value streams within budget and consistent with rolling 12-month roadmap.
Management Responsibilities
Supervises work of others. Responsible for hiring, discipline, and pay administration of their subordinates.
Preferred Qualifications
Bachelor’s degree in Computer Science, Information Technology, or a related field.
Security certifications: CISSP, CISA or CISM, required.
12+ years of experience as a security professional including a breadth of experience covering multiple areas of security and compliance.
5+ years of management experience, managing teams of 5-10 individual contributors and proven ability to grow the skillset and careers of technical professionals.
Prior experience working in federally regulated, preferred.
Strong history of managing and developing high performing teams, and retaining and attracting top cyber talent, preferred.
Possesses excellent interpersonal, relationship building and influencing skills; has demonstrated success in influencing key decision makers and business partners to build positive working relationships and in gaining support for cybersecurity investment to execute against strategic initiatives.
Uses excellent written/verbal communication and presentation skills to bolster cyber acumen and advocacy across diverse stakeholders, including senior executives, end users, and board members.
Successful track record as a change agent, setting priorities and delivering cyber outcomes across diverse and dynamic environments. Strong ability to assess the current and future value of a wide spectrum of cyber technologies and to make informed recommendations regarding the introduction of new business enabling technology solutions. Demonstrates prudent financial management in the delivery of key results.
Deep understanding of cybersecurity program planning and managing interdependence across a complex technology landscape, including governance, risk management, architecture, technology onboarding, vulnerability management, awareness and training, and cyber third-party risk management. Experience in the development, implementation, and operationalizing on-going cyber capabilities / solutions.
Strong execution skills and an understanding of how to create, monitor and report on project execution and on how to measure and report on program success.
Strong technical foundation, including security architecture, vulnerability management, threat modeling, assessment and testing, and secure software development.
Strong understanding and knowledge of common information security management frameworks, such as ISO/IEC 27001, and the NIST CSF.
Experienced in general cybersecurity regulatory and compliance (e.g., SOX, SOC2, HITRUST, FedRamp, DFARS, CMMC, etc.).
Minimum Qualifications
All applicants must be able to complete pre-employment onboarding requirements (if selected) which may include any/all of the following: criminal/civil background check, drug screen, and motor vehicle records search, in compliance with any applicable laws and regulations.
Work Environment/Physical Demands
Typical office environment.
Competencies
Customer focus
Manages ambiguity
Builds effective teams
#J-18808-Ljbffr