Sempra Services Corporation
Director - Cybersecurity & Chief Information Security Officer (CISO)
Sempra Services Corporation, Houston, Texas, United States, 77246
Primary PurposeSempra Infrastructure, a leading energy infrastructure company, is seeking an experienced and strategic Chief Information Security Officer (CISO) to join their mission-driven and innovative organization. The CISO will be responsible for creating and managing an enterprise-wide cybersecurity program which will play a crucial role in safeguarding Sempra Infrastructure's critical information assets and infrastructure as well as enabling secure digital transformation.
Reporting directly to the Vice President & Chief Information Officer (CIO), you will create strategy, policies and standards as they relate to application security, infrastructure security, compliance and security operations to ensure a robust security governance framework in alignment with business objectives and regulatory requirements. You will be responsible for leading the cybersecurity organization based in the US and Mexico, setting strategic priorities for cybersecurity initiatives, and ensuring the implementation of cybersecurity best practices across international operations. This role requires executive leadership experience, direct experience in leading a global security team in a highly regulated industry, and a strong background in global security regulations and compliance.
The ideal candidate will fill a visible, strategic, and high-impact leadership role within the organization. You will have excellent domain knowledge, and skills that leverage the capabilities of peers, business partners, and clients. You will instill the duty to protect our systems and the data of customers, employees, investors and partners. As such, this leader must engender control, trust, accountability, transparency, and urgency in the execution of his/her responsibilities. The ideal candidate will balance technical expertise with business acumen to drive a culture of security across our global operations.
Duties and ResponsibilitiesValue Delivery, Strategy & Risk Management
Develop and implement a robust information security strategy and program that aligns with the organization's objectives and regulatory requirements.Assess and manage cybersecurity risks across the organization's digital infrastructure, networks, and sensitive data. Implement risk mitigation strategies and ensure regular risk assessments and audits.Ensure the successful execution of cybersecurity program initiatives aimed at continuous improvements and increased cybersecurity maturity.Oversee security operations, including incident response, threat intelligence, and vulnerability management at all locations. Lead the organization's response to cybersecurity incidents and breaches, ensuring quick recovery and minimal impact.Oversee the selection and implementation of appropriate security technologies to protect the organization's systems and data.Oversee the security aspects of the company's digital transformation initiatives, including cloud adoption, OT and IoT integration.Brief the board of directors on the cybersecurity program and develop metrics to show measurable impact and progress of the cyber program and risk landscape.Stay informed on emerging threats, technologies, and regulatory requirements in the energy sector.
GRC & Security Awareness
Establish and enforce security policies and procedures that comply with relevant legal, industry standards, regulations, and best practices (e.g., NERC CIP, ISO/IEC 27001).Drive security awareness and training programs for employees at all levels to instill a sense of culture for cybersecurity.Oversee the business continuity and resiliency plan in strong collaboration with the CIO and other business leaders.
Leadership & People Management
Lead and mentor the cybersecurity team, fostering a culture of security awareness and continuous improvement.Develop, attract, and retain top talent for high performance and agility.Create a work climate that enables project team members to develop professionally and that values diversity, promotes teamwork, and emphasizes quality, customer satisfaction, creativity, continuous improvement, and cost effectiveness.
Collaboration & Communication
Collaborate with executive leadership, including the CIO, and business unit leaders, to ensure security initiatives support overall company goals and to integrate cybersecurity into business processes and decision-making.Work closely with IT, operations, and other departments to ensure a cohesive approach to cybersecurity.Work closely with vendors and other external stakeholders to ensure that security standards are maintained and integrated into all projects and processes.Serve as the liaison for collaboration and interacting with law enforcement agencies both local and federal.
