Senior Director of Information Security

Location: Westminster/Centennial, CO / Dallas, TX / Gilbert, AZ
Reports to: CIO
Employment Type: Full-Time, Direct Hire

Work Model: Onsite
Salary: $180k - $220k + bonus

Job Summary
The Senior Director of Information Security will build and lead the enterprise cybersecurity and information risk program for a rapidly scaling construction and engineering organization operating across distributed jobsites, cloud platforms, ERP ecosystems, BIM environments, AI-enabled workflows, and acquisition-driven expansion.

This role is structured as a CISO-in-development position. The selected leader will establish a scalable, defensible, audit-ready security program that enables growth, strengthens operational resilience, and supports compliance objectives, while developing into the future Chief Information Security Officer.

Essential Job Responsibilities

GOVERNANCE AND RISK MANAGEMENT

• Maintain enterprise cyber risk register with measurable scoring


• Align controls to NIST CSF, NIST SP 800-171, and regulatory requirements


• Lead policy, standards, and control documentation development


• Partner with Legal and Finance on cyber insurance and risk disclosures

SECURITY OPERATIONS AND ARCHITECTURE

• Oversee 24-hour monitoring strategy through internal capabilities or managed detection and response


• Establish centralized logging and SIEM capabilities


• Lead enterprise vulnerability management with defined remediation service level agreements


• Oversee endpoint detection and response strategy


• Implement Zero Trust principles across identity, endpoint, and network


• Ensure secure and immutable backup and recovery capabilities

COMPLIANCE PROGRAMS

• Lead CMMC 2.0 Level 2 control implementation and certification readiness


• Oversee System Security Plan and POA and M lifecycle management


• Lead SOC 2 Type II readiness and coordinate external audit examination

MERGERS AND ACQUISITIONS

• Conduct cybersecurity due diligence for acquisitions


• Assess inherited risk and integration complexity


• Standardize identity, endpoint, logging, and governance controls across subsidiaries

CLOUD, IDENTITY, OPERATIONAL TECHNOLOGY AND AI GOVERNANCE

• Secure Microsoft 365, ERP, BIM, and project management platforms


• Implement segmentation and control standards for distributed jobsites


• Assess and mitigate risk in operational technology environments


• Develop enterprise AI governance and data protection framework


• Protect Controlled Unclassified Information where applicable

INCIDENT RESPONSE AND RESILIENCE

• Maintain incident response program aligned to NIST 800-61


• Conduct executive ransomware simulations annually


• Align disaster recovery and business continuity with enterprise risk posture

Minimum Qualifications

Required:

• 10 or more years progressive cybersecurity experience


• 5 or more years leading security teams


• Experience implementing NIST SP 800-171 controls


• Experience leading CMMC 2.0 and SOC 2 Type II programs


• Experience in distributed multi-site environments


• Experience supporting federal or defense-related contracts preferred


• Experience in acquisition-driven growth environments preferred


• CISSP or equivalent certification preferred

Leadership Profile:

• Builder mindset capable of scaling programs from developing to mature


• Strong executive communication skills that translate technical risk into business impact


• Cross-functional influence across IT, Finance, Legal, and Operations


• Comfortable operating in high-growth acquisition-driven environments


• Demonstrated ability to establish structure and discipline without slowing innovation

Benefits

• Medical, dental, and vision insurance


• 401(k) retirement plan with company match


• Paid time off (PTO) and holiday pay


• Life and disability insurance


• Professional development and training opportunities


• Employee assistance program (EAP)

All qualified applicants will receive consideration for employment without regard to race, color, national origin, age, ancestry, religion, sex, sexual orientation, gender identity, gender expression, marital status, disability, medical condition, genetic information, pregnancy, or military or veteran status. We consider all qualified applicants, including those with criminal histories, in a manner consistent with state and local laws, including the California Fair Chance Act, City of Los Angeles' Fair Chance Initiative for Hiring Ordinance, and Los Angeles County Fair Chance Ordinance.