Ball Corporation / Ball Aerospace Enterprise Security Director (667440) in Boulder, Colorado
Enterprise Security Director (667440)
CO - Boulder
Return to Previous Page
Who We Are:
Ball Aerospace pioneers discoveries that enable our customers to perform beyond expectation and protect what matters most. We create innovative space solutions, enable more accurate weather forecasts, drive insightful observations of our planet, deliver actionable data and intelligence, and ensure those who defend our freedom go forward bravely and return home safely. For more information, visit http://www.ball.com/aerospace, Facebook or Twitter.
Enterprise Security Director
The Enterprise Security Director shall lead a highly skilled, multidisciplinary team of security professionals responsible for the execution of enterprise-wide security functions, information security, and National Industrial Security Program compliance. The individual will also perform as the Chief Information Security Officer (CISO) reporting to the Vice President of Security & Mission Assurance. Individual will provide strategic guidance on all security practices across all enterprise manufacturing and business support systems. The successful candidate will work across the business to determine acceptable levels of risk for the organization. The candidate must be highly knowledgeable of the business and external threat environment and be able to build a picture of how both the business drivers and external threats impact a specific risk profile. The Director will establish a program to identify, evaluate and report on enterprise security risks in a manner that meets compliance, regulatory requirements.
This position is at a director level and requires a visionary leader with sound knowledge of business management and a detailed knowledge of security technologies and threats inherent within the Defense Industrial Base. The successful candidate will proactively work with business units and functional groups to implement the enterprise risk management strategy.
The ideal candidate is an articulate and persuasive thought leader who builds consensus and can serve as an effective member of the Security & Mission Assurance leadership team. The candidate must maintain objectivity with a strong understanding that security is one of many business activities and should enable the business and provide it a competitive advantage. Ultimately, the mission of the Enterprise Security Director is to add business value and create competitive advantage for the business through effective and efficient risk management strategies.
What you’ll do:
Ensure enterprise-wide compliance with the National Industrial Security Program Operating Manual (NISPOM) and ensure audit readiness for DCSA vulnerability assessments.
Develop and monitor processes and procedures to protect information at rest (includes all information storage objects, containers, and types that exist statically on physical media, whether magnetic or optical disk) and in transit (when data is being transferred between components, locations, or programs) to include management of USG cryptographic equipment.
Develop and execute a company-wide Security Awareness, Training, and Education program to protect company proprietary and customer owned information.
Develop, implement and monitor a strategic, comprehensive enterprise information security and information technology (IT) risk management program to ensure the integrity, confidentiality and availability of information is owned, controlled or processed by the organization.
Build, develop and manage the enterprise security organization, consisting of direct reports and indirect reports. This includes hiring, training, staff development, performance management and conducting annual performance reviews.
Facilitate information security governance through formation of an information security steering committee.
Develop, maintain and publish up-to-date information security policies, standards and guidelines. Oversee the approval, training, and dissemination of security policies and practices.
Develop and manage information security budgets.
Create and manage information security and risk management awareness training programs for all employees and contractors.
Work directly with the business units (primarily Ball Corporate and Ball Aerospace Security teams) to facilitate IT risk assessment and risk management processes. Work with stakeholders throughout the enterprise on identifying acceptable levels of residual risk.
Create a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection.
Develop and enhance an information security management framework based on, but not limited to: The International Organization for Standardization (ISO) 2700X, ITIL, COBIT/Risk IT and National Institute of Standards and Technology (NIST 800-53, 800-171).
Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls.
Ensure security programs are in compliance with relevant contracts, laws, regulations and policies to minimize or eliminate risk and audit findings.
Define and facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address negative findings.
Manage security incidents and events to protect IT assets, including intellectual property, regulated data and the company's reputation.
Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action. Report on any data exfiltration within program guidelines.
Conduct risk assessments for Ball Aerospace-wide processes and make major system risk decisions.
Responsible for selecting solutions to enhance security controls to include security policies and procedures consistent with State, Federal, and contractual obligations.
Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation and increase the maturity of the security.
Understand and interact with related disciplines through committees ensuring consistent application of policies and standards across all technology projects, systems and services, including (but not limited to) privacy, risk management, compliance and business continuity management.
Maintain a regular and predictable work schedule.
Establish and maintain effective working relationships within the department, the Strategic Business Units, Strategic Support Units and the Company. Interact appropriately with others in order to maintain a positive and productive work environment.
Perform other duties as necessary.
What you’ll need:
BS/BA degree in a related field plus 15 or more years of related experience.
Each higher-level degree, i.e., Master’s Degree or Ph.D., may substitute for two years of experience. Related technical experience may be considered in lieu of education. Degree must be from a university, college, or school which is accredited by an agency recognized by the US Secretary of Education, US Department of Education.
Master’s degree is highly preferred. Other security-related certifications are highly desirable. (e.g. CISSP, CISM, CISA, etc.)
Minimum of five years serving in the role of CISO or documented equivalent, and minimum of 10 years of experience in a combination of risk. management, information security and/or IT Security related roles.
Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives in a dynamic environment.
Proven track record of partnering directly with executive leadership and aligning security initiatives with IT and Business strategy/objectives.
Knowledge of common information security management frameworks, such as NIST 800-171, CIS Top 20, ISO/IEC 27001, and ITIL.
Excellent written and verbal communication skills, interpersonal and collaborative skills.
Ability to effectively and clearly communicate security and risk-related concepts to technical and nontechnical audiences.
Must be a critical thinker, with strong problem-solving skills, project management skills: financial/budget management, scheduling and resource management.
A strong solution orientation with a penchant for not only identifying problems but also finding ways of solving them within typical business constraints.
Ability to lead and motivate cross-functional, interdisciplinary teams to achieve strategic goals.
Ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.
High degree of initiative and ability to work with little supervision.
Department of Defense and/or Defense and Aerospace industry experience preferred.
Top Secret Security clearance is highly desirable, with the ability to acquire and maintain this level of clearance.
Work is performed in an office environment, laboratory, clean room, or production floor.
Travel and local commute between Ball campuses and other possible non-Ball locations may be required.
Successful applicant for this position must be eligible to obtain a DoD clearance or government customer access to classified/sensitive material. A current DoD clearance is not required to be eligible for this position, however the successful applicant will be required to obtain a DoD clearance or government customer access within a reasonable time after the offer is extended and must be able to maintain the applicable clearance. *US Citizenship is Required. By applying to this position you are agreeing to complete a National Security Clearance Pre-Screen Questionnaire, if one is required, to evaluate your general ability to obtain the required security clearance or government customer access associated with this position.
Relocation for this position is Available
US CITIZENSHIP REQUIRED
Ball Aerospace is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.