In March 2022, Crane announced that it will separate into two independent, publicly traded companies in early 2023. This role is part of Crane NXT, a premier Industrial Technology business with substantial global scale and presence that delivers automation, security and productivity solutions to customers in the payment and currency markets.

This Chief Information Security Officer opportunity is an incredible opportunity for a “C-Suite” executive to take a mature, turn-key cybersecurity program forward and ensure continued alignment with IT/OT transformation across our global businesses. This is an exciting position with a huge reach and strong leadership-backed ownership of the entire Global Security Program. You must enjoy and embrace leading and educating, and be comfortable making decisions in critical situations. This is a role for an “out-front” leader of others who loves “cyber”, understands business needs, and wants to differentiate and help the business succeed and thrive through the application of a balanced and effective security program.

Core Function : As Crane NXT’s Global CISO, you will have the primary responsibility for execution, strategy and vision for cyber security over Crane’s global businesses, with primary locations in the U.S., Mexico, UK, Germany, Sweden and Malta. In this important role, you will develop and advance the security program, and direct all functions and teams in support of ensuring current and future cyber risks are addressed appropriately. You will have ownership over all related security policies, processes and technologies and will work closely with other senior business leaders, to ensure security is aligned with business goals and objectives and to meet the needs of a global manufacturer. This role will lead and manage the work of a team of diverse and passionate infosec practitioners supporting:

• Security architecture & engineering
• SOC & incident response
• Assurance & vulnerability management
• Security education & insider threats
• Data protection and DLP
• Operational Technology protections

You must be driven, detail oriented, hands-on, supportive, decisive and proactive. You will be comfortable with risk and confident in your approach and abilities to align security goals with those of the broader organization. You live and breathe cyber, and have passion for doing what you do best to ensure the ongoing success of our businesses, for our customers and all of our associates. You will be leading a team of exceptionally talented associates and growing.

Responsibilities and Duties:

• Lead cyber security strategy, vision and develop roadmaps to address an ever-changing threat landscape.
• Regular and ongoing communications at the Executive, Senior Leadership, and Board levels.
• Define security requirements, align cyber security goals with business needs and objectives.
• Identify and execute delivery of security solutions in defense of systems, operations, and information.
• Mentor and lead a Global Security Team to progress skills and competencies, team development and talent management.
• Cyber risk management, risk assessments, and risk analysis including key partners, vendors and technology supply-chain.
• Effective cyber protections for a hybrid workforce, all company and cloud delivered technology environments, assets, systems and data.
• Application of Threat intelligence from various governmental and related industry and technology partnerships.
• Incident management, incident response and the ongoing and effective handling and remediation of security incidents.
• Cyber security architecture, engineering, tooling, solution delivery and ongoing administration of the global security stack.
• Insider threat program delivery and alignment with all applicable privacy and regulatory requirements.
• Ongoing and regular company-wide security awareness, education, and training.
• Protection and control of organizational information, data-loss prevention.
• Identity and access management aligned with zero-trust philosophy and principles.
• Vulnerability management and remediation or mitigation of vulnerabilities in IT and OT systems.
• Security testing and validation, penetration testing, breach response planning, and preparedness.
• Security of manufacturing operations, processes and equipment.
• Partnering with the CIO to assist in the evaluation, planning, execution of IT initiatives.
• Collaboration and alignment with cross-functional senior leaders in Legal, Audit, HR, Risk, Compliance and Insurance.
• Partnership with Business units to provide Governance and oversight of product security and secure product development.
• Develop, maintain and enhance related policies, documentation and procedures.
• Maintain and develop SLAs and monthly operational reporting and metrics on the effectiveness of the security program.
• Ensure security best practices are identified and integrated into all aspects of the business.
• Ensure appropriate governance is in place at all levels within the cyber-security program.
• Sustain key cyber partnerships with VARs, MSSPs, technical solution providers and law enforcement.
• Commitment to advancement of security processes through automation, modernization of IT, and ongoing education.
• Overall security budget, forecasting and planning.
• Compliance with all relevant regulatory requirements.

Qualifications and Competencies:

• Required: Graduate Degree in a related field and/or at least 15 years relevant professional experience.
• Required: At least 10 years in a senior leadership role (director or higher.)
• Required: Demonstrable expertise in related Cyber Security Frameworks such as NIST CSF & 800 series, ISO 2700X, CIS.
• Desired: Advanced professional security certifications such as: CISSP, CISM, GISP, GSTRT.
• Highly motivated, detail oriented, and a passion for all things cyber-security.
• Excellent Written and verbal communications with the ability and ease to breakdown complex and nuanced topics with simple and concise delivery.
• Action oriented with the ability to prioritize, schedule and track to deadlines.
• Ability to thrive and take command in high-pressure situations and high-stakes scenarios, being decisive and composed.
• Leadership and management discipline, high EQ, and commitment to high levels of team engagement.
• Passion for growing, mentoring, and developing a diverse team with varying backgrounds and skillsets.
• Project management & delivery, working to deadlines, holding self, team and others accountable.
• Have successfully led teams performing incident response and forensics in everyday and critical incident handling.
• Complete and thorough understanding of delivering and executing enterprise security operations at scale.
• Demonstrable deep-level knowledge of best-practice security architecture, supporting defense-in-depth and protecting legacy and modern technology and information in, multi-cloud, on-prem, and hybrid/remote environments.
• Network security, including control, monitoring, telemetry and instrumentation and analysis at scale.
• Application of best practice in identity protection and privileged access management.
• Prior experience in the application of threat-informed intelligence for defense and detection of adversarial activities.
• Complete understanding of SIEM practices and the collection, parsing, normalization and enrichment of data for security relevant requirements.
• Organizational protections and the application of common objectives facilitated through user activity monitoring.
• Ability to identify real business risk and drive maturity in vulnerability management through direct and indirect mitigations
• Strong understanding of enterprise IT systems and the application of IT towards business enablement.
• Solid foundation and well-rounded in all other cybersecurity areas including, asset and data protection, EDR, malware defenses, Appsec, dev/sec/ops, SASE, supply chain security, NAC and ZTNA, encryption, cloud security, read/purple teams/offensive security.
• Prior experience leading or delivering gap analysis, and security risk assessments.
• Familiarity with OT/ICS and cyber-physical threats and countermeasures.
• In-depth understanding of cyber security requirements to meet various compliance and audit requirements including ISO, NIST, SOX, GDPR, and related.
• Ability and desire to travel both domestically and internationally.

• Crane is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, disability, military status, or national origin or any other characteristic protected under applicable federal, state, or local law.

#LI-AH2

#LI-REMOTE