ITT Inc. Seneca Falls , NY 13148
Posted 2 weeks ago
Position Summary
The Chief Information Security Officer (CISO) is responsible for leading the development and execution of strategic plans, implementing cyber security investments in ITT globally. S/he will be responsible for the full and comprehensive digital footprint of applications and services used in business performance processes, strategic planning, execution, and day-to-day operations. This role interfaces with the IT organization and senior management to establish strategies that have a direct impact on IT & OT services for our internal users, customers, and suppliers.
A key element of the CISO's role is working with executive management to determine acceptable levels of risk for the organization. This position is responsible for establishing and maintaining a corporate-wide information security risk management program, ensuring that information assets are protected. The successful incumbent is the process owner for all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee, and business information in compliance with the organization's information security policies, processes, tools, technologies, and solutions.
This is a key role responsible for ensuring that the cyber security service delivery model is effectively and efficiently supporting day-to-day operational needs, as well as envisioning, recommending, and facilitating business changes to ensure a highly secure and highly available service offering for internal and external customers. S/he will provide expert oversight, ensuring, and validating successful delivery and performance of cyber security services for the enterprise. Leading the organizational transformation as a business partner, this key talent will drive notable change management efforts at all levels of the organization, i.e., staffing, project intake, prioritization, delivery and most importantly, how we engage with our stakeholders and business process owners are all levels of the service delivery lifecycle.
As the company continues to grow aggressively through organic and inorganic means, the CISO will ensure that the cyber security service delivery model is highly scalable across all aspects of their team (people, process, and technology). This individual will be highly driven ("high motor"), able to balance active priorities, be meticulous and planful. They will be comfortable addressing ambiguity, able to consistently deliver results, be naturally curious and highly accountable, and approach situations in a thoughtful and process-oriented manner. S/he will be able to identify opportunities that enable continuous business process improvement, leveraging information technology to automate and streamline a wide array of business processes from sales to manufacturing operations.
This position can be located anywhere in the continental U.S. Will be required to pass a criminal background check, must be a US Person and, must be able to join federal government cyber partnerships with the FBI/DHS/USSS.
Essential Responsibilities
Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program
Work directly with the business units to facilitate risk assessment and risk management processes
Develop and enhance an information security management framework
As a master security architect, must possess a solid understanding of secure network design practices, system baseline configurations and defense in-depth methodologies
Understand and interact with related disciplines through committees to ensure consistent application of policies and standards across all technology projects, systems, and services
Partner with business stakeholders across the company to raise awareness of risk management concerns
Manage enterprise security budget ensuring maximum ROI for all spend
Assist with overall business technology planning, providing a current knowledge and future vision of technology and systems
Works well under intense circumstances, and manage through crisis in a calm professional manner
Define, implement, and drive a comprehensive cyber security service offering to support the company's vision and strategic priorities.
Manage business relationships through program management, tracking the activities of the customer support process and insuring the availability, responsiveness, and effective utilization of IT resources to the value Centers and ITT shared services and consultants
Partner with the business to understand their needs, challenges, and opportunities and provide best-in-class solutions that create value and competitive advantage
Proactively promote ideas, opportunities, and solutions to support the business in a secure way
Promote, lead, and drive a cyber first mentality at all levels of the organization; enable capabilities to drive meaningful, actionable insights effectively and efficiently
Collaborate with senior leadership to define and enable solutions that are technically secure and contribute to the company's growth and success
Assess and prioritize all related efforts to make the best use of resources that maximize value delivered to the business
Assess, develop, and grow the team; continually look for opportunities to provide experiences and exposure to up-skill staff (hard and soft skills), enabling a higher-performance culture mindset
Develop and implement strategies and solutions that protect company and customer data, applications, and services
Continually work to identify opportunities to improve and streamline operations
Work with the business to understand needs and establish IT strategies that enable business growth and improve business process efficiency and sustainability
Support compliance with company policies as well as industry, government, and customer compliance requirements such as SOX, TISAX, NIST 800-171, CMMC, NIS Security Compliance
Support inorganic (M&A, Joint Ventures) and organic growth opportunities
Develop and present project and technology proposals, and provide status and progress reporting to leadership
Focus on talent development and creating a highly engaged and energized team; recognize development needs, provide coaching and create opportunities for personal and professional growth
Act a change-agent, enabler, and leader to drive standards and improve customer service and efficiency
Recognize and identify potential areas where existing policies, procedures, and technologies require change; as needed, develop new policies, especially at part of future business expansion
Implement and operate using a continuous process improvement mindset as a way of life (e.g., ITIL, Six Sigma methodologies)
Candidate Requirements:
An innovative leader and trusted partner to IT leadership; ability to lead and motivate cross-functional, interdisciplinary teams
Strong data-focused and metrics oriented; highlight strengths and weaknesses through data and trends; strong business mindset leading cyber-security services
