Director of Enterprise Cybersecurity

5/21/26


Job Posting Location:
Chicago, Illinois, United States, 60607


Franklin Park, Illinois, United States, 60131


Req ID: 11943


JOIN AN INDUSTRY LEADER! Quality First & Green Always


Sloan is the world's leading manufacturer of commercial plumbing systems and has been in operation since 1906. We are at the forefront of the green building movement and provide sustainable restroom solutions. We manufacture water- efficient products including flush valves, electronic faucets, soap dispensing and sink systems along with vitreous china fixtures for commercial, industrial and institutional markets worldwide.

Job Purpose
The Director of Enterprise Cybersecurity is responsible for the strategy, governance, and risk management of Sloan's cybersecurity program. The role sets the multi-year security roadmap, defines control frameworks, and establishes the governance structures that guide how cybersecurity risk is identified, measured, and treated across the enterprise.Reporting to the Chief Information Officer, the Director serves as the primary representative of the cybersecurity program to executive leadership and the broader organization. This role translates technical risk into business terms, delivers regular reporting on program maturity and risk posture, and informs executive decision-making on security investments, incidents, and strategic direction.The Director leads a team consisting of the Manager of Enterprise Cybersecurity, a Security Analyst, and oversight of Sloan's Managed Security Service Provider (MSSP). The Manager owns day-to-day operations while the Director retains accountability for strategy, governance, compliance posture, and budget.The role is responsible for protecting Sloan's IT and OT environments across a global manufacturing footprint. This includes balancing risk reduction with operational uptime, evaluating emerging threats, and building the security program required to support Sloan's growth and technology modernization agenda.

Job Responsibilities and Duties
• Security Strategy and Roadmap: Develop and maintain the multi-year enterprise cybersecurity strategy and roadmap aligned to business objectives, threat landscape, and Sloan's technology direction. Translate strategy into funded, sequenced programs with measurable outcomes.
• Security Metrics and KPI Program: Establish and maintain a formal cybersecurity KPI and metrics program. Report program performance, risk posture, and maturity to the CIO and the Enterprise Risk Management Committee on a regular cadence.
• Enterprise Risk and Governance: Own the enterprise cybersecurity risk management program. Define risk appetite with executive leadership, maintain the enterprise risk register, and drive risk treatment decisions. Report risk posture and program maturity to the CIO and executive leadership on a regular cadence.
• Security Steering Committee Representation: Represent cybersecurity on the Sloan Enterprise Risk Management (ERM) Committee. Establish and lead other internal IT cybersecurity committees at the Director's discretion.
• Compliance and Regulatory Programs: Lead compliance programs for applicable frameworks and regulations including NIST CSF, CIS Controls, PCI-DSS, and data privacy requirements across global jurisdictions. Own audit readiness, evidence management, and regulator or customer response.
• Budget and Vendor Ownership: Own the cybersecurity budget including capital and operating plans. Lead vendor selection, contract negotiation, and performance management for security technology partners and the MSSP. Optimize spend against risk reduction and control coverage. Maintain governance and oversight of the MSSP relationship.
• IT and OT Security. Extend the security program to cover manufacturing operational technology (OT) and industrial control systems (ICS) at Sloan production sites. Partner with engineering and operations to apply appropriate controls for converged IT and OT environments without disrupting production.
• Incident Response and Resilience. Establish and govern the enterprise incident response and cyber resilience program. Lead executive response during material incidents, conduct tabletop exercises, and provide security input and consulting on enterprise business continuity and disaster recovery planning owned by other IT functions.
• Security Architecture Oversight. Set architectural standards for identity, network segmentation, cloud, endpoint, email, and data protection. Govern security configuration baselines, patching cadence, and exception management. Review major IT and business technology initiatives for security alignment.
• Data Protection Program. Own the enterprise data protection program including data loss prevention, classification, encryption, and retention controls. Set standards
• AI and Machine Learning Governance. Serve as an active stakeholder in enterprise AI and machine learning governance from a security perspective. Offer guidance and consult on acceptable use policies for AI tools, and lead security review of enterprise AI initiatives.
• Independent Testing and Validation. Own the cybersecurity testing program including penetration testing and red team engagements. Use results to drive remediation priorities and program improvement.
• Vulnerability Management and Asset Inventory. Govern the cybersecurity vulnerability management program including standards, prioritization, and oversight while the Manager owns execution and remediation activities. Serve as a stakeholder in enterprise asset inventory and visibility, with ownership held by other IT functions.
• Threat Intelligence Program. Define and oversee the enterprise threat intelligence program including feed selection, source management, and integration with detection and response capabilities.
• Automation and Orchestration. Drive process improvement through automation and security orchestration scoped to the cybersecurity tower. Identify opportunities to reduce manual effort and improve consistency across security operations.
• Third Party Risk. Own the third party cybersecurity risk program covering SaaS, IaaS, managed service, and supplier relationships. Establish assessment standards, review SOC reports, and embed security requirements into procurement and contracting.
• Team Leadership and Development. Lead, coach, and develop the cybersecurity team. Define roles, performance expectations, and career paths. Build a culture of accountability, follow through, and continuous improvement. Partner with HR on talent planning.
• Security Awareness and Culture. Own the enterprise security awareness and training program. Drive behavior change across the workforce, tailor communications to role-based risk, and measure program effectiveness. Serve as the cybersecurity ambassador to the enterprise from an educational program perspective.
• Other duties and responsibilities as required.

Required Qualifications
• Bachelor's Degree in Bachelor's degree in Information Technology, Computer Science, Cybersecurity, Engineering, or a related field, or equivalent professional experience.
• 3+ Years Experience presenting cybersecurity risk, strategy, and program status to executive leadership.
• 3+ Years Proven experience leading enterprise risk management, compliance, and governance programs in a corporate environment.
• 5+ Years Demonstrated progression of cybersecurity leadership experience with clear ownership of enterprise-scale security programs. Competency and track record weighted over years in role.
• 8+ Years Overall IT experience
• Familiarity with control and regulatory frameworks including NIST CSF, CIS, PCI-DSS, and global data privacy requirements.
• Hands-on experience owning security budgets, negotiating with technology vendors, and managing MSSP or outsourced security operations.
• Working knowledge of security across cloud, endpoint, network, identity, and data domains, with the ability to lead technical teams without being the hands-on engineer.

Preferred Qualifications
• CISSP
• CISM
• CRISC
• CISA
• Experience leading cybersecurity through acquisitions, divestitures, or major digital transformation programs.
• Experience securing manufacturing environments including OT and ICS systems.
• Prior experience in a manufacturing or industrial enterprise with both corporate IT and plant-level OT responsibilities.
• Track record building security programs that align to business value and enable, rather than block, technology adoption including cloud, AI, and modern work tooling.