Security Risk & Operational Resilience Lead

Responsibilities

• Governance, Risk & Compliance (GRC) Program
• Develop, implement, and continuously mature Construction Resources' enterprise GRC program, including risk management, control frameworks, compliance monitoring, and reporting.
• Maintain alignment with industry standards and regulatory requirements, including NIST CSF, ISO 27001, SOC 2, and PCI-DSS.
• Lead enterprise risk assessments and manage a central risk register, including prioritization, ownership assignment, and remediation tracking.
• Build and deliver security metrics, dashboards, and executive reporting to support informed decision-making at the leadership and Board level.
• Security Program Execution & Control Effectiveness
• Define and implement a control validation and assurance program to verify security controls are operating effectively across identity, endpoint, network, and data domains.
• Establish standardized methods for collecting control evidence, validation results, and remediation tracking, leveraging enterprise tools such as Jira Service Management (JSM).
• Partner with cybersecurity engineering and IT operations to ensure controls are embedded into operational workflows, not treated as standalone compliance activities.
• Drive measurable improvement in control effectiveness, coverage, and time-to-remediation metrics across the organization.
• Lead enterprise cybersecurity auditing activities across frameworks and control areas (e.g., PCI-DSS, identity/access, network, and data security), ensuring audit readiness, evidence validation, gap identification, and timely remediation.
• Security Policy & Standards Management
• Own the lifecycle of security policies, standards, and procedures, ensuring they are current, actionable, and aligned with business and regulatory requirements.
• Drive adoption and operationalization of policies across technology and business teams.
• Conduct periodic policy reviews, gap assessments, and effectiveness evaluations to ensure policies result in real-world security improvements.
• Incident Response Program & Readiness
• Own the Incident Response (IR) program framework, including governance, policies, and playbooks aligned to industry best practices.
• Define and maintain incident classification, escalation, and communication models integrated with enterprise operational systems.
• Serve as Incident Commander for high-severity events, coordinating cross-functional response efforts while partnering with engineering leads responsible for technical containment and recovery.
• Lead post-incident reviews, root cause analysis governance, and corrective action tracking to ensure continuous improvement.
• Conduct regular tabletop exercises with executives, technical teams, and business leaders to validate response readiness.
• Security Operations Integration
• Establish and maintain integration between security programs and operational systems, including ticketing, monitoring, and collaboration platforms.
• Define standardized security workflows for detection, escalation, and major incident handling, ensuring consistent routing, ownership, and visibility.
• Partner with cybersecurity engineering and IT operations to improve incident triage, escalation consistency, and response effectiveness across business units.
• Mergers & Acquisitions (M&A) Security Integration
• Lead cybersecurity due diligence for acquisitions, including risk assessments and evaluation of security posture.
• Define and execute standardized integration playbooks (Day 1, Day 30, Day 90) to onboard acquired entities into CR's security program.
• Track integration risks and remediation activities through formal governance and reporting structures.
• Prioritize integration of identity, endpoint protection, network segmentation, and compliance alignment.
• Cross-Functional Leadership & Collaboration
• Serve as a trusted advisor to senior leadership on security risk, compliance, and operational readiness.
• Build strong relationships with business units to embed security into operat

Additional Information

Security Risk & Operational Resilience Lead Role Overview The Security Risk & Operational Resilience Lead is responsible for designing, operationalizing, and continuously improving Construction Resources' enterprise security governance, risk, and incident readiness programs. This role serves as the program owner for GRC, incident readiness, and control effectiveness, ensuring that security policies, controls, and response processes are not only defined-but measurable, tested, and consistently executed across the organization. The position operates as a bridge between cybersecurity engineering, IT operations, and executive leadership, aligning stakeholders while maintaining clear separation from direct ownership of security tools or infrastructure. The ideal candidate is a strategic, hands-on leader who can translate security requirements into operational execution and measurable outcomes across a complex, growing enterprise.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at constructionresources? Share your experience