Robust project management and prioritization skills; ability to manage multiple projects to completion while maintaining quality standards and project deadlines
Understand nation state threat actors and the tools, tactics, and procedures they use to infiltrate defense and aerospace organizations
Understand cyber threats to operational technologies and the architecture of controls to protect OT environments
Strong knowledge and experience prepping and maintaining a CMMC environment to the degree of a level 2 certification
Understand and have experience working in a NIST centric environment with the ability to drive maturity in accordance with NIST framework for all cyber related domains
Operates tactically, in the trenches on current threats, security incidents, and remediation strategies
Merger and Acquisition experience required, with experience in threat hunting and monitoring a target environment, developing mitigation plans for integration, and overall prescriptive solutions for bringing new companies into the enterprise
Must be available 24/7; travel as needed
Position Requirements
Minimum 8-10 years' experience in a combination of risk management, cyber security operations, and compliance roles
Bachelor's degree or equivalent experience
Manufacturing industry experience required
Experience with Industry 3.0 & 4.0 enablement for manufacturing operations required
Experience enabling and securing solutions which make use of Artificial Intelligence and Machine Learning highly desirable
Ability and desire to evaluate, compare and establish a business case for best-in-class solutions and service models for highly effective and efficient services in a fiscally responsible manner
Professional security certification like, CEH, CISSP, CRISC or other similar industry certifications
Experience in evaluating and managing various scopes of cyber security services in a hybrid outsourced / managed services setting
Working knowledge of common information security management frameworks, such as NIST, ISO/IEC 27001, and FEDRAMP, GCC, CMMC, DFARS, ITAR, EAR,
Experience with contract and vendor negotiations and management including managed services
Experience with cloud computing / elastic computing across virtualized environments
Management of a 24/7 Security Operations Center - both managing in house capabilities as well as managed services, incident response teams, red team / purple team, web application / application security testing
Working knowledge and experience managing business continuity, disaster recovery, incident response testing, high value asset identification, cyber risk assessments and mitigation plans / protection strategies
As security compliance issues arise, lead the efforts to assess, plan, execute, and measure the status efforts across the enterprise
Experience with designing, implementing, and supporting operational technology solutions such as ICS, PLC, and SCADA systems
This person must be able to demonstrate the proven experience and skills in managing all aspects of a cyber security program for a diverse multi-national business across all dimensions of the NIST Cyber Security Framework
Passion for customer service, improving business processes and finding new ways to enable operational efficiencies
Elevated level of skill and expertise in holding others accountable in the performance of IT service delivery
Expert negotiation skills to advocate on behalf of the business with internal stakeholders and external vendors and service providers
Experience with advanced management techniques and practices including career management, individual development plans, budgeting, planning, analysis, and reporting
Technical competence in securing infrastructure, application, and operational technology configurations
Experience with complex, cloud-based enterprise environments is a required
Behavioral Competencies:
Ability to think strategically, creatively, and analytically
Highly motivated, responsive to business needs; strong team player
Exceptional listening and communication skills (manager, stakeholders), ability to gather requirements from, and engage with, non-technical executives and their teams to design effective, efficient solutions
Strong influencing skills, lead technology discussions at senior leadership level
Collaborates well, manages relationships with business units, external vendors, and stakeholders
Well-developed, regularly demonstrated managerial competencies
Manages ambiguous situations with agility; results oriented
Exhibits self-confidence, interpersonal astuteness; a strategic planner
High-level of personal integrity; ability to discuss extremely complex technical topics in a business/laymen's language
Critical thinker, operationally strong and assists team(s) in a deeply technical manner (hands-on, as needed, assisting in various capacities (incident response, solution design, solution evaluation, etc.). This person will be involved in the daily cyber-security activities across their set of responsibilities.
About the Company:
Headquartered in Stamford, CT, ITT Inc. has employees more than 35 countries and sales in approximately 125 countries. The company generated 2023 revenues of approximately $3.2 billion and has 10,000+ employees around the globe.
ITT operates through three Value Centers (business units):
Industrial Process (2023 Revenue of $1.1B; headcount of 2,700; operates in 30 countries) designs and manufactures pumps, valves, monitoring and control systems, water treatment and aftermarket services for the chemical, oil and gas, mining and other industrial process markets, as well as global service capabilities;
Motion Technologies (2023 Revenue of $1.4B; headcount of 4,400; operates in 12 countries) designs and manufactures brake pads, shock absorbers and sealing solutions for the automotive, rail and defense markets;
Connect and Control Technologies (2023 Revenue of $700M; headcount of 3,000; operates in 10 countries) designs and manufactures harsh-environment connectors and critical energy absorption and flow control components primarily for the aerospace, defense, and industrial markets.
#LI-REMOTE
#CORP
#LI-BS1
Equal Pay Act Statement
We aim to pay our 'ITT'ers' fairly and competitively in the locations that they live and work. Pay-for-performance is a principle that we believe in, and employees are rewarded based not only on 'what' they accomplish, but also on 'how' they reflect ITT's values. ITT offers a competitive salary and robust total rewards package, such as health insurance, 401(k), short and long-term disability, paid time off, growth and developmental opportunities, and other incentive compensation programs. Specific benefits are dependent upon whether or not the position is part of a collective-bargaining agreement. The salary offered to a candidate is based several factors such as candidate experience and qualifications, location, as well as market and business considerations.
Equal Pay Act Range
167,700.00 - 284,700.00
ITT Inc.