OPERATING ADVISOR – CYBERSECURITY and TECHNOLOGY

Tenex most commonly hires those with strong records of accomplishment driving impact across multiple settings. The Operating Advisors (OA) have a hands-on approach to working with portfolio companies, their management and IT teams, and key stakeholders to ensure disciplined execution against organizational and strategic deficiencies, which through actionable solutions the company will meet their overall goals. The OA will need to be able to make speedy, data-driven decisions, place emphasis and focus on scarce resources, and drive actions against company's largest performance improvement levers.

JOB SUMMARY:

The Cybersecurity and Technology Operating Advisor is principally responsible for leading the information security program for Tenex Capital Management and overseeing the information security programs for Tenex's portfolio companies such that all data, systems, and reputations are protected and ensuring that security strategies align with business goals. This position requires a blend of technical expertise, leadership skills, and a deep understanding of the evolving cybersecurity landscape. The Operating Advisor will also support other technological activities as directed.

KEY RESPONSIBILITIES (for both Tenex Capital Management and its Portfolio Companies)

• Incident Response
  : Leads the response to security incidents and breaches, coordinates efforts to minimize damage and prevent future occurrences. Leads the development and refinement of incident response plans and participates in incident response exercises and real-world events to ensure effective containment, eradication, recovery measures and post-incident analysis. Accountable for appropriate and timely response to all Tenex and portfolio company incidents.
• Security Monitoring/Analysis and Security Tool Management:
  Oversees the implementation and management of security monitoring tools and processes. Promptly analyzes security events and alerts to identify then respond to potential threats and anomalies. Administers and maintains various security tools and technologies, ensuring their optimal performance and effectiveness and is the accountable point of contact for all managed security providers.
• Threat Detection and Intelligence:
  Stays abreast of emerging cyber threats, vulnerabilities, and attack vectors. Develops and maintains a threat intelligence program to proactively identify and mitigate potential risks. Monitors security systems and analyzes potential threats, vulnerabilities, and security incidents. Issues cybersecurity alerts when needed.
• Vulnerability Management:
  Conducts regular vulnerability assessments (and optionally penetration testing) to identify security weaknesses and recommend remediation strategies. Oversees the patching and hardening of systems and applications.
• Security Awareness and Training:
  Develops and delivers security awareness training programs to educate employees on security best practices and promotes a security-conscious culture and ensure all employees understand their roles in maintaining security.
• Vendor Security Management:
  Develops and implements processes for assessing and managing the security risks associated with third-party vendors and service providers.
• 3rd Party Partners:
  Evaluate and select appropriate 3rd party partners where needed for Tenex and its portfolio companies including cybersecurity and technology solution providers, MSPs and MSSPs.
• Develop and Implement Cyber Resilience Strategies:
  Responsible for designing, documenting, and implementing comprehensive cyber resilience strategies, policies, and procedures aligned with industry best practices and regulatory requirements (e.g., NIST CSF, ISO Effectively communicates cyber resilience concepts and strategies to both technical and non-technical stakeholders across Tenex and its portfolio companies and is responsible for their successful execution.
• Business Continuity and Disaster Recovery Planning:
  Leads the development, testing, and maintenance of business continuity plans (BCP) and disaster recovery plans (DRP) with a strong focus on cyber-related disruptions.Responsible for successful portfolio company implementation of testable plans.
• Risk Assessment and Management:
  Conducts security risk assessments to identify and evaluate potential threats and vulnerabilities. Develops remediation plans from the risk assessments and leads their execution until completion. Develops and implements risk mitigation strategies. Also assesses and manages risks associated with the use of Artificial Intelligence (AI). Conducts threat analyses when indicated.
• Continuous Learning:
  Stays current with the latest cybersecurity threats, trends, technologies, and best practices through continuous learning and professional development.
• Strategic Leadership:
  Develops and executes a comprehensive information security strategy aligned with the organization's business objectives and risk tolerance to ensure information assets and technologies are adequately protected. Provides strategic guidance to senior leadership including portfolio company IT leaders on security matters.
• Collaboration, Communication and Reporting:
  Collaborates effectively with IT teams, businesses, and external vendors on security-related matters. Defines and tracks key cyber resilience metrics, cybersecurity posture and provides regular reports to senior leadership and other stakeholders on each organization's resilience posture and improvement efforts. Effectively communicates security risks, incidents, program status and recommendations to senior leadership as well as to both technical and non-technical audiences.
• Security Architecture and Implementation:
  Provides security expertise and guidance in the design and implementation of IT systems and infrastructure including Artificial Intelligence (AI) to enhance their inherent resilience against cyberattacks. Evaluates and recommends security technologies and solutions and provide input into the security architecture and design of systems and infrastructure.
• Security Policies and Procedures:
  Develops, implements, maintains and enforces security policies, standards, and procedures in compliance with relevant regulations and industry best practices (e.g., ISO 27001, NIST Cybersecurity Framework, GDPR, HIPAA, PCI DSS, SEC Cybersecurity Rules, etc.) to safeguard the organization's information assets.

QUALIFICATIONS:

• 10 – 15+ years of Cybersecurity and IT experience, 5 years as a stand-alone leader, ideally with a track record of success in mid-sized companies with between $100 million and $2 billion of revenue.
• Bachelor's degree in Computer Science, Information Security, Cybersecurity, or a related field required. Master's degree in Cybersecurity, Computer Science, Business Administration, or a related field highly preferred.
• Recommended industry certifications include at least one of the below:
• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• CRISC (Certified in Risk and Information Systems Control)
• CISA (Certified Information Systems Auditor)

COMPETENCIES

• Technical Expertise
  : Deep knowledge of layered security controls, network security, cloud security, endpoint protection, threat hunting, and incident response. Must be familiar with the MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework to effectively respond to incidents.
• Cyber Resilience
  : Demonstrated track record of success in developing an organization's ability to successfully prevent, respond and recover from cyberattacks including the integration of incident response, disaster recovery and business continuity processes.
• Strategic Thinking
  : Ability to align cybersecurity initiatives with business objectives and risk tolerance.
• Leadership & Communication
  : Strong ability to lead cross-functional teams, communicate with executives, and influence organizational culture.
• Risk Management
  : Proficiency in conducting risk assessments, threat modeling, and managing AI-related risks.
• Security Architecture
  : Experience designing secure systems and infrastructure, including AI integration.
• Regulatory Compliance
  : Familiarity with frameworks and regulations such as NIST CSF, ISO 27001, GDPR, HIPAA, PCI DSS, and SEC rules.
• Incident Response & Threat Intelligence
  : Proven ability to lead investigations and develop threat intelligence programs.
• Vendor Risk Management
  : Experience assessing third-party security posture and managing contractual obligations.