Senior Director of Information Security

Title: Senior Director of Information Security

Job Type: Direct-hire

Location: Westminster or Centennial, CO; Dallas, TX; or Gilbert, AZ

Salary Range: 180-220K+ bonus

Summary

The Senior Director of Information Security will design, build, and lead an enterprise-wide cybersecurity and information risk program for a rapidly growing organization with geographically distributed operations. This role oversees security across cloud platforms, ERP systems, construction and engineering technologies, and acquisition-driven expansion.

This position is intended as a growth-oriented leadership role, preparing the incumbent to evolve into a future Chief Information Security Officer. The role focuses on creating a scalable, audit-ready, and resilient security program that protects the business while enabling operational growth and regulatory compliance.

Responsibilities

Governance and Risk Management

• Establish and maintain an enterprise cyber risk register with quantifiable metrics


• Align security controls to frameworks such as NIST CSF and NIST SP 800-171


• Develop and maintain security policies, standards, and control documentation


• Collaborate with Legal and Finance on cyber insurance, risk disclosures, and governance

Security Operations and Architecture

• Define and oversee 24/7 monitoring through internal teams or managed service providers


• Design and implement centralized logging and SIEM capabilities


• Lead enterprise vulnerability management with defined remediation SLAs


• Oversee endpoint detection and response strategy


• Drive Zero Trust implementation across identity, endpoint, and network layers


• Ensure secure, resilient, and immutable backup and recovery solutions

Compliance and Audit Programs

• Lead implementation and readiness for CMMC 2.0 Level 2 certification


• Own System Security Plans (SSPs) and POA&M lifecycle management


• Direct SOC 2 Type II readiness and coordinate external audit activities

Mergers and Acquisitions

• Perform cybersecurity due diligence for acquisitions


• Evaluate inherited risks and integration complexity


• Standardize identity, endpoint, logging, and governance controls across acquired entities

Cloud, Identity, OT, and AI Governance

• Secure Microsoft 365, ERP, BIM, and project management platforms


• Implement segmentation and security standards for distributed jobsite environments


• Assess and mitigate cybersecurity risk in operational technology environments


• Establish an enterprise AI governance and data protection framework


• Ensure protection of Controlled Unclassified Information where applicable

Incident Response and Resilience

• Maintain an incident response program aligned to industry standards


• Conduct executive-level ransomware and crisis simulations annually


• Align disaster recovery and business continuity planning with enterprise risk posture

Skills

• 10+ years of progressive experience in cybersecurity or information security


• 5+ years leading and scaling security teams or programs


• Hands-on experience implementing NIST SP 800-171 controls


• Proven leadership of CMMC 2.0 and SOC 2 Type II initiatives


• Experience supporting distributed, multi-site environments


• Familiarity with federal or defense-related contract requirements preferred


• Experience in acquisition-driven or high-growth organizations preferred


• CISSP or equivalent professional certification preferred


• Strong executive-level communication and ability to translate technical risk into business impact


• Builder mindset with the ability to mature security programs without impeding innovation

All qualified applicants will receive consideration for employment without regard to race, color, national origin, age, ancestry, religion, sex, sexual orientation, gender identity, gender expression, marital status, disability, medical condition, genetic information, pregnancy, or military or veteran status. We consider all qualified applicants, including those with criminal histories, in a manner consistent with state and local laws, including the California Fair Chance Act, City of Los Angeles' Fair Chance Initiative for Hiring Ordinance, and Los Angeles County Fair Chance Ordinance.