Kansas Works Jobs

Kansas Works Logo

Job Information

Black & Veatch Deputy CISO Job Details | Black & Veatch Family of Companies in Overland Park, Kansas

Deputy CISO

Date: Sep 11, 2024

Location:

Overland Park, KS, US

Company: Black & Veatch Family of Companies

Together, we own our company, our future, and our shared success.

As an employee-owned company, our people are Black & Veatch. We put them at the center of everything we do and empower them to grow, explore new possibilities and use their diverse talents and perspectives to solve humanity's biggest challenges in an ever-evolving world. With over 100 years of innovation in sustainable infrastructure and our expertise in engineering, procurement, consulting and construction, together we are building a world of difference.

Company : Black & Veatch Corporation

Req Id : 105487

Opportunity Type : Staff

Relocation eligible : Yes

Full time/Part time : Full-Time

Project Only Hire : No

Visa Sponsorship Available: No

Why Black and Veatch

Recognized by Glassdoor as a 2023 Top 100 place to work , Black & Veatch allows you to lend your talent and perspective to humanity’s biggest challenges in a flexible environment where you are empowered to grow and explore new possibilities. We offer competitive compensation; 401K match and benefits that start day 1. Our hybrid environment allows you to balance your work and personal life.

At Black & Veatch, you own your career with purpose and meaning. You are empowered to grow and explore new possibilities at every step of your career journey. Bring your big ideas knowing you are safe to be who you are and speak up with concerns or questions and put your diverse talents and perspectives to use.

The Opportunity

Black and Veatch seeks an experienced, dynamic, and engaging Deputy Chief InformationSecurity Officer (CISO) to be a senior leader within the Black and Veatch Digital andInformation Technology (D&IT) organization, and to lead its cyber governance capabilitiesby driving the strategic planning, development, and execution of enterprise-widecybersecurity initiatives in a fast-paced, global, and innovative business environment. TheDeputy CISO possesses exceptional leadership skills, creates credible connections withinternal and external stakeholders and cultivates a robust cyber ecosystem, inclusive ofcore competencies (people), managing processes (process), and integrated platforms

(technology).

The Deputy CISO reports to the CISO, assuming the role when necessary, and plays a crucial part in driving transformational improvements in cybersecurity processes andcapabilities. In addition to a broad understanding of cyber risk management, referenceframeworks, and mitigation strategies, this role requires the ability to think strategically,

act decisively, and prioritize cyber investments to deliver outcomes that reduce thelikelihood, risk, and impact of a cyber incident. Through education, influence, and data,the Deputy CISO embeds cyber risk management into business operations, supportinginfrastructure and processes, new product launches, M&A activity, and the portfolio ofinitiatives driving enterprise cyber maturity.

The Deputy Chief Information Security Officer (CISO) is responsible for overseeing theexecution of the Black and Veatch information security portfolio of initiatives (POI)intended to programmatically mature the Black and Veatch security posture as baselinedby the NIST CSF 2.0. Along with the CISO, the Deputy CISO is accountable to the Black andVeatch Board of Directors for the on-going maturity of the Black and Veatch securityposture. A strong candidate will demonstrate the ability to:

  • Understand the evolving and fluid threat landscape and adapt the securitygovernance program to effectively process, mitigate, and report on cyber risk

  • Support the overarching cybersecurity strategy and own the mission, strategy, androadmap for security governance activities. Foster transparency by developing,maintaining, and reporting upon the governance program's key performanceindicators/metrics.

  • Maintain strong oversight of vendors, business partners, and other third parties tomanage and report upon supply chain cyber risk.

  • Liaise with internal and external auditors and other third parties to execute cyber-related audit and assessment activities. Analyze risk findings and document,recommend, and report upon the mitigation status of identified gaps to leadership.

  • Mentor team members, enhance their influence and negotiation skills, and promoteprofessional growth.

