Public information officer h1.location_city

Job Description

Allied Universal® is hiring a Global Chief Information Security Officer (CISO). The Global Chief Information Security Officer (GCISO) will lead Allied Universal’s global cybersecurity strategy and operations, serving as the single accountable executive for cybersecurity across all of Allied Universal’s global operations, responsible for protecting the company’s people, systems, and data. Allied Universal® is the 3rd largest employer in North America and the 7th largest employer in the world, with approximately 800,000 employees in more than 100 countries and territories.

This role is responsible for defining, implementing, and maintaining a comprehensive, risk-based cybersecurity program designed to protect Allied Universal’s assets and technology platforms against evolving threats. The GCISO must be both a strategic leader and a hands-on practitioner capable of translating complex technical risks into business terms, fostering a culture of cybersecurity accountability throughout the organization, and directly engaging in key operational, investigative, and incident-response activities when necessary.

The GCISO reports directly to the Global General Counsel to ensure independent oversight and transparency to executive leadership and the Board, with a dotted-line reporting relationship to the Chief Technology Officer for alignment with technology architecture, strategy, and operations. The GCISO directly manages Regional Cybersecurity Leaders, who implement global standards and maintain local readiness while partnering closely with Regional Chief Information Officers (CIOs) to integrate cybersecurity requirements into regional IT operations and project delivery. The GCISO will operate out of our headquarters in Irvine, CA.

RESPONSIBILITIES:

Strategic Leadership:

• Develop and execute a global, risk-based cybersecurity strategy and program aligned with Allied Universal’s business objectives
• Establish, communicate, and oversee governance of enterprise-wide cybersecurity policies, standards, and controls that are appropriate for the company’s diverse global operations
• Lead, mentor and manage Regional Cybersecurity Leaders to promote consistency, accountability, and operational effectiveness across all regions
• Define and monitor key risk indicators, cybersecurity metrics, and maturity objectives to inform executive decision-making and drive ongoing program improvement
• Oversee global monitoring, detection, and response capabilities that provide 24×7 visibility into potential cyber risks and support timely containment activities
• Identify and assess emerging threats, technologies, and vulnerabilities to support informed planning and risk mitigation efforts
• Provide recommendations regarding cybersecurity investments and resource allocation, helping prioritize efforts based on risk, business impact, and value

Collaboration and Stakeholder Engagement:

• Foster a culture of cybersecurity awareness, ownership, and accountability across all functions and geographies
• Coordinate, develop, and implement programs designed to train Allied Universal’s workforce regarding the company’s cybersecurity requirements, including applicable cybersecurity laws and requirements and responding to evolving cybersecurity threats

Risk Management:

• Evaluate emerging threats and vulnerabilities, driving continuous improvement of the company’s cybersecurity posture as appropriate
• Direct recurring global cybersecurity risk assessments; oversee associated cybersecurity risk management activities, including maintenance of a risk register, remediation tracking, and risk decisions
• Oversee periodic internal and external cybersecurity audits to verify adherence to policies, standards and regulatory requirements
• Report promptly on cybersecurity risks to relevant Allied Universal Leadership upon identifying risks that exceed tolerance levels

Compliance:

• Support compliance with regulatory requirements as well as any Allied Universal and customer contractual obligations for cyber security
• Remain current and knowledgeable regarding applicable cybersecurity laws and regulations, including laws and regulations applicable to government contractors
• Lead on various external cybersecurity initiatives, including compliance for protecting sensitive data such as responding to regulators and customer audits

Incident Response:

• Direct and continuously improve the enterprise incident-response program, including playbooks, tabletop exercises, and post-incident reviews
• Lead cross-functional coordination with Legal, Technology, Operations, and Regional CIOs to contain and recover from major cyber incidents
• Oversee specialized incident-response and investigative resources for critical events
• Provide timely updates to the CEO, Global General Counsel, and Board on incident status, impact, and remediation progress

Assessments and Audits:

• Review and assess the effective deployment of cybersecurity technologies, tools and software by Allied Universal, third parties, and related vendors
• Coordinate and respond to various cybersecurity assessments, including, as required, certifications to process certain government-related data or other sensitive data
• Monitor and manage cybersecurity aspects of the third-party lifecycle and confirm that third parties’ cybersecurity practices align with Allied Universal’s cybersecurity risk tolerance

Third-Party Due Diligence:

• Communicate/respond to requests regarding the effectiveness of Allied Universal’s cybersecurity program regarding third-party diligence, selection, and monitoring (e.g., insurance, debt financing, public accounting, initial public offering, etc.) in coordination with Allied Universal Leadership, including IT, Legal and Procurement

Communication and Reporting:

• Provide regular briefings to the CEO, Global General Counsel, and Board of Directors on cybersecurity posture, key risks, and, if applicable, major incidents.
• Communicate with internal and external stakeholders (including government and prime contractor customers) regarding Allied Universal’s cybersecurity program
• Prepare and present reports on Allied Universal’s cybersecurity posture to the CEO and Board of Directors, and other Allied Universal Leadership

Business Continuity and Disaster Recovery:

• Partner with IT and Operations to ensure business-continuity and disaster-recovery programs incorporate cybersecurity risk considerations, are regularly tested, and effectively support enterprise resilience objectives

QUALIFICATIONS (MUST HAVE):

• Bachelor’s degree in computer science, Information Technology, cybersecurity, or a related field
• Minimum of fifteen (15) years of progressive experience in cybersecurity
• Minimum of seven (7) years in a senior management role in an information security function
• Experience in managing, responding to, and mitigating cyber incidents
• Experience or familiarity with government contracting and public and private company cybersecurity reporting requirements
• Hands-on cyber incident response coordination and oversight experience
• Expertise in risk-based frameworks (NIST CSF, ISO 27001, SOC 2, CMMC, NIST 800-171) and familiarity with applicable regulatory regimes (SEC, GDPR, state breach laws, etc.)
• Proven ability to engage with CEO, Board of Directors, and Executive Team on cybersecurity strategy and governance
• Ability to operate effectively as both strategist and practitioner, a player-coach who drives global cybersecurity direction while engaging hands-on to guide, mentor, and resolve complex technical and operational challenges
• Strong leadership skills as well as the ability to work and communicate (verbal, written, and interpersonal) effectively with other leadership and their teams
• An entrepreneurial and innovative mindset regarding cybersecurity development and operations
• A strong understanding of the business impact of cybersecurity policies, tools, and technologies, including leveraging existing assets and talent to efficiently manage cybersecurity spend

PREFERRED QUALIFICATIONS (NICE TO HAVE):

• Recognized security certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), etc.

COMPENSATION AND BENEFITS:

• Base salary range: $275,000 to $350,000 (based on skills, qualifications, and relevant experience), annual bonus, equity package
• Medical, dental, vision, supplemental income plan with a company match, basic life, AD&D, and disability insurance
• Eight paid holidays annually, five sick days, and four personal days
• Executive Flex Vacation Plan #LI-26