A position at White Cap isn’t your ordinary job. You’ll work in an exciting and diverse environment, meet interesting people, and have a variety of career opportunities.
The White Cap family is committed to Building Trust on Every Job. We do this by being deeply knowledgeable, fully capable, and always dependable, and our associates are the driving force behind this commitment.
Job Summary
Responsible for leading the development and execution of White Cap’s information security strategy. Ensure the protection of systems, data, and networks from cyber threats while maintaining compliance with regulatory, contractual, and industry standards. Collaborate with IT, senior leadership, and external stakeholders to manage security risk, govern security practices, and oversee incident response, monitoring, and security operations.
Major Tasks, Responsibilities and Key Accountabilities
Develops and executes an enterprise information security strategy aligned with business objectives.
Identifies emerging threats and leads strategic security enhancements.
Conducts and oversees risk assessments (third‑party, vulnerability, penetration testing, application).
Implements risk mitigation plans and maintains security policies, standards, and procedures.
Ensures compliance with industry frameworks and regulatory requirements.
Oversees security monitoring, detection, and automated response capabilities.
Manages core security technologies (firewalls, IDS/IPS, endpoint protection, etc.).
Leads incident response and recovery planning, testing, and execution.
Drives enterprise-wide security awareness and training programs.
Manages vendor relationships, contracts, and security solution procurement.
Leads, mentors, and develops the information security team.
Manages the information security budget and optimizes resource allocation.
Nature and Scope
Problems are typically defined by higher level leadership. Problems are difficult. Solutions require analysis and investigation.
Decides how to achieve planned results within an organization's plans, policies, and guidelines. May set or change plans/goals within respective department or area.
May manage department via multiple layers of managers OR directly supervise a staff of professional individual contributors at the senior or technical advisor level.
Work Environment
Located in a comfortable indoor area. Any unpleasant conditions would be infrequent and not objectionable.
Most of the time is spent sitting in a comfortable position and there is frequent opportunity to move about. On rare occasions there may be a need to move or lift light articles.
Typically requires overnight travel less than 10% of the time.
Education and Experience
Typically requires BS/BA in a related discipline. Generally 9+ years of experience in a related field, including several years in a management/supervisory capacity.
Preferred Qualifications
Deep understanding of information security principles, practices, and technologies.
Deep knowledge of, and implementation experience with GRC functions, including SOX Compliance, PCI DSS, IT Audits, Cyber Risk Management.
Deep knowledge of, and implementation experience with security frameworks such as NIST (CSF, SP 800-53, etc.), ISO/IEC 27001, PCI DSS.
Strong leadership skills with the ability to inspire and lead a high-performing information security teams, including MSSPs.
Experience in managing and influencing cross-functional teams and working collaboratively with senior executives.
Ability to develop and execute long-term information security strategies aligned with business objectives.
Excellent problem-solving skills with a proactive approach to addressing security challenges.
Bachelor's in information security, computer science, IT, or related field (Master’s/MBA preferred).
CISSP, CRISC or CISM preferred.
Proven experience leading and delivering information security programs and projects.
If you’re looking to play a role in building America, consider one of our open opportunities. We can’t wait to meet you.