  • Demonstrate strong understanding of administrative, physical, and technicalcontrols used to govern, identify, protect, detect, respond, and recover from cyberthreats and attacks.

  • Collaborate with and influence cross-functional stakeholders to adopt a securitymindset, abide by security policies and standards, identify security weaknesses,and proactively manage and report on cyber risks. Promote a "secure by design"framework across product development lifecycles.

  • Advocate for resources necessary for the cybersecurity team's success throughcompelling and data-driven business cases; lead the cybersecurity program,advocate for needed investment, and administer budget in partnership with CISOand domain leads.

Key Responsibilities

  • Collaborate in the creation of the Black and Veatch cybersecurity strategy,roadmap, and standards. Ensure alignment with Black and Veatch strategy,enterprise policies, and regulatory obligations.

  • Establish, maintain, and report upon cyber key performance indicators that providevisibility into the operation of key elements of the Black and Veatch cybersecurityprogram and foster responsibility and accountability for overall cyber health acrossthe Black and Veatch cyber ecosystem.

  • Oversee the daily operations of the information security program; Ensure delivery ofcritical projects, manage internal status reporting and risk mitigation for theseprojects.

  • Demonstrate excellent business judgment, engender trust, and educate Black andVeatch leaders on the "why" behind cyber investment and its relationship tomitigating enterprise risk and maturing the Black and Veatch security posture.

  • Build cyber resilience into strategic initiatives, such as new digital productdeployments, M&A playbooks, novel technologies (e.g., AI and GenAI) and cloudadoption.

  • Provide security advisory services that instill a security mindset across Black andVeatch, helping all users understand their role in the cybersecurity ecosystem.

  • Foster cyber-aware behaviors; inspire the adoption of reasonable securitypractices; and understand, manage, and report upon cyber risk.

  • Leverage security tools, independent third parties, internal audit, and thecybersecurity team to identify security weaknesses and take actions to reduceBlack and Veatch exposure to harmful threats, including insider risk.

  • Engage with regulators, clients, and employee owners to educate on the Black andVeatch cybersecurity program, assist deal teams with cyber diligence upon request.

  • Ensure cyber risks identified in security assessments, audits, and security testingare centrally recorded, reported upon quarterly, and tracked through closure.

  • Administer the cyber risk acceptance process.

  • Influence the adoption of secure design patterns, embed security-related valuestreams into the agile development lifecycle, and align new and existing technologydeployments with evolving security standards.

  • Deploy new security technologies and enhancements to existing securitytechnologies and processes to strengthen Black and Veatch cyber resilience.

  • Listen to stakeholders; attract, develop, and retain cyber talent; and partner withcross-functional areas to protect Black and Veatch from brand, financial, legal &regulatory and operational harm resulting from a cyber breach.

  • Demonstrate exemplary team building skills with a focus on recruitment, retention,career development, and succession planning. Inspire and motivate team membersto identify and achieve bold cyber goals.

  • Administer Security budget and oversee quarterly budget planning and forecasting.

  • Leverage agile principles to gain efficiency in cyber security program execution todeliver on value streams within budget and consistent with rolling 12-monthroadmap.

Management Responsibilities

Supervises work of others. Responsible for hiring, discipline, and pay administration of their subordinates.

Preferred Qualifications

  • Bachelor’s degree in Computer Science, Information Technology, or a related field.

  • Security certifications: CISSP, CISA or CISM, required.

  • 12+ years of experience as a security professional including a breadth of experience covering multiple areas of security and compliance.

  • 5+ years of management experience, managing teams of 5-10 individual contributors and proven ability to grow the skillset and careers of technical professionals.

  • Prior experience working in federally regulated, preferred.

  • Strong history of managing and developing high performing teams, andretaining and attracting top cyber talent, preferred.

  • Possesses excellent interpersonal, relationship building and influencingskills; has demonstrated success in influencing key decision makers andbusiness partners to build positive working relationships and in gainingsupport for cybersecurity investment to execute against strategic initiatives.

