Mission:

The mission of the Information Security Lead is to safeguard the organization’s information assets by upholding the highest standards of security, compliance, and ethical responsibility—ensuring the confidentiality, integrity, and availability of data in support of business objectives and stakeholder trust.

Key Responsibilities:

• Establish and Enforce Security Policies
• Develop, implement, and maintain security policies, standards, and procedures to protect information assets.
• Ensure alignment with regulatory requirements.
• Risk Management
• Identify, assess, and prioritize risks to the organization’s information systems.
• Recommend mitigation strategies and monitor risk reduction efforts.
• Security Awareness and Training
• Educate employees on cybersecurity best practices, phishing awareness, and secure data handling.
• Foster a culture of security mindfulness across departments.
• Incident Response
• Lead investigations into security incidents and coordinate response activities.
• Develop and regularly test incident response and disaster recovery plans.

Additional Job Duties:

• Develops and maintains the organization’s information security program to align with business goals and evolving threats.
• Conducts internal security audits and assessments to evaluate the effectiveness of controls and identify gaps.
• Provides input and documentation to support the organization’s cyber insurance policy and claims readiness.
• Creates and tracks cybersecurity metrics to report on risk posture and improvement areas to Manager.
• Reviews new systems and applications for security risks before deployment into the production environment.
• Collaborates on business continuity and disaster recovery planning to ensure security is integrated throughout.
• Implements and monitors data loss prevention (DLP) strategies to safeguard sensitive information.
• Ensures all systems and network devices follow secure configuration baselines and hardening standards.
• Reviews contracts for adequate cybersecurity clauses and data protection responsibilities.
• Monitors emerging threats and provides Manager with timely risk intelligence and mitigation recommendations.
• Participates in cybersecurity communities and industry groups to stay current and exchange best practices.
• Supports internal investigations by collecting and preserving digital evidence in accordance with legal standards.
• Other duties as assigned.

Skills, Qualifications and Requirements:

• 3–5+ years of experience in information security or IT with a focus on security.
• Experience developing policies, managing incidents, and working with compliance frameworks.
• Prior exposure to audit processes, risk assessments, and user awareness training.
• Certifications – CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CEH (Certified Ethical Hacker), Security+ (CompTIA Security+)
• Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or relevant experience
• Understanding security frameworks such as NIST, ISO 27001, CIS Controls, and CMMC.
• Excellent analytical and troubleshooting skills with a strong focus on results.
• Strong written and verbal communication skills.
• Excellent multi-tasker with a proven track record of successful time management.
• Strong personal organization skills.

Pay Range: $80,000 – $160,000. Pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience. The total compensation package for this position may also include other elements dependent on the position offered.

*A-C Electric Company is an Equal Opportunity Employer; women, veterans, and minorities are encouraged to apply.