Director of IT Security

.Director of IT Security page is loaded## Director of IT Securitylocations: Irvine, California, United States of Americatime type: Full timeposted on: Posted 3 Days Agojob requisition id: R **ETAP empowers customers to make informed decisions throughout the life cycle of their projects with innovative software solutions for electrical systems. By applying ETAP solutions, customers experience continuous intelligence during design and engineering and into operations and maintenance using a unified electrical digital twin platform. ETAP supports customers in their digital transformation and sustainable energy transitions for a green and smart future, helping them to prioritize safety, maximize reliability, and stay resilient.****Our employees' passion for excellence, innovation, and customer satisfaction is our most-prized resource. If you share that passion — and want to be part of a company that leads the energy transition towards a cleaner and more resilient world for future generations — we invite you to join us!****ETAP is committed to creating a diverse work environment and is proud to be an Equal Opportunity Employer.****Title: Director Of IT Security****Location: Irvine, CA****Job type: Full-time / Hybrid****Director of IT Security**Reports to the CIO. Works closely with leaders across IT, Engineering/R&D, QA/Quality, Legal, HR, Finance, and Operations.Collaborates with parent and sister company Security teams to align standards, share risk and incident intelligence, and coordinate audits and assurance activities while maintaining clear ownership and compliance boundariesBased in Irvine, CA. International and domestic travel required for audits, certifications, federal/customer compliance activities, and collaboration with global teams.**Position Summary**The Director of IT Security serves as the company’s security hub and “quarterback”—aligning IT, Engineering/R&D, Quality, Legal, and business leadership around a clear security strategy, and coordinates end-to-end delivery across teams that may not sit within a dedicated security organization.This role drives prioritization, establishes clear ownership, and coordinates end-to-end security operations, keeps execution moving (risk management, incidents, audits, vendor/security reviews, and training), and provides timely visibility to leadership on posture, gaps, and remediation progress.In addition, this position owns and coordinates security obligations tied to the National Security Agreement (NSA) and related federal/customer requirements, including audit readiness, documentation, and evidence management - ensuring the organization can demonstrate compliance while maintaining operational efficiency.Success depends on the ability to influence without authority, create clarity, and prioritize, partnering closely with Engineering/R&D, Quality, Legal, HR, Finance, Operations, and business leaders to embed security into day-to-day operations and product development.**Key Outcomes*** A practical security program that scales with clear priorities, minimal bureaucracy, and measurable risk reduction.* Audit- and customer-ready security posture (evidence organized, controls operating, owners assigned).* Cross-functional security ownership: security responsibilities embedded across IT, Engineering, and business teams rather than centralized in a large security staff.* Reliable incident response, monitoring, and reporting pathways that work with limited tools and people.* Sustained compliance with NSA obligations and related security plans (e.g., FOCI mitigation artifacts) with predictable cadence and governance.**Key Responsibilities****1) Security Leadership and Governance*** Establish and maintain the company’s security strategy, annual roadmap, and control framework aligned to business priorities and resource constraints.* Lead a lightweight security governance cadence (e.g., monthly risk review, quarterly executive updates) to drive decisions, remove blockers, and maintain accountability.* Define security standards, patterns, and guardrails that teams can follow without heavy security staffing.* Own security policies, exceptions, and compensating controls; ensure policies are practical, adopted, and periodically reviewed.**2) Risk Management*** Maintain an enterprise risk register, including IT, product/engineering, vendor, and compliance risks; drive mitigation plans with clear owners and deadlines.* Provide security architecture direction for cloud/services, endpoints, identity, networks, and corporate applications - focusing on standardization and simplification.* Partner with R&D to implement scalable controls (e.g., MFA, least privilege, secure configurations, patching SLAs, logging baselines).**3) Cross-Functional Partnership*** Collaborate with Engineering/R&D to implement secure development practices appropriate for the organization (secure SDLC expectations, code and dependency risk management, environment protections).* Partner with QA/Quality and Legal to maintain certifications, manage findings, and ensure contractual/regulatory obligations are met.* Partner with Legal on interpretation of regulatory, NSA, customer, and contractual security obligations, translating requirements into operational controls.* Influence leaders to build security responsibilities into roles, objectives, and operating routines.* Partner with parent company and sister company Security teams to align security strategy, standards, and risk posture; share risk and incident intelligence; coordinate on shared controls, incidents, audits, and assurance activities; and ensure efficient information sharing while respecting organizational boundaries, regulatory obligations, and data segregation requirements.**4) Compliance, Audit Readiness & Evidence Management*** Lead planning and coordination for internal, customer, third-party, parent-company, and government-related audits/reviews.* Support review and operationalization of customer and partner security obligations in coordination with Legal, ensuring commitments are implementable and evidence backed.* Maintain an evidence program: control narratives, procedures, test results, access reviews, training completion, incident records, and corrective actions.* Support ISO 27001 and other applicable certifications/attestations; ensure alignment and minimize duplicate work across frameworks.**5) National Security Agreement (NSA) & Federal/Controlled Data Responsibilities*** Serve as the primary Security authority accountable for defining sustainable security controls required by the NSA and government-approved security plans.* Protect classified, controlled unclassified information (CUI), export-controlled, and NSA-governed data through appropriate technical and procedural safeguards.* Maintain alignment with relevant frameworks and requirements (as applicable), such as NIST, ISO, and GDPR and related customer/government security expectations.* Support FOCI mitigation requirements by maintaining and operationalizing Technology Control Plans, Electronic Communications Plans, Access Control Plans, and related procedures.* Ensure monitoring, logging, and escalation processes meet NSA-driven requirements, including reporting timelines and documentation.**6) Incident Response, Monitoring & Business Continuity*** Own and run incident response planning and execution: triage, containment, investigation, eradication, recovery, and post-incident improvements.* Coordinate NSA/customer-required notifications and reporting when protected data or environments are implicated.* Ensure pragmatic monitoring and logging coverage with available tooling; define alert thresholds and an escalation model that works with limited staff.* Partner with business functions on business continuity and disaster recovery planning, tabletop exercises, and periodic restoration testing.**7) Third-Party/Vendor
#J-18808-Ljbffr