empty

Director Information Security

Cavco Industries, Inc.

Job Description

Posted on: 
November 25, 2024

Summary and company overview

ABOUT THE ROLE

This is the primary stakeholder responsible for formulating, implementing, and operationally supporting cybersecurity policies and procedures to safeguard the company from external and internal threats. S/he will develop and implement Information Security and Disaster Recovery programs that minimize risk and exposure to the company. This involves developing new concepts, methods, and strategies that drive continuous improvements in the overall security posture at Cavco. S/he will actively lead the planning, development, and the implementation of Information Security frameworks, methodologies, policies, standards, and procedures related to operational risk management, and IT audit procedures.

This person will be well-versed in monitoring the security environment (i.e., alerting systems), to identify threats, attacks, and intrusion attempts to defend against cyber threats. In addition to the technical requirements, the Director, Information Security will also be expected to effectively communicate risks, identify areas of improvement, and work closely to orchestrate mitigation plans in partnership with peers and leaders across the company. The Director, Information Security will act as the primary point of contact for all SOX IT Audit activities, coordinating with the Internal Audit team, external auditors, IT, and functional business units, in identifying any potential SOX gaps or deficiencies, while devising the gap remediation or process improvement activities in partnership with the IT organization, application, and platform owners.

COMPANY OVERVIEW

At Cavco Industries, Inc. (NASDAQ CVCO), our 7000 team members are at the heart of everything we do. We design and produce quality, affordable factory-built homes. We are also a leading producer of park model RVs, vacation cabins and factory-built commercial structures. In addition to providing competitive pay and benefits, we provide opportunities for development and upward mobility, while investing in the communities we serve. Our values are our foundation. We’re constantly striving to diversify our teams to ensure we have the best and brightest talent. We’re deeply committed to creating an inclusive and equitable workplace where each person can contribute.

For more about Cavco Industries and who we are, visit www.cavcoindustries.com.

Cavco Industries is a leading builder of manufactured homes, modular homes, park model RVs, vacation cabins and commercial buildings in the United States. We welcome people from all backgrounds who seek the opportunity to help deliver the dream of home ownership. In order to build homes for the customers we serve, we have to start at home with a workforce as diverse and empowered as our customers. To this end, we take great care to evaluate all employees and job applicants equally, based on merit, competence, and qualifications. Cavco Industries Inc. (and all its US companies) is an Equal Opportunity Employer Race/Age/Color/ Religion/Sex/Sexual Orientation/Gender Identity/National Origin/Disability or Protected Veteran Status. The selected candidate must be authorized to work in the United States

Responsibilities

  • Lead and coordinate the development of the Information Security posture improvement plan to include the identification of strategic goals and the path to achieve set objectives.
  • Experience developing and maintaining stakeholder relationships across large organizations, identifying cybersecurity threats and building remediation activities.
  • Strong background in a public company managing the SOX and IT Audit process to include gap remediation and long-term process improvements across in and out of scope systems/applications.
  • Collaborate with staff, senior management, and business unit partners to assess and support organization risk mitigation needs, by developing strategies, tactics, and quality review solutions.
  • Evaluate past InfoSec posture assessments and develop corrective action plans, drive roadmap integration, and regularly report on the status of approved recommendations.
  • Become a partner to the business by measuring and evaluating the success of risk programs to determine their effectiveness, and to ensure the business units’ adherence to the information security risk framework requirements, internal policies, and best practices.
  • Stays abreast of regulatory compliance standards, new and developing information security risk trends, and best practices. Understand how to assimilate these standards while minimizing impact to the business.
  • Implement Disaster Recovery (DR) and Business Continuity Planning (BCP) improvements for failover and resiliency on critical business applications (i.e., ERP, others) and platforms.
  • In partnership with the Chief Information Officer (CIO), manage partner/vendor (3rd party) contracts, negotiations, terms & conditions, license entitlement, and SLA adherence across executed agreements.

