Overland Park, KS, US
104 days ago
Deputy CISO

 

Together, we own our company, our future, and our shared success.

 

As an employee-owned company, our people are Black & Veatch. We put them at the center of everything we do and empower them to grow, explore new possibilities and use their diverse talents and perspectives to solve humanity's biggest challenges in an ever-evolving world. With over 100 years of innovation in sustainable infrastructure and our expertise in engineering, procurement, consulting and construction, together we are building a world of difference.  

 

Company : Black & Veatch Corporation  

Req Id : 105487 

Opportunity Type : Staff 

Relocation eligible : Yes 

Full time/Part time : Full-Time  

Project Only Hire : No 

Visa Sponsorship Available: No 

Why Black and Veatch

Recognized by Glassdoor as a 2023 Top 100 place to work, Black & Veatch allows you to lend your talent and perspective to humanity’s biggest challenges in a flexible environment where you are empowered to grow and explore new possibilities. We offer competitive compensation; 401K match and benefits that start day 1. Our hybrid environment allows you to balance your work and personal life. 

 

At Black & Veatch, you own your career with purpose and meaning. You are empowered to grow and explore new possibilities at every step of your career journey. Bring your big ideas knowing you are safe to be who you are and speak up with concerns or questions and put your diverse talents and perspectives to use. 

The Opportunity

Black and Veatch seeks an experienced, dynamic, and engaging Deputy Chief Information Security Officer (CISO) to be a senior leader within the Black and Veatch Digital and Information Technology (D&IT) organization, and to lead its cyber governance capabilities by driving the strategic planning, development, and execution of enterprise-wide cybersecurity initiatives in a fast-paced, global, and innovative business environment. The Deputy CISO possesses exceptional leadership skills, creates credible connections with internal and external stakeholders and cultivates a robust cyber ecosystem, inclusive of core competencies (people), managing processes (process), and integrated platforms 
(technology). 

 

The Deputy CISO reports to the CISO, assuming the role when necessary, and plays a crucial part in driving transformational improvements in cybersecurity processes and capabilities. In addition to a broad understanding of cyber risk management, reference frameworks, and mitigation strategies, this role requires the ability to think strategically, 
act decisively, and prioritize cyber investments to deliver outcomes that reduce the likelihood, risk, and impact of a cyber incident. Through education, influence, and data, the Deputy CISO embeds cyber risk management into business operations, supporting infrastructure and processes, new product launches, M&A activity, and the portfolio of initiatives driving enterprise cyber maturity. 

 

The Deputy Chief Information Security Officer (CISO) is responsible for overseeing the execution of the Black and Veatch information security portfolio of initiatives (POI) intended to programmatically mature the Black and Veatch security posture as baselined by the NIST CSF 2.0. Along with the CISO, the Deputy CISO is accountable to the Black and Veatch Board of Directors for the on-going maturity of the Black and Veatch security posture. A strong candidate will demonstrate the ability to:

 