Performs other duties as assigned (no more than 5% of duties).Required QualificationsBachelor's Degree in Computer Science, Information Security, Cybersecurity, or a closely related field, and/or equivalent related experiences.15 years of progressive experience in information security roles, with at least 5 to 7 years in a senior management role within a large, complex organization, preferably in the energy sector or related industries.Deep understanding of the latest cybersecurity technologies, practices, and methodologies, including intrusion detection systems, firewalls, anti-virus software, data encryption, and other industry-standard techniques and practices. Knowledge of emerging technologies and their security implications (e.g., AI, IoT, cloud computing).Experience in managing security for critical infrastructure and operational technology (OT) environments.Extensive knowledge of relevant standards and regulations such as GDPR, NERC CIP, ISO/IEC 27001, and NIST frameworks.Broad knowledge of IT systems and architectures, with a strong grasp of cloud security, network security, and data security solutions.Experience in crisis management and incident response.Strategic thinker with the ability to align security initiatives with business objectives.High-level analytical skills to assess security systems, foresee potential vulnerabilities, and devise strategies to mitigate risks.Excellent verbal and written communication skills, capable of clearly explaining complex security risks and strategies to stakeholders at all levels, including non-technical audiences.Demonstrated leadership ability to guide and inspire a team of security professionals.Preferred QualificationsMaster's Degree in computer science, computer information systems engineering, business, related discipline, MBA, or equivalent training and/or experience.Bilingual (English/Spanish) highly desirable.Certified Information Systems Security Professional (CISSP).Certified Information Security Manager (CISM).Certified Chief Information Security Officer (CCISO).Other relevant industry certifications such as CompTIA Security+, GIAC Security Essentials, or Certified Information Systems Auditor (CISA).Work EnvironmentHYBRID: Work a combination of onsite and remote days each week, typically 3 days per week onsite.CompensationFull-time$189,500.00 - $284,300.00Note: The Company strives to ensure that employees are paid equitably and competitively. Starting salaries may vary based on factors such as relevant experience, qualifications, and education.Sempra Infrastructure offers a competitive total rewards package that goes beyond base salary. This position is eligible for an annual performance-based incentive (bonus) as well as long-term incentive plans and additional merit-based recognition. Company benefits include health and welfare (medical, dental, vision), employer contributions to retirement benefits, life insurance, paid time off, as well as other company offerings such as tuition reimbursement, paid parental leave, and employee assistance programs.
#J-18808-Ljbffr
Reporting directly to the Vice President & Chief Information Officer (CIO), you will create strategy, policies and standards as they relate to application security, infrastructure security, compliance and security operations to ensure a robust security governance framework in alignment with business objectives and regulatory requirements. You will be responsible for leading the cybersecurity organization based in the US and Mexico, setting strategic priorities for cybersecurity initiatives, and ensuring the implementation of cybersecurity best practices across international operations. This role requires executive leadership experience, direct experience in leading a global security team in a highly regulated industry, and a strong background in global security regulations and compliance.
The ideal candidate will fill a visible, strategic, and high-impact leadership role within the organization. You will have excellent domain knowledge, and skills that leverage the capabilities of peers, business partners, and clients. You will instill the duty to protect our systems and the data of customers, employees, investors and partners. As such, this leader must engender control, trust, accountability, transparency, and urgency in the execution of his/her responsibilities. The ideal candidate will balance technical expertise with business acumen to drive a culture of security across our global operations.
Duties and ResponsibilitiesValue Delivery, Strategy & Risk Management
Develop and implement a robust information security strategy and program that aligns with the organization's objectives and regulatory requirements.Assess and manage cybersecurity risks across the organization's digital infrastructure, networks, and sensitive data. Implement risk mitigation strategies and ensure regular risk assessments and audits.Ensure the successful execution of cybersecurity program initiatives aimed at continuous improvements and increased cybersecurity maturity.Oversee security operations, including incident response, threat intelligence, and vulnerability management at all locations. Lead the organization's response to cybersecurity incidents and breaches, ensuring quick recovery and minimal impact.Oversee the selection and implementation of appropriate security technologies to protect the organization's systems and data.Oversee the security aspects of the company's digital transformation initiatives, including cloud adoption, OT and IoT integration.Brief the board of directors on the cybersecurity program and develop metrics to show measurable impact and progress of the cyber program and risk landscape.Stay informed on emerging threats, technologies, and regulatory requirements in the energy sector.
