Chief Information Security Officer

Job Description & Responsibilities

The Chief Information Security Officer (CISO) is the executive leader responsible for shaping directing and leading the cybersecurity program for Orion Steel Companies while ensuring system availability and reliability. The CISO will provide strategic cybersecurity guidance and oversight into IT infrastructure and application platforms by leading and managing the cybersecurity programs to help protect their infrastructure data and applications. This leader is responsible for system and network availability and reliability across the enterprise while driving 24x7 operational excellence across security monitoring incident response vulnerability management and attack surface reduction. The CISO will have extensive knowledge of Cisco networks cybersecurity best practices industry standards and regulations. The CISO will also have strong communication leadership and project management skills as well as the ability to work collaboratively with internal and external stakeholders. This is a technical leadership role.

Orion Steel is committed to maintaining and promoting a safe healthy and injury-free environment. It is required for all jobs.

Strategic Leadership & Vision

• Develop and execute a multi-year Information Systems Security and Infrastructure strategy aligned with business objectives and cyber security best practices

• Ensure the availability of systems and networks meet or exceeds the uptime requirements of business operations

• Lead the enterprise cybersecurity function ensuring continuous monitoring detection and response to cyber threats

• Oversee IT Infrastructure and security including systems networks and enterprise security domains such as endpoint protection email security vulnerability management and attack surface management

• Conduct regular pentesting for both external and internal environments. Conduct annual tabletop exercises for the cybersecurity incident response process

• Maintain strong situational awareness of emerging threats and vulnerabilities relevant to the steel industry

Cybersecurity & Risk Management

• Own the enterprise cybersecurity strategy including security architecture threat mitigation identity and access management and security incident response.

• Lead the Security Systems Engineer in building and maintaining a robust security posture across IT and OT systems.

• Ensure compliance with Canadian and U.S. regulations (e.g. PIPEDA CCPA NIST SOX where applicable).

• Oversee key security technologies including SIEM SOAR EDR and threat-intelligence platforms.

• Drive automation and orchestration to reduce mean time to detect (MTTD) and mean time to respond (MTTR).

• Oversee business continuity planning disaster recovery and risk management programs.

Technology Governance & Financial Leadership

• Develop and manage the Information Infrastructure and Systems Security budget including capital planning operational expenditures and technology investments.

• Establish infrastructure and security governance frameworks policies and standards for enterprise IT and OT operations.

• Manage and set priorities for the design maintenance development and evaluation of all infrastructure and cybersecurity systems

• Manage vendor relationships contracts and negotiations for hardware software services and telecommunications.

Team Leadership & Development

• Lead and mentor a multi-disciplinary technology team with managers and engineering specialists across multiple sites.

• Ensure clear organizational structure succession planning and employee development.

• Foster a culture of accountability collaboration cyber awareness safety and continuous improvement.

Cross-Functional Collaboration

• Advise senior management on risk levels and information system security posture

• Advise senior management on cost/benefit analysis of information security programs policies processes systems and elements

• Communicate the value of information technology security throughout all levels of the
  organization

• Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies

• Work closely with plant leadership to ensure technology adheres to cybersecurity best practices

• Act as the primary liaison between enterprise IT and Operational Technology (OT) groups.

Requirements

• Bachelors degree in Information Systems Computer Science Engineering or a related field.

  • Masters degree in Business Engineering or Information Systems (MBA or MSc) preferred

  • Executive-level certifications (CISM CISSP GIAC) required

• 10 years of progressive IT leadership experience including executive leadership responsibility.

• Experience overseeing infrastructure networking and cybersecurity functions in a multi-site industrial or manufacturing environment.

• Proven experience managing infrastructure operations in a mid-size company (500M)

• Proven experience developing and managing a cybersecurity framework in a mid-size company (500M)

• Familiarity with manufacturing systems OT/IT security SCADA and industrial networking.

• Experience with Cisco networks firewalls and security frameworks such as ISE and Umbrella. Cisco certification a plus

• Deep expertise with SIEM SOAR EDR and threat-intelligence tools. Experience with Nessus and Palo Alto Cortex a plus

• Proven experience managing mixed teams of employees contractors and managed service providers.

• Strong familiarity with frameworks such as NIST CSF MITRE ATT&CK and incident response methodologies.

• Executive leadership and strategic thinking.

• Strong financial and budget planning skills.

• Excellent communication with senior leaders board members and plant personnel.

• Ability to operate in a fast-paced asset-intensive safety-focused industrial environment.

• Strong decision-making problem-solving and crisis-management capabilities.

Compensation

• $220000 - $255500 USD per year

Open & Closing Dates:

• 2/2/2026 - 3/2/2026

Our total compensation package includes amazing benefits!

• Competitive wages and bonus opportunities
• Family medical dental and prescription coverage at minimal employee cost
• Short and long term disability programs
• Competitive retirement plans
• Flexible Spending and Health Savings Accounts
• Employer-provided and Voluntary Life Insurance options
• Paid vacation and recognized statutory holidays
• Apprenticeship and career advancement within the company
• Tuition reimbursement
• Wellness program

All applicants must be eligible to work in the USA.

While we thank all those who apply only those being actively considered for employment will be contacted.

Equal Opportunity Employer

Orion Steel Group L.L.C. is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race color religion sex national origin disability or protected Veteran status.

Orion Steel Group L.L.C. is committed to working with and providing reasonable accommodation to individuals with physical and mental disabilities.

If you need special assistance or an accommodation while seeking employment please e-mail or call: . We will make a determination on your request for reasonable accommodation on a case-by-case basis.