Director of Security Compliance

Description1898 & Co. is looking for its next leader within the Security & Risk Consulting group focused on helping our clients secure their operational technology and assets.  The Director of Security Compliance within the Industrial Cybersecurity Consulting group will lead the group of Governance and Compliance Consultants that provide consulting service offerings from 1898 & Co.’s Security & Risk Consulting group, reporting to the Security & Risk, Consulting Business Line Leader.1898 & Co. is a global business, technology and security consultancy serving critical infrastructure industries. We partner with clients to plan, secure, and optimize their business. As part of Burns & McDonnell and our 120 years of industry experience, we understand the complexity of the asset-intensive business model, the trends impacting the industry, and the need to ground big ideas in operational realities. We have a group specifically focused on industrial cybersecurity.  When it comes to industrial cybersecurity, critical infrastructure industries face unprecedented challenges. The risk of cyber sabotage is on the rise. And evolving technologies create complexities that are increasingly difficult to manage. Our team is among the small pool of professionals who can operate at the intersection of critical infrastructure and cybersecurity. We’re looking for someone ready to take the lead of the Security Compliance team with an entrepreneurial spirit and to implement our core values into their work. 1898 & Co. has the feel of a start-up, with the support of Burns & McDonnell’s vast resources. It’s what makes us unselfish collaborators. We proactively walk the talk to create bigger opportunities through sharing, communicating, and candidness. We are energy-givers who maintain a broader view of success, prioritizing others’ needs and goals in addition to our own.1898 & Co.’s Business Lines facilitate a strategic approach to selling services, developing staff, and maintaining client relationships. The Director of Security Compliance primary responsibility is to help lead the Security Compliance Delivery team to meet the near-term goals and long-term vision for the Business Line that supports the growth of 1898 & Co. The Director of Security Compliance displays grit in their leadership role and the work they deliver. They are confident and willing to take it to the next level.The Director of Security Compliance will be required to lead a team of Governance and Compliance consultants that work with numerous entities within a variety of industries, including energy, utilities, manufacturing, and government. What You’ll Do:As a Director of Security Compliance, you will be responsible for and manage the Security Compliance group within the Business Line of Industrial Cybersecurity Consulting service offerings.  You’ll work with the Consulting Business Line Leader to support overall business planning, while being responsible for the Offensive Security group’s Profit and Loss. You’ll lead the group of Security Compliance Consultants responsible for project execution, and team leadership. Key responsibilities will include:Support the Consulting Business Line to help create, develop, manage, and communicate the strategic direction of the Consulting Business Line. In collaboration with the Business Line Leader, you’ll help set financial targets for the Security Compliance team, such as sales, revenue, profitability, and chargeability, as well as budgets for overhead expenses, such as marketing trips, conferences, software, certifications, etc. You’ll help prepare and manage a business plan for the strategic growth of the Consulting Business Line, including expansion of current and new service offerings, marketing activities, client retention and acquisition, and staff growth plan.Support a team of Governance and Compliance consultants to facilitate timely, quality, and profitable execution of projects within the Business Line and serve as quality control leader for deliverables. You’re accountable for key financial performance metrics within the Business Line and the execution of projects. Serve as a Offering Leader on all aspects of project execution, including scope, schedule, and budget, and ensure quality control of deliverables. You’ll analyze and communicate project status, risks, schedule, and costs to all internal and external stakeholders. You’ll lead multi-discipline teams of engineers and analysts. Your communication and planning skills are vital to keeping everyone on the same page with personnel needs to department management.Mentor, train, and support the career development of Security Compliance consultants within the business line.Specific responsibilities include:Overall management of Security Compliance Consulting TeamDevelop and lead a global Security Compliance Strategy supporting the successful delivery of security outcomes across Security Risk & Consulting Delivery.Serve as the Business Owner of Security Compliance processes, tools and governance, including documentation of all processes (sales engagement and delivery), the training of Governance and Compliance team and assessment of new processes and tools when required.Create a repository for all delivery documentation; keeping the repository updatedAlign Security Compliance team with 1898 CX PrincipalsReview utilization and assignment of projects -ensuring proper utilization for team membersMonitor and proactively address project risksManages Governance and Compliance projects for industrial control systems (ICS), ensuring timely, on