Job Requirements

Minimum Qualifications

  • Bachelor’s degree (technical or business field preferred); Master’s degree or MBA is a plus.
  • Possesses current certification(s) in cybersecurity that demonstrate active awareness and knowledge surrounding of security frameworks and best practices (i.e., CISSP, CISM, CISA).
  • 15+ plus years of progressively increasing responsibility in Information Security; 8+ years of leadership experience, preferably in a public company environment and multi-location enterprise organizations.
  • Ability to communicate effectively with both technical and non-technical stakeholders across multiple business units.
  • Experience maturing a Security Operations function (AV/Malware, SIEM, DLP, patch management) to achieve consistent SLA performance.
  • Background with log collection and analysis as part of an investigation process.
  • Experience building an InfoSec dashboard and SLA based metrics environment that identifies gaps, improvements, and operational performance across key Security posture pillars and functional areas.
  • Recent Incident response/Crisis response implementation experience, and proven implementation of these processes across multiple business units.
  • Strong background in risk evaluation and risk management.
  • Experience in managing the security lifecycle across an enterprise organization.
  • Demonstrated knowledge of data security and compliance controls.
  • Ability to articulate a vision and roadmap that connects with the corporate strategy, assimilates with cross-functional IT groups, and inspires individuals at all levels of the organization.
  • Excellent verbal and written communication skills; Experience communicating Security metrics and dashboards at the executive and Business Unit leader level; Board exposure a plus.
  • Ability to travel up to 20%

Preferred Qualifications

  • Master’s degree or MBA.
  • Board exposure.

Additional commentary

Business needs dictate that this position requires the presence and ability to work on-site 100%. Therefore, telecommuting or virtual/remote options will not be available.

Summary and company overview

ABOUT THE ROLE

This is the primary stakeholder responsible for formulating, implementing, and operationally supporting cybersecurity policies and procedures to safeguard the company from external and internal threats. S/he will develop and implement Information Security and Disaster Recovery programs that minimize risk and exposure to the company. This involves developing new concepts, methods, and strategies that drive continuous improvements in the overall security posture at Cavco. S/he will actively lead the planning, development, and the implementation of Information Security frameworks, methodologies, policies, standards, and procedures related to operational risk management, and IT audit procedures.

This person will be well-versed in monitoring the security environment (i.e., alerting systems), to identify threats, attacks, and intrusion attempts to defend against cyber threats. In addition to the technical requirements, the Director, Information Security will also be expected to effectively communicate risks, identify areas of improvement, and work closely to orchestrate mitigation plans in partnership with peers and leaders across the company. The Director, Information Security will act as the primary point of contact for all SOX IT Audit activities, coordinating with the Internal Audit team, external auditors, IT, and functional business units, in identifying any potential SOX gaps or deficiencies, while devising the gap remediation or process improvement activities in partnership with the IT organization, application, and platform owners.

COMPANY OVERVIEW

At Cavco Industries, Inc. (NASDAQ CVCO), our 7000 team members are at the heart of everything we do. We design and produce quality, affordable factory-built homes. We are also a leading producer of park model RVs, vacation cabins and factory-built commercial structures. In addition to providing competitive pay and benefits, we provide opportunities for development and upward mobility, while investing in the communities we serve. Our values are our foundation. We’re constantly striving to diversify our teams to ensure we have the best and brightest talent. We’re deeply committed to creating an inclusive and equitable workplace where each person can contribute.

For more about Cavco Industries and who we are, visit www.cavcoindustries.com.

Cavco Industries is a leading builder of manufactured homes, modular homes, park model RVs, vacation cabins and commercial buildings in the United States. We welcome people from all backgrounds who seek the opportunity to help deliver the dream of home ownership. In order to build homes for the customers we serve, we have to start at home with a workforce as diverse and empowered as our customers. To this end, we take great care to evaluate all employees and job applicants equally, based on merit, competence, and qualifications. Cavco Industries Inc. (and all its US companies) is an Equal Opportunity Employer Race/Age/Color/ Religion/Sex/Sexual Orientation/Gender Identity/National Origin/Disability or Protected Veteran Status. The selected candidate must be authorized to work in the United States

Apply now