GRC & Security Awareness
Establish and enforce security policies and procedures that comply with relevant legal, industry standards, regulations, and best practices (e.g., NERC CIP, ISO/IEC 27001).Drive security awareness and training programs for employees at all levels to instill a sense of culture for cybersecurity.Oversee the business continuity and resiliency plan in strong collaboration with the CIO and other business leaders.
Leadership & People Management
Lead and mentor the cybersecurity team, fostering a culture of security awareness and continuous improvement.Develop, attract, and retain top talent for high performance and agility.Create a work climate that enables project team members to develop professionally and that values diversity, promotes teamwork, and emphasizes quality, customer satisfaction, creativity, continuous improvement, and cost effectiveness.
Collaboration & Communication
Collaborate with executive leadership, including the CIO, and business unit leaders, to ensure security initiatives support overall company goals and to integrate cybersecurity into business processes and decision-making.Work closely with IT, operations, and other departments to ensure a cohesive approach to cybersecurity.Work closely with vendors and other external stakeholders to ensure that security standards are maintained and integrated into all projects and processes.Serve as the liaison for collaboration and interacting with law enforcement agencies both local and federal.
Performs other duties as assigned (no more than 5% of duties).Required QualificationsBachelor's Degree in Computer Science, Information Security, Cybersecurity, or a closely related field, and/or equivalent related experiences.15 years of progressive experience in information security roles, with at least 5 to 7 years in a senior management role within a large, complex organization, preferably in the energy sector or related industries.Deep understanding of the latest cybersecurity technologies, practices, and methodologies, including intrusion detection systems, firewalls, anti-virus software, data encryption, and other industry-standard techniques and practices. Knowledge of emerging technologies and their security implications (e.g., AI, IoT, cloud computing).Experience in managing security for critical infrastructure and operational technology (OT) environments.Extensive knowledge of relevant standards and regulations such as GDPR, NERC CIP, ISO/IEC 27001, and NIST frameworks.Broad knowledge of IT systems and architectures, with a strong grasp of cloud security, network security, and data security solutions.Experience in crisis management and incident response.Strategic thinker with the ability to align security initiatives with business objectives.High-level analytical skills to assess security systems, foresee potential vulnerabilities, and devise strategies to mitigate risks.Excellent verbal and written communication skills, capable of clearly explaining complex security risks and strategies to stakeholders at all levels, including non-technical audiences.Demonstrated leadership ability to guide and inspire a team of security professionals.Preferred QualificationsMaster's Degree in computer science, computer information systems engineering, business, related discipline, MBA, or equivalent training and/or experience.Bilingual (English/Spanish) highly desirable.Certified Information Systems Security Professional (CISSP).Certified Information Security Manager (CISM).Certified Chief Information Security Officer (CCISO).Other relevant industry certifications such as CompTIA Security+, GIAC Security Essentials, or Certified Information Systems Auditor (CISA).Work EnvironmentHYBRID: Work a combination of onsite and remote days each week, typically 3 days per week onsite.CompensationFull-time$189,500.00 - $284,300.00Note: The Company strives to ensure that employees are paid equitably and competitively. Starting salaries may vary based on factors such as relevant experience, qualifications, and education.Sempra Infrastructure offers a competitive total rewards package that goes beyond base salary. This position is eligible for an annual performance-based incentive (bonus) as well as long-term incentive plans and additional merit-based recognition. Company benefits include health and welfare (medical, dental, vision), employer contributions to retirement benefits, life insurance, paid time off, as well as other company offerings such as tuition reimbursement, paid parental leave, and employee assistance programs.
#J-18808-Ljbffr