• Job Description

  Req#: 73623

  ABM (NYSE: ABM) is a leading provider of facility solutions with revenues of approximately $6.4 billion and over 130,000 employees in 300+ offices deployed throughout the United States and various international locations. ABM’s comprehensive capabilities include electrical & lighting, energy solutions, facilities engineering, HVAC & mechanical, janitorial, landscape & turf, mission critical solutions and parking, provided through stand-alone or integrated solutions.

  Job Description:

  This person will be responsible for providing strategic direction and operational management of company information security systems in their scope of their responsibility, as well as possess an in-depth knowledge of regulatory requirements as well as information security systems, services, best practices, policies, procedures, and controls. They must also be knowledgeable of security trends and must be able to interact with all levels of management and leadership, as well as technicians. Specific responsibilities include:

  • Product Security Strategy: Develop and implement a comprehensive cybersecurity strategy specifically tailored to the company's innovation products, ensuring alignment with industry standards and best practices.
  • Threat Assessment and Mitigation: Identify potential threats and vulnerabilities in the products through risk assessments, security testing, and analysis, and develop strategies to mitigate these risks effectively.
  • Risk Assessment and Management: Identify potential security risks, assess their impact on business operations, and develop strategies to mitigate these risks.
  • Secure Product Development: Collaborate with product development teams to integrate security measures and best practices into the product development lifecycle, ensuring that security is considered from the outset.
  • Security Standards and Compliance: Ensure that the products meet all relevant security standards, compliance requirements, and industry regulations (such as GDPR, NIST, ISO 27001), and oversee audits to maintain compliance.
  • Incident Response and Management: Develop and implement incident response plans specific to product security incidents, coordinate responses to breaches, and lead efforts to minimize the impact of security incidents on products and customers.
  • Security Architecture and Design Review: Conduct thorough security architecture and design reviews for products, providing guidance and recommendations to enhance security features and functionalities.
  • Vendor and Third-Party Security Assessment: Evaluate and manage the security risks associated with third-party components, integrations, or services used within the products.
  • Security Training and Awareness: Provide guidance and training to product teams and stakeholders on cybersecurity best practices, emerging threats, and security protocols relevant to the products.
  • Continuous Improvement: Stay updated on evolving cybersecurity threats, technologies, and industry trends to proactively implement improvements in product security measures.
  • Collaboration and Communication: Work closely with cross-functional teams including IT, legal, compliance, and senior management, engineering, marketing, legal, and senior leadership to ensure that security considerations align with product roadmaps and business and objectives align security initiatives.

  Responsibilities:

  In the role of the Cybersecurity Director, BISO you will also hold more general responsibilities, such as:

  • Works closely with the VP/CISO, IT and Business representatives to roadmap and manage programs, budgets, and services that directly enable business, security, and technology goals.
  • Be a key contributor to the design, implementation, administration, maintenance, and monitoring of the Business information security program.
  • Coach, mentor, and lead team members, manage and train staff, nurture talent to develop capabilities relevant to their career development.
  • Actively participate in the interviewing and hiring processes and ensuring successful functional on-boarding of new employees.
  • Manage a culture of performance within the team, ensuring the company’s performance management process is embedded and delivered within the timelines. This includes ensuring formal performance reviews are conducted to provide real-time affirmative and constructive feedback that is linked to clearly defined and SMART objectives and goals and development plans are implemented to facilitate career path aspirations.
  • Understand expectations and take appropriate actions to continuously meet expectations of customers both internal and external where required.
  • Drive business results by representing security to internal business units.
  • Identify security gaps and develop plans and action steps for timely remediation.
  • Identify control gaps, define, and implement appropriate remediations plans.
  • Monitor team Business Plan to ensure appropriate allocation of resources to meet department goals.
  • Responsible to continuously seek opportunities to improve controls.
  • Develop, implement, communicate, and maintain procedures and process controls for area of responsibility, in accordance with corporate and IT policies.
  • Perform controls and maintain evidence of control for area of responsibility.
  • Create and deliver presentations to senior management on project goals and plans, progress reporting, updates, milestones, metrics, risks, and issues.
  • Organize and facilitate planning, status meetings, reviews, requirements and release planning, and other related meetings.
  • Act as an agent of change in driving security enabled projects to improve business performance.
  • Performs product selection, vendor evaluations, and development of security technologies.
  • Other cybersecurity functions as assigned by VP/CISO.

  Required Qualifications:

  • Bachelor's Degree in Business, Computer Science, Information Security, or related field from an accredited college
  • Minimum of 15(+) years of work experience with a minimum of 10 in Information Technology; with increasing level of responsibility in an organization with similar operational scale and geographic footprint.
  • Experience working with information security management, information management, information systems, legal, compliance, and data governance and/or risk management.
  • Familiarity and knowledge with relevant legal and regulatory requirements like SOX, HIPAA, CPAA, and GDPR.
  • In-depth knowledge of information risk concepts/related business needs to security controls.
  • Understanding of Cloud Computing.
  • Knowledge in security controls frameworks design, application, and testing.
  • Multi-task orientation to handle multiple competing tasks at once while remaining flexible to changing requirements and priorities.
  • Substantial tactical planning capabilities including analytical and innovative thinking.
  • Excellent interpersonal and communication capabilities essential given diverse nature of operating landscape and cultural sensitivities.
  • Must operate with a high degree of integrity and will be expected to work on confidential projects.
  • Strong communications skills (both verbal and written English) required.
  • Must manage ambiguity, resolve urgent and competing demands, and go above-&-beyond to deliver outcomes.
  • Must have measured courage to say "no," to focus on key priorities.
  • Strong ability to think creatively when approaching issues.
  • Strong critical thinking and problem-solving skills.
  • Ability to think strategically and innovatively, including a demonstrable capacity to proactively identify and respond to relevant IT Risk related issues of both long-term and immediate importance to the Company.
  • Exceptionally self-motivated, directed and detail oriented.
  • Strong level of experience using the MS suite of Products.
  • Ability to establish credibility and working relationships with a wide range of corporate personnel, including operations, management, executive and legal staff as well as external personnel, including auditors and regulators.
  • Self-starter that can work efficiently both independently and with teams.

  Preferred Qualifications:

  • A Master’s degree from an accredited college or university
  • One or more of the following additional Information Security certifications are preferred: ITIL, CISA, CISM, GMON, CISSP, GSNA, CRISC, GSE, CCSP, CHFI.

• About the company

  ABM Industries Inc. is a facility management provider in the United States. Founded in 1909 by Morris Rosenberg in San Francisco, California, as a window washing business. ABM provides facility services in areas such as electrical and lighting, energy, facility engineering, HVAC and mechanical, janitorial services, landscape and grounds, parking and transportation. ABM's services also include energy efficiency and sustainability such as building improvements, electric vehicle charging stations, and renewable energy solutions.

Notice