What are the responsibilities and job description for the Director of Information Security and Data Governance position at Tecta America Corp.?
Description
Tecta America is the leading commercial roofing company in the U.S. and we are actively looking for great people to help build our team. Ignite your future by adding your talent and experience to Tecta's success. With over 100 locations and more than 4,000 employees, Tecta is Roofing Redefined.
We are actively pursuing a Director of Information Security and Data Governance for our corporate office in Rosemont, IL.
The Director of Information Security and Data Governance to lead and enhance our cybersecurity strategy, focusing on securing sensitive data and IT infrastructure across a distributed environment with 100 nationwide operating locations. This role will oversee the implementation and ongoing management of security technologies such as Fortinet firewalls, SentinelOne, Proofpoint and Abnormal to protect against evolving threats. Reporting to the CIO, the Director will play a key role in shaping the organization's security posture, ensuring data privacy and compliance, and positioning the company for long-term security maturity. This role is designed with a clear growth path to a Chief Information Security Officer (CISO) position as the company's security needs expand.
Job Functions (Include):
Cybersecurity Leadership and Strategy
- Develop and execute a comprehensive cybersecurity strategy, with a focus on risk management, threat detection, and incident response.
- Oversee the implementation and management of Fortinet firewalls for network security, ensuring optimal performance in protecting internal and external assets.
- Lead the management and optimization of SentinelOne for endpoint protection, ensuring the security of devices across the organization and the rapid detection of potential threats.
- Collaborate with IT Operations to embed security across all IT initiatives and operations, ensuring proactive security measures are taken from the start.
- Work closely with development teams to integrate secure software development practices (e.g., threat modeling, secure coding, code reviews, and penetration testing) into the SDLC for in-house developed software solutions.
Data Governance and Sensitive Data Protection
- Develop and enforce a data governance framework to classify, protect, and secure sensitive data across the company's distributed operations.
- Implement and maintain encryption and access control mechanisms to safeguard PII, financial data, and other sensitive information.
- Leverage Veeam backups and disaster recovery solutions to ensure data availability and resilience in case of cyber incidents or natural disasters.
- Coordinate with external vendors to ensure data security standards are maintained for managed services and third-party integrations.
Risk Management, Compliance, and Audits
- Conduct regular security risk assessments, vulnerability scanning, and penetration testing to identify and address potential threats.
- Ensure compliance with relevant data privacy and security regulations (e.g., GDPR, CCPA, SOC 2, ISO 27001) and guide the company through audit and certification processes.
- Develop and enforce policies to mitigate risks associated with cloud-based services, on-premise infrastructure, and remote locations.
Incident Response and Security Operations
- Lead the development and execution of an incident response plan that addresses potential data breaches, ransomware attacks, and other security incidents.
- Oversee the management and configuration of Fortinet firewalls, SentinelOne endpoint protection, and Veeam backup systems to ensure continuous data protection and rapid incident detection and recovery.
- Monitor and respond to security alerts, utilizing SentinelOne and other tools to investigate, contain, and mitigate potential threats in real time.
Security Awareness and Training
- Develop and execute a company-wide security awareness program to educate employees on the importance of data protection and best practices for securing sensitive information.
- Provide targeted training on phishing prevention, secure data handling, and threat awareness, tailored to employees at all levels of the organization.
Leadership and Career Growth
- Partner with the CIO to define and implement a roadmap for evolving the organization's security strategy, with the goal of transitioning into a CISO role as the company's security needs mature.
- Serve as a thought leader in the organization, guiding teams on emerging threats, industry best practices, and innovative security solutions.
- Mentor and support cross-functional teams in integrating security into their workflows and operational processes.
Qualifications
- Bachelor's degree in Information Security, Computer Science, or a related field.
- 7 years of experience in IT security or cybersecurity, with experience in endpoint protection, network security, and data governance.
- Hands-on experience managing Fortinet firewalls, SentinelOne, VMware servers, and Veeam backups in an enterprise environment.
- CISSP, CISM, or similar cybersecurity certifications (preferred but not required).
- Familiarity with Fortinet NSE certifications or VMware certifications is a plus.
- Strong understanding of cybersecurity frameworks (e.g., NIST, ISO 27001) and data privacy regulations (e.g., GDPR, CCPA).
- Expertise in Fortinet firewalls, SentinelOne endpoint protection, VMware server security, and Veeam backup solutions.
- Experience with E-mail protection platforms (Proofpoint, Abnormal & KnowBe4)
- Excellent problem-solving, leadership, and communication skills, with the ability to influence and collaborate across teams.
At Tecta America, we take care of our team with a solid benefits package that works for you. This includes medical, dental, and vision coverage, a 401(k) with company match, paid time off, paid holidays, and more.
Tecta America is an Equal Opportunity Employer.
