Senior Director of Information Security

Loenbro is a trusted, long-term construction lifecycle partner to thousands of customers across the U.S. Our market spans all industries and our service offerings include Critical Electrical, Mechanical & Structural, Soft Crafts, Inspection, Underground Maintenance and Installation, and Fabrication. Our expertise lies in simplifying the complex and establishing long-standing relationships with our partners. We have a national presence but a local approach—every customer benefits from our capabilities and our care.

• Maintain enterprise cyber risk register with measurable scoring
• Align controls to NIST CSF, NIST SP 800-171, and regulatory requirements
• Lead policy, standards, and control documentation development
• Partner with Legal and Finance on cyber insurance and risk disclosures

• Oversee 24 hour monitoring strategy through internal capabilities or managed detection and response
• Establish centralized logging and SIEM capabilities
• Lead enterprise vulnerability management with defined remediation service level agreements
• Oversee endpoint detection and response strategy
• Implement Zero Trust principles across identity, endpoint, and network
• Ensure secure and immutable backup and recovery capabilities

• Lead CMMC 2.0 Level 2 control implementation and certification readiness
• Oversee System Security Plan and POA and M lifecycle management
• Lead SOC 2 Type II readiness and coordinate external audit examination

• Conduct cybersecurity due diligence for acquisitions
• Assess inherited risk and integration complexity
• Standardize identity, endpoint, logging, and governance controls across subsidiaries

• Secure Microsoft 365, ERP, BIM, and project management platforms
• Implement segmentation and control standards for distributed jobsites
• Assess and mitigate risk in operational technology environments
• Develop enterprise AI governance and data protection framework
• Protect Controlled Unclassified Information where applicable

• Maintain incident response program aligned to NIST 800-61
• Conduct executive ransomware simulations annually
• Align disaster recovery and business continuity with enterprise risk posture

• 10 or more years progressive cybersecurity experience
• 5 or more years leading security teams
• Experience implementing NIST SP 800-171 controls
• Experience leading CMMC 2.0 and SOC 2 Type II programs
• Experience in distributed multi-site environments
• Experience supporting federal or defense-related contracts preferred
• Experience in acquisition-driven growth environments preferred
• CISSP or equivalent certification preferred

• Builder mindset capable of scaling programs from developing to mature
• Strong executive communication skills that translate technical risk into business impact
• Cross-functional influence across IT, Finance, Legal, and Operations
• Comfortable operating in high-growth acquisition-driven environments
• Demonstrated ability to establish structure and discipline without slowing innovation

The physical demands and work environment described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions.

• Office Environment
• Being able to sit and/or stand for 8+ hours
• Controlled climate

This role requires compliance with all applicable safety regulations, personal protective equipment (PPE) requirements, and Loenbro's Environmental Health and Safety (EH&S) policies.