budget completion and adherence to established methodologies and guidelines. Advise on the pursuit and proposal process for client engagements, contributing technical expertise to craft compelling proposals that showcase value of our Security Compliance Offerings.Lead the estimation and resource allocation process for Governance and Compliance engagements, providing insights into project requirements, complexities, and potential challenges, ensuring efficient project planning and execution.Achieve client-specific cybersecurity goals by identifying compliance variances in our critical infrastructure clients and recommending appropriate remediation measures.Develop comprehensive Governance and Compliance reports that clearly outline findings, risks, and recommendations for improving the security posture of industrial control systems.Advise clients on best practices for securing their industrial networks and control systems, including network segmentation, authentication, and encryption.Assign tasks and responsibilities to junior Governance and Compliance Consultants, providing guidance and mentorship to develop their skills and expertise in ICS security.Decide on the scope and objectives of Governance and Compliance work, based on client requirements and industry-specific regulations and standards.Oversee the continuous improvement of internal processes and procedures, promoting a culture of excellence and innovation within the Security Compliance Team.Approve and review Governance and Compliance methodologies and tools, ensuring their suitability for assessing the security posture of various ICS architectures and technologies.Think “outside the box” to develop specialized techniques to gather, evaluate and present compliance information to clients that goes beyond the typical “check box” exercises of compliance.Initiate client communication, establishing a collaborative relationship and maintaining transparency throughout the delivery process.Perform and manage performance of compliance maturity reviews based on an existing frameworks, including, but not limited to: NERC CIP, TSA, CMMC, AWIA, ISO27001, NIST CSF, NIST 800-171, and formulate a program to close the gaps.Delegate responsibilities to team members, ensuring a balanced workload and optimal use of resources during engagements.Determine training needs for the team and participates in developing ICS cybersecurity training materials and programs, by level, by role and by specific consultant.Supervise the assessment of emerging cybersecurity governance and compliance standards specific to our critical infrastructure clients, incorporating this knowledge into methodologies, strategies, offerings and training of consultants testing.Monitor and ensure CSAT responses on Security Compliance Projects and ensure all engagements are at or above satisfactory for all projectsEnforce strict adherence to legal and ethical guidelines during Security Compliance engagements, ensuring that all activities comply with applicable laws, regulations, and industry standards.Collaborate with other cybersecurity professionals, staying current on industry trends and advancements in ICS security, and contributing to the broader knowledge base of the organization.Conduct quarterly reviews and provide feedback to Security Compliance team members on progressDevelop and maintain relationships with internal clients (Offering Leaders) to ensure escalation paths are clearly definedDevelop, manage, and update all Security Compliance sales documentation – required for sales, internal training, internal reference, website content, etc.Other duties as assignedQualificationsBachelor’s degree in Computer Science, Cybersecurity, Electrical Engineering, or a related field from an accredited program is required. Applicable years of experience may be substituted for the degree requirement.Minimum 14 years of professional experience required. 10 years of experience in cybersecurity, with at least 5 years specifically in Governance, Risk and Compliance is preferred.5+ years Consulting Management experience is preferredIndustry-recognized certifications to be considered, such as: CRISC; CISM (CISSP); Cobit; SABSA Foundation; ISO27001 (ISMS); IEC52443; ITIL / ISO20000; Compliance Officer (IT, ICS); BCM (ISO22301); Agile FoundationProven leadership experience.Excellent analytical, problem-solving, and communication skills.Ability to work independently and collaboratively within a team environment.Strong attention to detail, facilitation, team building, and collaboration skillsCompensation Range$248,000 - $379,000The expected compensation range for this position is displayed in compliance with all local/state regulations. The expected compensation range for this position is based on a number of factors, including but not limited to: individual education, qualifications, prior work experience and work location. The total annual compensation package will consist of a base salary and eligibility to participate in our discretionary year-end incentive bonus program.BenefitsOur extensive benefits package takes care of you so that you can focus on doing great work. From insurance and disability to time off and wellness programs, we provide the tools to meet your needs. As part of being 100% employee owned, eligible employees participate in our Employee Stock Ownership Plan (ESOP) in addition to our 401(k) retirement program. For more information, please visit the Benefits & Wellness page.EEO/Minorities/Females/Disabled/VeteransJob Field: ConsultingJob Type: ExperiencedSchedule: Full-timeTravel: Yes, 25 % of the Time