Chief Information Security Officer

Job Title: Chief Information Security Officer (CISO)

Location: Birmingham, AL or Chicago, IL

Onsite, in office-based position

Reports to: Chief Financial Officer (CFO) of GVW Group

Job Summary

The Chief Information Security Officer (CISO) is responsible for establishing and maintaining the enterprise’s vision, strategy, and program to ensure information assets and technologies are adequately protected. The CISO is a key leadership role tasked with safeguarding sensitive data, mitigating risks, ensuring compliance, and responding effectively to cybersecurity incidents.

Key Responsibilities

1. Strategic Leadership
   • Develop, implement, and maintain an enterprise-wide information security strategy and roadmap.
   • Advise senior management and the Board of Directors on cybersecurity risks, compliance, and emerging threats.
   • Align security initiatives with business objectives to support growth while managing risk.
2. Risk Management and Compliance
   • Identify, assess, and prioritize cybersecurity risks and establish measures to mitigate them.
   • Ensure compliance with relevant legal, regulatory, and contractual requirements (e.g., GDPR, HIPAA, CCPA, ISO 27001).
   • Develop and enforce company-wide security policies, procedures, and standards.
3. Cybersecurity Operations
   • Oversee the design, implementation, and maintenance of security infrastructure, including firewalls, intrusion detection systems, and encryption technologies.
   • Lead the development of incident response plans and oversee their execution in case of security breaches.
   • Conduct regular audits, risk assessments, and penetration testing to ensure system integrity.
4. Emerging Threats and Innovation
   • Monitor the threat landscape and emerging technologies to proactively address vulnerabilities.
   • Develop partnerships with industry groups, government agencies, and vendors to stay ahead of cybersecurity trends.
   • Oversee security for cloud infrastructure, DevSecOps, and third-party vendors.

Qualifications

Education & Certifications

• Bachelor’s degree in Computer Science, Information Technology, or a related field (Master’s preferred).
• Industry certifications such as CISSP, CISM, CISA, or CRISC are highly desirable.

Experience

• 10+ years of experience in information security, IT risk management, or related fields, with at least 5 years in a senior leadership role.
• Proven track record of managing enterprise-level cybersecurity programs.

Skills & Competencies

• Deep understanding of cybersecurity frameworks (e.g., NIST, ISO 27001, COBIT).
• Strong analytical, problem-solving, and decision-making skills.
• Excellent leadership, communication, and collaboration abilities.
• Experience in incident response, cloud security, and data protection strategies.

Key Performance Indicators (KPIs)

• Reduction in security incidents and breaches.
• Compliance with regulatory and internal security standards.
• Employee cybersecurity awareness scores.
• Incident response times and recovery rates.

Who are we?

GVW Group is a dynamic private investment and industrial holding company dedicated since 1993 to growing and starting businesses. We take an entrepreneurial approach to building value for our scalable early stage, high-growth, and mid-sized operating companies by providing strategic expertise and resources. Along the way, we have expanded globally into diverse industries ranging from manufacturing, to technology, distribution, big data, engineering, and energy efficiency.

Where will you work?

This role will be based in Birmingham, Alabama, or Chicago, Illinois.

What do we offer in benefits?

We offer an attractive compensation and benefits package, to include base salary, incentive bonus opportunities, and benefits such as medical/dental/vision options, 401K plan, etc.