Information technology plays a vital role at Steel Dynamic (SDI). SDI’s information technology environment is highly distributed and diverse. The scale and decentralized nature of the environment requires broad-based strategy and oversight leadership, disciplined execution and related documentation, and clear governance principles across the entire organization. We are seeking an experienced, collaborative, successful, and forward-thinking strategic  individual to provide effective results-oriented leadership, strategic insight, and broad-based planning as the Director of Information Security (DIS).

The DIS will report directly to the company’s Senior Vice President  and Treasurer, working collaboratively with senior leaders throughout the organization. The DIS champions SDI’s enterprise information security needs and is responsible in coordination with the company’s executive, technical, and operational leadership for a comprehensive risk-oriented strategy that enhances the organization’s information and technical security posture. The DIS leads the cyber security team while leveraging company-wide resources, facilitates information security governance, advises senior leadership on security direction and resource investments, and oversees policies to manage information security risk. This role requires exceptional communication skills, clear executive-level thinking, and a proven ability to drive timely successful outcomes.

Company and Program Leadership

• Lead information security strategic vision and planning processes to maintain an inclusive and comprehensive information security program for the entire company.
• Maintain and enhance security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements. Develop, and maintain a structured Information Security Roadmap of initiatives including sequencing, documented scopes, timelines, risks, and evidence of completion suitable for audit and compliance review.

Outreach, Education and Training

• Manage the end-user education and awareness programs and advise the organization on security issues and trends, best practices, and current and evolving vulnerabilities. Work with the organizational IT groups to build awareness and a sense of common purpose around information security. Deliver concise, high-quality written materials, for both executive and board level summaries, as well as materials for organizational IT groups.

Risk Management and Incident Response

• Develop, implement, and administer technical security standards, as well as a suite of security services and tools to address and mitigate information security risk.
• Provide leadership, direction and guidance in assessing and evaluating information security risks and security standards and policies. Maintain repeatable processes for control testing, log source validation, vendor performance verification, and security questionnaire responses. Ensure incident response documentation is complete, current, and aligned with enterprise expectations, including tabletop exercises and after-action reporting with corrective actions and deadlines.

Policy, Compliance and Audit

• Work collaboratively with IT, Internal Audit, Treasury, and outside consultants as appropriate on security assessments and audits.
• Work collaboratively with company leadership to build cohesive security and compliance programs for the organization to effectively address evolving risks.
• Oversee the team’s implementation of the  comprehensive compliance matrix of  organizational requirements (NIST CSF, CIS, insurance obligations, contractual controls, and company policies) and provide quarterly attestations.  Resolve audit findings, third-party testing findings, and internal remediation items
• Perform special projects and other duties as needed.

• Bachelor’s degree, preferably but not essential, in one of the following areas, Computer Science, Information Systems, Telecommunications, Networking, Engineering or a related field.
• Preferably, a minimum of five years of experience working in an information security and IT risk management role.
• Collaborative and strategic experience and perspective.
• Strong analytical and problem-solving skills.
• Effective written and verbal communication skills.
• excellent interpersonal and leadership skills.

Preferred:

• Demonstrated experience executing a structured security program with documented deliverables and measurable outcomes.
• Familiarity with security info and event management systems , endpoint protection, identity governance, cloud security, email security, OT/IT segmentation, and vulnerability management sufficient to validate vendor and team performance.
• Strong project management skills: running multiple concurrent initiatives, setting realistic timelines, and holding internal teams and vendors accountable.

Steel Dynamics, Inc., and all affiliated entities are equal opportunity employers.