EMCOR Group, Inc. (NYSE: EME) is a Fortune 500 company and a leader in mechanical and electrical construction, industrial and energy infrastructure, and building services.
A provider of critical infrastructure systems. EMCOR gives life to new structures and sustains life in existing ones by it planning, installing, operating, maintaining, and protecting the sophisticated and dynamic systems that create facility environments. This includes electrical, mechanical, lighting, air conditioning, heating, security, fire protection, and power generation systems--in virtually every sector of the economy and for a diverse range of businesses, organizations and government. EMCOR represents a rare combination of broad reach with local execution, combining the strength of an industry leader with the knowledge and care of 170 locations.
Job Title: -- Director, Security & Compliance
Job Summary: -- The Director, Security & Compliance is responsible for supporting the maintenance of EMCOR’s Security Program and protecting EMCOR’s information assets and technologies. This includes enhancing the information security management framework, maintaining and supporting the vendor risk management process, and monitoring external threats. This position is flexibly located so no relocation is required.
Essential Duties and Responsibilities: --
At management direction, implement and monitor a strategic, comprehensive enterprise information security management program to ensure the integrity, confidentiality and availability of information is owned, controlled or processed by the organization
Enhance an information security management framework based on the International Organization for Standardization (ISO) 2700X, Center for Internet Security (CIS) Top 20 Security Controls, and National Institute of Standards and Technology (NIST)
Follow strategic security guidance for technology projects including the evaluation and recommendation of technical controls
Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security program
Implement, at management direction, a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants and other service providers
Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action
Provide technical expertise for security and systems questions as well as supporting operating company questions and issues
Investigate and resolve security issues across EMCOR
Follow established processes and policies for all security incidents
Lead or participate in the incident response team, including providing detailed documentation of the incident
Lead and participate in activities related to pre-and post-acquisition projects
Develop and roll out new tools for use in the security program
Manage, upgrade, and maintain servers and policies required for information security tools
Review security for software license agreements as needed
Perform site visits at operating companies resulting in data collection and assessment of the operating company security process and procedures Interface with security vendors for annual testing and incident response
Assist in development of Corporate IT policies
Assist senior IT and Operations leaders to develop, maintain, and publish up-to-date information security policies, standards and guidelines
Ensure consistent application of policies and standards across all technology projects, systems and services
Coordinate IT and Security projects between EMCOR divisions and EMCOR Corporate
Direct contact with the enterprise architecture team; ensure alignment between security and enterprise architectures
Maintain relationships with local, state and federal security agencies
Special projects as assigned
Qualifications: --
B.A./B.S. or equivalent experience required
Five years minimum experience in information security management
Hold and maintain ISC2 or SANS certification
We offer our employees a competitive salary and comprehensive benefits package and are always looking for individuals with the talent and skills required to contribute to our continued growth and success. Equal Opportunity Employer/Veterans/Disabled
Qualifications
EducationBachelors (required) Experience5 years: minimum experience in information security management (required)