Primary Purpose:
Sempra Infrastructure, a leading energy infrastructure company, is seeking an experienced and strategic Chief Information Security Officer (CISO) to join their mission-driven and innovative organization. The CISO will be responsible for creating and managing an enterprise-wide cybersecurity program which will play a crucial role in safeguarding Sempra Infrastructure's critical information assets and infrastructure as well as enabling secure digital transformation.
Reporting directly to the Vice President & Chief Information Officer (CIO), you will create strategy, policies and standards as they relate to application security, infrastructure security, compliance and security operations to ensure a robust security governance framework in alignment with business objectives and regulatory requirements. You will be responsible for leading the cybersecurity organization based in the US and Mexico, setting strategic priorities for cybersecurity initiatives, and ensuring the implementation of cybersecurity best practices across international operations. This role requires executive leadership experience, direct experience in leading a global security team in a highly regulated industry, and a strong background in global security regulations and compliance.
The ideal candidate will fill a visible, strategic, and high-impact leadership role within the organization. You will have excellent domain knowledge, and skills that leverage the capabilities of peers, business partners, and clients. You will instill the duty to protect our systems and the data of customers, employees, investors and partners. As such, this leader must engender control, trust, accountability, transparency, and urgency in the execution of his/her responsibilities. The ideal candidate will balance technical expertise with business acumen to drive a culture of security across our global operations.
Duties and Responsibilities
- Value Delivery, Strategy & Risk Management:
- Develop and implement a robust information security strategy and program that aligns with the organization’s objectives and regulatory requirements.
- Assess and manage cybersecurity risks across the organization's digital infrastructure, networks, and sensitive data. Implement risk mitigation strategies and ensure regular risk assessments and audits.
- Ensure the successful execution of cybersecurity program initiatives aimed at continuous improvements and increased cybersecurity maturity.
- Oversee security operations, including incident response, threat intelligence, and vulnerability management at all locations. Lead the organization's response to cybersecurity incidents and breaches, ensuring quick recovery and minimal impact.
- Oversee the selection and implementation of appropriate security technologies to protect the organization's systems and data.
- Oversee the security aspects of the company's digital transformation initiatives, including cloud adoption, OT and IoT integration.
- Brief the board of directors on the cybersecurity program and develop metrics to show measurable impact and progress of the cyber program and risk landscape.
- Stay informed on emerging threats, technologies, and regulatory requirements in the energy sector.
- GRC & Security Awareness:
- Establish and enforce security policies and procedures that comply with relevant legal, industry standards, regulations, and best practices (e.g., NERC CIP, ISO/IEC 27001).
- Drive security awareness and training programs for employees at all levels to instill a sense of culture for cybersecurity.
- Oversee the business continuity and resiliency plan in strong collaboration with the CIO and other business leaders.
- Leadership & People Management:
- Lead and mentor the cybersecurity team, fostering a culture of security awareness and continuous improvement.
- Develop, attract, and retain top talent for high performance and agility.
- Create a work climate that enables project team members to develop professionally and that values diversity, promotes teamwork, and emphasizes quality, customer satisfaction, creativity, continuous improvement, and cost effectiveness.
- Collaboration & Communication:
- Collaborate with executive leadership, including the CIO, and business unit leaders, to ensure security initiatives support overall company goals and to integrate cybersecurity into business processes and decision-making.
- Work closely with IT, operations, and other departments to ensure a cohesive approach to cybersecurity.
- Work closely with vendors and other external stakeholders to ensure that security standards are maintained and integrated into all projects and processes.
- Serve as the liaison for collaboration and interacting with law enforcement agencies both local and federal.
- Performs other duties as assigned (no more than 5% of duties).
Required Qualifications
- Bachelor's Degree Computer Science, Information Security, Cybersecurity, or a closely related field, and or equivalent related experiences.
- 15 years Progressive experience in information security roles, with at least 5 to 7 years in a senior management role within a large, complex organization, preferably in the energy sector or related industries.
- Cybersecurity Practices and Technologies Deep understanding of the latest cybersecurity technologies, practices, and methodologies, including intrusion detection systems, firewalls, anti-virus software, data encryption, and other industry-standard techniques and practices. Knowledge of emerging technologies and their security implications (e.g., AI, IoT, cloud computing).
- Critical Infrastructure: Experience in managing security for critical infrastructure and operational technology (OT) environments.
- Regulatory Compliance Extensive knowledge of relevant standards and regulations such as GDPR, NERC CIP, ISO/IEC 27001, and NIST frameworks. This includes understanding specific regulatory requirements applicable to the energy sector.
- Information Technology Systems: Broad knowledge of IT systems and architectures, with a strong grasp of cloud security, network security, and data security solutions.
- Crisis Management and Incident Response: Experience in crisis management and incident response.
- Strategic Planning: Strategic thinker with the ability to align security initiatives with business objectives. Ability to develop and implement long-term security strategies that align with the organization's goals and respond dynamically to evolving threat landscapes.
- Analytical Skills: High-level analytical skills to assess security systems, foresee potential vulnerabilities, and devise strategies to mitigate risks.
- Communication: Excellent verbal and written communication skills, capable of clearly explaining complex security risks and strategies to stakeholders at all levels, including non-technical audiences.
- Leadership and Team Management: Demonstrated leadership ability to guide and inspire a team of security professionals, fostering a culture of continuous improvement and proactive security posture.
Preferred Qualifications
- Master's Degree in computer science, computer information systems engineering, business, related discipline, MBA, or equivalent training and/or experience.
- Bilingual (English/Spanish) highly desirable.
- Certified Information Systems Security Professional (CISSP).
- Certified Information Security Manager (CISM).
- Certified Chief Information Security Officer (CCISO).
- Other relevant industry certifications such as CompTIA Security+, GIAC Security Essentials, or Certified Information Systems Auditor (CISA).
Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled
#J-18808-Ljbffr