Cybersecurity Director

About Builders Vision

Builders Vision is an impact platform that aims to shift markets and minds for good in pursuit of our vision for a humane and healthy planet. We work to help address some of the most difficult environmental and sustainability challenges across three focus areas: oceans, food & agriculture, and energy.

Our Builders Vision team includes more than 100 impassioned individuals who activate our platform using three primary approaches to influence stakeholders and drive impact across our focus areas:

• Deploying Capital
• Supporting Partners
• Advocating for Change

Our commitment to people and the planet extends to our workplace policies and benefits. In 2023, Builders Vision was named one of Fast Company’s Most Innovative Companies and voted one of Chicago’s Best Places to Work by Crain’s Chicago Business. We are headquartered in the West Loop, one of Chicago’s most thriving and dynamic neighborhoods, and our offices have achieved Gold-level certifications from both the Leadership in Energy and Environmental Design (LEED) and the International WELL Building Institute.

You can read more about our team, programs, and impact here: https://www.buildersvision.com.

Our Commitment to Justice, Equity, Diversity, and Inclusion

Justice, Equity, Diversity, and Inclusion (JEDI) are at the core of our mission to shift markets and minds for good. We know that a humane and healthy planet starts with us. We commit ourselves to learning from others and doing the work to become a more just, equitable, diverse, and inclusive organization, and we will seek to promote those same values in the world around us. We actively seek to recruit, develop, and retain the most talented people from a diverse candidate pool and create an inclusive culture that centers equitable practices and policies. We are an equal opportunity employer, and we welcome people from all experiences, abilities, and perspectives to apply.

Position Summary

Builders Vision is seeking an experienced Cybersecurity Leader to head up our cybersecurity efforts. This role will be responsible for ownership of our cybersecurity footprint, managing relationships with key vendors, and keeping the organization of the ever-changing threat landscape. The ideal candidate is very process oriented and will combine strong technical knowledge with excellent leadership and relationship management skills.

Key Responsibilities

Vendor Management

• Oversee relationships with key technology partners, including Managed Service Provider, Cybersecurity Provider, and several critical cybersecurity vendors.
• Negotiate contracts, manage service level agreements, and ensure vendors meet performance expectations.
• Regularly evaluate vendor performance, review alternatives, and lead the implementation of new partnerships as needed.

Cybersecurity Leadership and Governance

• Own and drive the company's comprehensive cybersecurity program, ensuring alignment with industry best practices, regulatory requirements, and Builders Vision’s risk appetite.
• Regularly communicate with executive leadership on Cybersecurity threats including key projects, risks, and performance metrics.
• Develop, implement, and regularly update a robust information security management system (ISMS) based on frameworks such as ISO 27001 or NIST Cybersecurity Framework.
• Establish and maintain a risk management process, including regular risk assessments, threat modeling, and risk mitigation strategies.
• Implement and oversee formal security policies and procedures framework, covering areas such as access control, data protection, incident response, and change management.
• Lead the development and maintenance of a comprehensive set of security standards, guidelines, and procedures for all IT systems and business processes.
• Establish metrics and key performance indicators (KPIs) to measure the effectiveness of the cybersecurity program.
• Coordinate regular internal and external security audits and penetration tests, ensuring timely remediation of identified issues.
• Lead cybersecurity awareness and training programs for all employees, ensuring a strong security culture throughout the organization.
• Stay informed about evolving cybersecurity threats, compliance requirements, and best practices, adjusting the security program accordingly.

Security Operations

• Oversee the implementation and management of security technologies, including firewalls, intrusion detection/prevention systems, endpoint protection, and SIEM tools.
• Maintain a vulnerability management program, including regular scanning, patching, and remediation processes.
• Enhance and drive standards in a robust identity and access management (IAM) system, including multi-factor authentication and privileged access management.
• Oversee a comprehensive data protection strategy, including data classification, encryption, and data loss prevention measures.
• Establish and maintain secure configuration standards for all IT assets, including servers, workstations, network devices, and cloud resources.
• Ensure the security and performance of all IT systems, including networks, laptops, and mobile devices.
• Partner with other team members to ensure new software and hardware meets cybersecurity and compliance requirements
• Contribute to the creation of a culture of service and partnership, ensuring timely and effective issue resolution

Compliance and Reporting

• Ensure our compliance and key vendor compliance with relevant industry regulations and standards (e.g., SOC 2, IS27001, GDPR, CCPA) as applicable.
• Develop and maintain documentation required for compliance audits and assessments.
• Manage the process of obtaining and maintaining necessary security certifications for the organization.

Strategic Planning

• Update and maintain the Cybersecurity roadmap, aligning technology initiatives with business objectives.
• Manage the Cybersecurity budget, including forecasting, cost control, and ROI analysis for technology investments.
• Stay informed about emerging technologies and industry trends, recommending innovation that could fortify our security posture.

Required Qualifications

• Bachelor’s degree in computer science, Information Technology, or related field
• Minimum of 8 years of experience in Cybersecurity
• Excellent leadership skills with a track record of developing high-performing teams.
• Strong communication skills, including the ability to explain technical concepts to non-technical audiences.
• In-depth knowledge of cybersecurity frameworks, standards, and best practices (e.g., NIST CSF, ISO 27001).
• Experience in implementing and managing comprehensive information security management systems.
• Expert level knowledge of SIEM, EDR, IAM, and DLP.
• Proven experience in vendor management, project management and contract negotiation.
• Experience with both strategic planning and hands-on technical problem-solving.

Preferred Qualifications

• Experience working in financial services, non-profits or other regulated industries.
• Knowledge of data privacy regulations (e.g., GDPR, CCPA).
• Advanced certifications such as CISSP, CISM, or CRISC.
• Hands on experience with common white-hat hacking techniques
• Experience in conducting or managing penetration testing and vulnerability assessments.
• Knowledge of cloud security architecture and best practices for major cloud platforms (e.g., AWS, Azure, GCP).

Work Schedule Requirements

• Standard business hours with flexibility for after-hours support of critical issues and planned maintenance.
• SOC handles 24/7 incident support.
• Must be available for emergency escalations from SOC or executive team members.

Personal Attributes for Success

• Proven track record of unquestionable ethics and integrity.
• Service-minded, process oriented, and exhibit outstanding attention to detail.
• Adaptable, able to thrive in a fast-paced environment, and committed to fostering a culture of continuous improvement.
• Excellent interpersonal skills, demonstrating the ability to build relationships at all levels of the organization and with external partners.
• Bias for action, always leading progress.
• History of handling highly confidential information with discretion.
• Proactive and risk-aware mindset, with the ability to balance security requirements with business needs.
• Communicate complex security concepts effectively to both technical and non-technical audiences and have the diplomatic skills to influence decision-making at all levels of the organization.

Builders Vision is an equal opportunity employer and is committed to building and maintaining a culturally diverse workplace. We encourage women, minorities, individuals with disabilities and veterans to apply. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, sexual orientation, gender identity, age, veteran status, or any other status protected by the laws or regulations in the locations where we operate.