Understand the evolving and fluid threat landscape and adapt the security governance program to effectively process, mitigate, and report on cyber risk Support the overarching cybersecurity strategy and own the mission, strategy, and roadmap for security governance activities. Foster transparency by developing, maintaining, and reporting upon the governance program's key performance indicators/metrics. Maintain strong oversight of vendors, business partners, and other third parties to manage and report upon supply chain cyber risk. Liaise with internal and external auditors and other third parties to execute cyber-related audit and assessment activities. Analyze risk findings and document, recommend, and report upon the mitigation status of identified gaps to leadership. Mentor team members, enhance their influence and negotiation skills, and promote professional growth. Demonstrate strong understanding of administrative, physical, and technical controls used to govern, identify, protect, detect, respond, and recover from cyber threats and attacks. Collaborate with and influence cross-functional stakeholders to adopt a security mindset, abide by security policies and standards, identify security weaknesses, and proactively manage and report on cyber risks. Promote a "secure by design" framework across product development lifecycles. Advocate for resources necessary for the cybersecurity team's success through compelling and data-driven business cases; lead the cybersecurity program, advocate for needed investment, and administer budget in partnership with CISO and domain leads.
  Key Responsibilities Collaborate in the creation of the Black and Veatch cybersecurity strategy, roadmap, and standards. Ensure alignment with Black and Veatch strategy, enterprise policies, and regulatory obligations. Establish, maintain, and report upon cyber key performance indicators that provide visibility into the operation of key elements of the Black and Veatch cybersecurity program and foster responsibility and accountability for overall cyber health across the Black and Veatch cyber ecosystem. Oversee the daily operations of the information security program; Ensure delivery of critical projects, manage internal status reporting and risk mitigation for these projects. Demonstrate excellent business judgment, engender trust, and educate Black and Veatch leaders on the "why" behind cyber investment and its relationship to mitigating enterprise risk and maturing the Black and Veatch security posture. Build cyber resilience into strategic initiatives, such as new digital product deployments, M&A playbooks, novel technologies (e.g., AI and GenAI) and cloud adoption. Provide security advisory services that instill a security mindset across Black and Veatch, helping all users understand their role in the cybersecurity ecosystem. Foster cyber-aware behaviors; inspire the adoption of reasonable security practices; and understand, manage, and report upon cyber risk. Leverage security tools, independent third parties, internal audit, and the cybersecurity team to identify security weaknesses and take actions to reduce Black and Veatch exposure to harmful threats, including insider risk. Engage with regulators, clients, and employee owners to educate on the Black and Veatch cybersecurity program, assist deal teams with cyber diligence upon request. Ensure cyber risks identified in security assessments, audits, and security testing are centrally recorded, reported upon quarterly, and tracked through closure.  Administer the cyber risk acceptance process. Influence the adoption of secure design patterns, embed security-related value streams into the agile development lifecycle, and align new and existing technology deployments with evolving security standards. Deploy new security technologies and enhancements to existing security technologies and processes to strengthen Black and Veatch cyber resilience. Listen to stakeholders; attract, develop, and retain cyber talent; and partner with cross-functional areas to protect Black and Veatch from brand, financial, legal & regulatory and operational harm resulting from a cyber breach. Demonstrate exemplary team building skills with a focus on recruitment, retention, career development, and succession planning. Inspire and motivate team members to identify and achieve bold cyber goals. Administer Security budget and oversee quarterly budget planning and forecasting. Leverage agile principles to gain efficiency in cyber security program execution to deliver on value streams within budget and consistent with rolling 12-month roadmap. Management Responsibilities Supervises work of others. Responsible for hiring, discipline, and pay administration of their subordinates.Preferred Qualifications Bachelor’s degree in Computer Science, Information Technology, or a related field.  Security certifications: CISSP, CISA or CISM, required. 12+ years of experience as a security professional including a breadth of experience covering multiple areas of security and compliance.  5+ years of management experience, managing teams of 5-10 individual contributors and proven ability to grow the skillset and careers of technical professionals. Prior experience working in federally regulated, preferred. Strong history of managing and developing high performing teams, and retaining and attracting top cyber talent, preferred. Possesses excellent interpersonal, relationship building and influencing skills; has demonstrated success in influencing key decision makers and business partners to build positive working relationships and in gaining support for cybersecurity investment to execute against strategic initiatives. Uses excellent written/verbal communication and presentation skills to bolster cyber acumen and advocacy across diverse stakeholders, including senior executives, end users, and board members. Successful track record as a change agent, setting priorities and delivering cyber outcomes across diverse and dynamic environments. Strong ability to assess the current and future value of a wide spectrum of cyber technologies and to make informed recommendations regarding the introduction of new business enabling technology solutions. Demonstrates prudent financial management in the delivery of key results. Deep understanding of cybersecurity program planning and managing interdependence across a complex technology landscape, including governance, risk management, architecture, technology onboarding, vulnerability management, awareness and training, and cyber third-party risk management. Experience in the development, implementation, and operationalizing on-going cyber capabilities / solutions. Strong execution skills and an understanding of how to create, monitor and report on project execution and on how to measure and report on program success. Strong technical foundation, including security architecture, vulnerability management, threat modeling, assessment and testing, and secure software development. Strong understanding and knowledge of common information security management frameworks, such as ISO/IEC 27001, and the NIST CSF.  Experienced in general cybersecurity regulatory and compliance (e.g., SOX, SOC2, HITRUST, FedRamp, DFARS, CMMC, etc.). Minimum Qualifications

All applicants must be able to complete pre-employment onboarding requirements (if selected) which may include any/all of the following: criminal/civil background check, drug screen, and motor vehicle records search, in compliance with any applicable laws and regulations.

Certifications Work Environment/Physical Demands

Typical office environment.

Competencies Customer focusManages ambiguityBuilds effective teamsSalary Plan ITS: Information Technology ServiceJob Grade 008

Black & Veatch endeavors to make www.bv.com/careers accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process because of a disability, please contact the Employee Relations Department at +1-913-359-1622 or via our accommodations request form. This contact information is for disability accommodation requests only; you may not use this contact information to inquire about the status of applications. General inquiries about the status of applications will not be returned.

 

Black & Veatch is committed to being an employer of choice by creating a valuable work experience that keeps our people engaged, productive, safe and healthy.

 

Our comprehensive benefits portfolio is a key component of this commitment and offers an array of health care benefits including but not limited to medical, dental and vision insurances along with disability and a robust wellness program.

 

To support a healthy work-life balance, we offer flexible work schedules, paid vacation and holiday time, sick time, and dependent sick time.

 

A variety of additional benefits are available to our professionals, including a company-matched 401k plan, adoption reimbursement, tuition reimbursement, vendor discounts, an employment referral program, AD&D insurance, pre-taxed accounts, voluntary legal plan and the B&V Credit Union. Professionals may also be eligible for a performance-based bonus program.

 

We are proud to be a 100 percent ESOP-owned company. As employee-owners, our professionals are empowered to drive not only their personal growth, but the company's long-term achievements - and they share in the financial rewards of the success through stock ownership.

 

By valuing diverse voices and perspectives, we cultivate an authentically inclusive environment for professionals and are able to provide innovative and effective solutions for clients.

 

Black & Veatch Holding Company, its subsidiaries and its affiliated companies, complies with all Equal Employment Opportunity (EEO) affirmative action laws and regulations. Black & Veatch does not discriminate on the basis of age, race, religion, color, sex, national origin, marital status, genetic information, sexual orientation, gender Identity and expression, disability, veteran status, pregnancy status or other status protected by law.

 

For our EEO Policy Statement, please click here. If you’d like more information on your EEO rights under the law, please click here and here.

 

Notice to External Search Firms: Black & Veatch does not accept unsolicited resumes and will not be obligated to pay a placement fee for unsolicited resumes. Black & Veatch Talent Acquisition engages with search firms directly for hiring needs.

Confirm your E-mail: Send Email