Come Join Us!

From apartments in New York to hospitals and stadiums in Dallas, libraries at prestigious universities to creating modern retail experiences, our teams contribute architectural glass and building products to projects that shape the way people live, work, heal, learn, and play. At OBE, the work of our employees truly matters. With over 6,500 employees, we operate more than 80 manufacturing and distribution facilities in five countries. You can see some of our favorite projects here.

Start your journey with OBE and help us build the future.

What You’ll Get to Do

The Director, Cyber Security is responsible for the strategy, development, implementation, governance, and continuous improvement of an organizational-wide information and cyber security program which enables a secure, reliable, stable, and scalable global infrastructure in compliance with the Company and industry’s security policies, procedures, practices, and standards.

The position advises, directs, manages, collaborates, and partners with internal-external technical staff, cross-functional business leadership, and represents the Company in external councils and audits as needed. This role reports directly to the Global CIO, and will be responsible for mature leadership, building and establishing a fit-for-purpose structure between the info sec and infrastructure orgs, leading incident responses, capital resource allocations and prioritizations, annual budgets, program deliverables, & developing and adhering to policies and procedures. In addition, the position is expected to provide updates and share key metrics with executive leadership and audit committees as needed. Additional responsibilities include:

Strategy, Governance, and Awareness

• Understands and adheres to NIST, ISO, GDPR, and Data privacy policies and standards.
• Implements security remediations and improvements partnering with key 3rd party security partners and ensures there are no repeat security related findings from internal and external audits.

• Chooses appropriate content for Security Awareness training programs with key partners to ensure that the program remains an engaging, relevant, and positive training solution inspiring and motivating employees to keep security at the forefront.
• Researches the most relevant and recent content and publishes monthly Cyber Security newsletters, imparts training to parties/team members with high exposure, and conducts annual/bi-annual Cyber Security awareness programs. 

Security Architecture & Operations

• Works with other team members to ensure data center operations are world-class and conform to a secure, stable, reliable, and scalable infrastructure for the Company.
• Advocates for, plans, purchases, implements, manages, maintains, and reviews security hardware and software, and ensuring IT and network infrastructure is designed according to information security best practices.

• Ensures robust configuration and maintenance with firewalls, patch management, and event management. 

Threats, Vulnerability, and Crisis Management:

• Works with team members to build world-class threat detection use cases and incident validations, and provides real-time analysis of immediate threats, and triage in the event of breaches.

• Builds world-class capabilities for a robust global incident response plan using state-of-the-art EDR and MDR and collaborates with internal and external team members for 24*7 monitoring, analysis, and alerting.
• Takes the lead on deploying solid remediation actions with internal and external team members.
• Ensures information security program features are regularly assessed throughout the year (i.e., pen-testing, phishing tests, advanced email security, etc.).
• Performs activities and reviews projects/programs which minimize the risk of data loss or breaches (i.e., user access reviews, security patch management, SSO, etc.).
• Remains current on developments in the cyber-security industry including security alerts, bugs, zero-day issues, vulnerabilities, viruses, and malware, providing evaluations and recommendations depending on their potential impact to the Company. 

Identity and Access Management:

• Ensure administrators and other privileged users have only the permissions they need at any given time.
• Monitors the activity of administrators and privileged users.
• Ensures access to restricted data and systems is only available to designated or authorized employees. 

Thought Leadership & Management

• Demonstrates a level of maturity in overall leadership, risk management and stays ahead of the curve as it relates to relevant technologies and processes that add value and protect the enterprise.
• Advises management of potential security risks associated with acquisitions or other major projects/programs.
• Develops incident reports and articulates actions effectively.
• Provides monthly cyber and information security metrics report-outs to senior management.

• Manages the information security program to analyze cyber-security information and utilize said information to enhance the overall security posture of the enterprise.

 

What We Are Looking For

• Minimum of 10 years information security & Infrastructure management experience.
• CISSP, CISM, CCSP, or SSCP certification.
• Bachelor’s degree in Computer Science or similar.
• Experienced with incident responses and collaborating with multiple constituents – forensics, legal, infrastructure, executive leadership, FBI, etc.
• Demonstrate knowledge of IS areas, such as authentication, encryption, logging, monitoring, vulnerability management and assessment.
• Demonstrated ability to integrate business needs and exceptional customer service with that of maintaining a strong security framework.
• Experience with direct knowledge surrounding enterprise security technologies such SIEM, SSO, Privileged Access Management systems, Next-gen firewalls, VPN, IPS/IDS, content filters, Endpoint Security systems, AV, and similar.
• Formal certification in Information Security Management preferred (CISSP or equivalent).
• 5+ years technical management in skills including Vendor Management, Information Security, IS Program Management, and/or Security Vendor Management.
• Experience with managing small, focused teams (outsourced and/or off-shore).
• Advanced hands-on knowledge of information security principles and practices, including any of the following: NIST CSF, security risk assessment standards, risk assessment methodologies, and vulnerability assessments.
• High level of knowledge configuring & troubleshooting Microsoft Windows and other Microsoft technologies, Linux, Network, and Cloud security.
• Excellent oral and written communication skills; ability to interact with internal and external stakeholders.
• Must demonstrate strong analytical, reasoning, and critical thinking skills.
• Ability to carry a mobile device and provide off-hour support as required.
• Ability to travel across all Company sites, domestically as well as international.

What OBE Offers You

• Benefits that benefit you – industry competitive benefits at the lowest cost to the employee
• Work-life balance – PTO and holidays, including floating holidays you can choose
• Compensation that rewards your hard work – A pay-for-performance culture with potential for annual raises and bonuses
• Training – We will equip you with the knowledge and skills you need to succeed

OBE Privacy Policy

OBE will not discharge or discriminate against employees or applicants for discussing, disclosing, or inquiring about their own or others' pay.