Senior Director of Information Security

Job Title: Senior Director of Information Security

Company: Loenbro, LLC
Business Unit/Department: Information Technology                   
Location: Westminster/Centennial, CO / Dallas, TX / Gilbert, AZ
Reports to:  CIO
Employment Type: Full-Time
FLSA Classification: Exempt

About Loenbro

Loenbro is a trusted, long-term construction lifecycle partner to thousands of customers across the U.S. Our market spans all industries and our service offerings include Critical Electrical, Mechanical & Structural, Soft Crafts, Inspection, Underground Maintenance and Installation, and Fabrication. Our expertise lies in simplifying the complex and establishing long-standing relationships with our partners. We have a national presence but a local approach—every customer benefits from our capabilities and our care.

At Loenbro, we don’t just offer jobs—we build careers grounded in integrity, teamwork, excellence, and purpose. Join a team where your expertise is valued, your growth is supported, and your work helps maintain and enhance the critical infrastructure that powers communities across the nation.

Job Summary
The Senior Director of Information Security will build and lead the enterprise cybersecurity and information risk program for a rapidly scaling construction and engineering organization operating across distributed jobsites, cloud platforms, ERP ecosystems, BIM environments, AI-enabled workflows, and acquisition-driven expansion.

This role is structured as a CISO-in-development position. The selected leader will establish a scalable, defensible, audit-ready security program that enables growth, strengthens operational resilience, and supports compliance objectives, while developing into the future Chief Information Security Officer.

Essential Job Responsibilities

Core Objectives

GOVERNANCE AND RISK MANAGEMENT

• Maintain enterprise cyber risk register with measurable scoring
• Align controls to NIST CSF, NIST SP 800-171, and regulatory requirements
• Lead policy, standards, and control documentation development
• Partner with Legal and Finance on cyber insurance and risk disclosures

SECURITY OPERATIONS AND ARCHITECTURE

• Oversee 24 hour monitoring strategy through internal capabilities or managed detection and response
• Establish centralized logging and SIEM capabilities
• Lead enterprise vulnerability management with defined remediation service level agreements
• Oversee endpoint detection and response strategy
• Implement Zero Trust principles across identity, endpoint, and network
• Ensure secure and immutable backup and recovery capabilities

COMPLIANCE PROGRAMS

• Lead CMMC 2.0 Level 2 control implementation and certification readiness
• Oversee System Security Plan and POA and M lifecycle management
• Lead SOC 2 Type II readiness and coordinate external audit examination

MERGERS AND ACQUISITIONS

• Conduct cybersecurity due diligence for acquisitions
• Assess inherited risk and integration complexity
• Standardize identity, endpoint, logging, and governance controls across subsidiaries

CLOUD, IDENTITY, OPERATIONAL TECHNOLOGY AND AI GOVERNANCE

• Secure Microsoft 365, ERP, BIM, and project management platforms
• Implement segmentation and control standards for distributed jobsites
• Assess and mitigate risk in operational technology environments
• Develop enterprise AI governance and data protection framework
• Protect Controlled Unclassified Information where applicable

INCIDENT RESPONSE AND RESILIENCE

• Maintain incident response program aligned to NIST 800-61
• Conduct executive ransomware simulations annually
• Align disaster recovery and business continuity with enterprise risk posture

Minimum Qualifications

Required:

• 10 or more years progressive cybersecurity experience
• 5 or more years leading security teams
• Experience implementing NIST SP 800-171 controls
• Experience leading CMMC 2.0 and SOC 2 Type II programs
• Experience in distributed multi-site environments
• Experience supporting federal or defense-related contracts preferred
• Experience in acquisition-driven growth environments preferred
• CISSP or equivalent certification preferred

Leadership Profile:

• Builder mindset capable of scaling programs from developing to mature
• Strong executive communication skills that translate technical risk into business impact
• Cross-functional influence across IT, Finance, Legal, and Operations
• Comfortable operating in high-growth acquisition-driven environments
• Demonstrated ability to establish structure and discipline without slowing innovation

Physical Demands and Work Environment

The physical demands and work environment described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions.

Work Environment:

• Office Environment
• Being able to sit and/or stand for 8+ hours
• Controlled climate

This role requires compliance with all applicable safety regulations, personal protective equipment (PPE) requirements, and Loenbro's Environmental Health and Safety (EH&S) policies.

Benefits

Loenbro offers a competitive salary, comprehensive benefits package, and rewards to those who join our team:

• Medical, dental, and vision insurance
• 401(k) retirement plan with company match
• Paid time off (PTO) and holiday pay
• Life and disability insurance
• Professional development and training opportunities
• Employee assistance program (EAP)

Benefits eligibility may vary based on employment classification and hours worked.

Guided by Core Values (LEAD), grounded in grit and a commitment to excellence, Loenbro betters our families, customers, and local communities.  If you’re ready to be part of a company that LEADS by:

• Living with Integrity
• Exceeding Expectations
• Acting with Urgency
• Delivering Excellence

…we want to hear from you.

Loenbro is an Equal Opportunity Employer