We are seeking a skilled Director, Information Security.

Why Gray?

Gray is a fully integrated, global service provider deeply rooted in engineering, design, and construction, along with smart manufacturing and equipment manufacturing services. Consistently ranked as a leader in the industry, we focus on the following markets for domestic and international customers: Food & Beverage, Manufacturing, Data Centers, Distribution, and Advanced Technology.

Founded in 1960, Gray’s robust offering enables us to create one-of-a-kind solutions at the highest levels of customization, delivering unmatched precision and partnership to some of the world’s most sophisticated organizations. Still, these areas don’t define Gray—our people do. Passion, commitment, and a great team spirit all speak to the team members at Gray.

Position Summary

The Director of Information Security is responsible for the assessment, design, development, deployment, monitoring, compliance, maintenance, and training of the cyber security programs across Gray, Inc.  This role is the Security Subject Matter Expert on all things related to cyber security and will provide leadership on effective security frameworks, policies, protocols, procedures, and technologies to enhance threat detection, protection, and recovery capabilities in a constantly evolving threat environment.  They will conduct risk audits and assessments to provide recommendations for improving Gray’s cybersecurity posture and in collaboration with the IT Operations Director, lead the implementation of those changes and improvements.  Success in this role is defined by successfully identifying, planning for and mitigating the modern threat landscape, including identifying threat actors, attack vectors and threat techniques and then recommending and implementing effective protective and adaptive technologies, techniques and training to reduce overall risk and exposure, as well as the ability to recover quickly and completely from a successful attack incident.  Additionally, this leader will ensure alignment across other functional teams, Gray companies and foster relationships with key business and technology stakeholders.

What we expect… (Essential Functions)

• Partner with business stakeholders, IT management and technology teams to identify security needs and exposures and then guide the delivery of cost-effective, multi-layered, high-performance technology and programs to mitigate risks, limit damage and ensure recovery from attack incidents.
• Build and maintain healthy relationships with security peers, third-party security vendors and law enforcement to maintain up-to-date intelligence on current threat events and recommended response actions.
• Collaborate to with Legal and Business Stakeholders to develop business continuity and incident response plans.
• Conduct continuous monitoring and audits of systems and resources to ensure ongoing compliance to standards for safe and secure operations.
• In coordination with security staff and the IT Operations Director, monitors, manages, and responds to cyber threats in Gray’s environment.
• Participates in IT strategy planning activities, bringing a current knowledge and future vision of cyber security technology and best practices as related to the needs of the business.
• Researches, evaluates and recommends cost effective security solutions that are scalable and efficient, while ensuring data protection and integrity for corporate assets.
• In coordination with the Director of IT Operations, identifies and leads new security technology implementations and participates in the testing, evaluation, implementation, and training for new security technology.
• Participates in the Disaster Recovery planning and testing by developing cyber resiliency so the organization can rapidly recover from hacking, security incidents, or infringements.
• Participates in the budgeting process for cyber security solutions, services and personnel and weighs risks vs cost when evaluating security options to bring into Gray’s environment.
• Ensures compliance with internal policies, external laws and regulations, and customer and employee satisfaction targets.
• Documentation—contributing to a variety of security policies associated with user guidance and compliance, governance, risk management, incident management, etc
• Prepare RFPs, review bid proposals, contracts, scope of work reports, and other documentation for security projects and associated efforts.
• Manage and maintain vendor relationships, on-going management, and measurement of vendor performance.
• This role requires regular interaction with the management teams for all Gray locations to ensure that end point, network and system security is operating to acceptable standards.
• Provide coaching and mentoring to direct reports and other staff.

Who we want… (Requirements)

EDUCATION/EXPERIENCE:

• 4-year degree in related field
• A minimum of 10+ years of experience with 5+ years of IT management experience background leading a security organization managing information systems.
• Extensive experience with security capabilities within Microsoft Azure, Microsoft365, IaaS, PaaS and SaaS environments
• Demonstrated success designing and delivering enterprise-level security programs in a multi-company, multi-location, mixed cloud environment.
• Experience with standardized security frameworks, especially NIST.
• Must have an active security certification.
• Experience with development and publishing of IT Security policies, standards, procedures, and guidelines.
• Deep experience across all aspects of security frameworks; Identify, Protect, Detect, Respond, Recover.

REQUIRED SKILLS/ABILITIES:

• Ability to educate and coach stakeholders and users on security fundamentals and best practices.
• Demonstrated effectiveness as a collaborator; creative and strategic thinking ability; excellent verbal and written communication skills; strong attention to detail; well-developed organizational focus.
• Demonstrated leadership and organizational skills with the ability to transfer technical knowledge, counsel, and mentor.
• Ability to effectively present information both verbally and in writing in a way that the audience will understand.

EEO Disclaimer

Gray is proud to be an Equal Opportunity Employer and welcomes everyone to apply. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, or protected veteran status and will not be discriminated against on the basis of disability.

#LI-DG1