  • Uses excellent written/verbal communication and presentation skills tobolster cyber acumen and advocacy across diverse stakeholders, includingsenior executives, end users, and board members.

  • Successful track record as a change agent, setting priorities and deliveringcyber outcomes across diverse and dynamic environments. Strong ability toassess the current and future value of a wide spectrum of cyber technologiesand to make informed recommendations regarding the introduction of newbusiness enabling technology solutions. Demonstrates prudent financialmanagement in the delivery of key results.

  • Deep understanding of cybersecurity program planning and managinginterdependence across a complex technology landscape, includinggovernance, risk management, architecture, technology onboarding,vulnerability management, awareness and training, and cyber third-party riskmanagement. Experience in the development, implementation, andoperationalizing on-going cyber capabilities / solutions.

  • Strong execution skills and an understanding of how to create, monitor andreport on project execution and on how to measure and report on programsuccess.

  • Strong technical foundation, including security architecture, vulnerabilitymanagement, threat modeling, assessment and testing, and securesoftware development.

  • Strong understanding and knowledge of common information securitymanagement frameworks, such as ISO/IEC 27001, and the NIST CSF.

  • Experienced in general cybersecurity regulatory and compliance (e.g., SOX,SOC2, HITRUST, FedRamp, DFARS, CMMC, etc.).

Minimum Qualifications

All applicants must be able to complete pre-employment onboarding requirements (if selected) which may include any/all of the following: criminal/civil background check, drug screen, and motor vehicle records search, in compliance with any applicable laws and regulations.

Certifications

Work Environment/Physical Demands

Typical office environment.

Competencies

Customer focus

Manages ambiguity

Builds effective teams

Salary Plan

ITS: Information Technology Service

Job Grade

008

Black & Veatch endeavors to makeaccessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process because of a disability, please contact the Employee Relations Department at +1-913-359-1622 or via our. This contact information is for disability accommodation requests only; you may not use this contact information to inquire about the status of applications. General inquiries about the status of applications will not be returned.

Black & Veatch is committed to being an employer of choice by creating a valuable work experience that keeps our people engaged, productive, safe and healthy.

Our comprehensive benefits portfolio is a key component of this commitment and offers an array of health care benefits including but not limited to medical, dental and vision insurances along with disability and a robust wellness program.

To support a healthy work-life balance, we offer flexible work schedules, paid vacation and holiday time, sick time, and dependent sick time.

A variety of additional benefits are available to our professionals, including a company-matched 401k plan, adoption reimbursement, tuition reimbursement, vendor discounts, an employment referral program, AD&D insurance, pre-taxed accounts, voluntary legal plan and the B&V Credit Union. Professionals may also be eligible for a performance-based bonus program.

We are proud to be a 100 percent ESOP-owned company. As employee-owners, our professionals are empowered to drive not only their personal growth, but the company's long-term achievements - and they share in the financial rewards of the success through stock ownership.

By valuing diverse voices and perspectives, we cultivate an authentically inclusive environment for professionals and are able to provide innovative and effective solutions for clients.

Black & Veatch Holding Company, its subsidiaries and its affiliated companies, complies with all Equal Employment Opportunity (EEO) affirmative action laws and regulations. Black & Veatch does not discriminate on the basis of age, race, religion, color, sex, national origin, marital status, genetic information, sexual orientation, gender Identity and expression, disability, veteran status, pregnancy status or other status protected by law.

For our EEO Policy Statement, please click. If you’d like more information on your EEO rights under the law, please clickand.

Notice to External Search Firms : Black & Veatch does not accept unsolicited resumes and will not be obligated to pay a placement fee for unsolicited resumes. Black & Veatch Talent Acquisition engages with search firms directly for hiring needs.

Nearest Major Market: Olathe

Nearest Secondary Market: Kansas City

Job Segment: Engineer, Engineering

DirectEmployers