Description

Summit Utilities

Join our Growing Team and see why Summit Utilities, Inc was named as one of the Fastest Growing Denver Area Private Companies 2019 and 2020; Best Places to Work in Maine 2019, 2020, 2021, 2022 and 2023; and Best Places to Work in Arkansas 2020 and 2023, Oklahoma 2022 and 2023 and Missouri 2023. Summit was also recently named one of Forbes 2023 America's Best Small Employers. Summit is a growing natural gas utility providing safe, reliable and clean burning natural gas service to homes and businesses in Arkansas, Colorado, Maine, Missouri, Oklahoma, and Texas. Being part of the Summit team means embracing excellence and innovation, committing to safety each and every day, and doing all that we can to serve each other, our customers and the communities where we live. We aim to bring warmth and energy to everything we do. We have an exciting hybrid opportunity for a Director of Information Technology based in Fort Smith, Arkansas.POSITION SUMMARYThe Director of Information Security is a trusted senior leader responsible for protecting Summit's digital and physical information assets while upholding the highest standards of integrity, financial discipline, and organizational trust. This role oversees cybersecurity governance, risk management, and business continuity for enterprise systems — including modern threats emerging from AI technologies and data automation. The Director will develop and execute a forward-looking security strategy that supports Summit's operational excellence, compliance obligations, and AI-driven transformation initiatives. This includes defining governance frameworks, managing enterprise risk, ensuring prudent budget oversight, and cultivating a strong security culture across all levels of the organization.

This position requires a strategic thinker, a disciplined financial steward, and a leader of high character who models accountability, transparency, and ethical decision-making.

PRIMARY DUTIES AND RESPONSIBILITIESLead the design, implementation, and continuous improvement of Summit's enterprise information security program — covering cybersecurity, AI and data protection, risk management, and incident response.Ensure strong alignment between security strategy, business goals, and regulatory requirements, particularly in the context of emerging AI use cases, machine learning models, and data governance.Oversee the IT Business Continuity and Disaster Recovery (BCP/DR) programs, including Business Impact Analysis (BIA) and scenario-based recovery exercises.Develop and enforce comprehensive policies, standards, and procedures aligned with frameworks such as NIST CSF 2.0, C2M2, and ISO 27001.Partner with data, application, and operations leaders to ensure secure design, access control, and model integrity across AI and analytics systems.Direct risk assessments and audits to identify vulnerabilities, ensuring mitigation strategies are financially sound and proportionate to organizational risk appetite.Maintain strict adherence to financial controls — including vendor spend, contract review, and security-related procurement — demonstrating accountability for budget stewardship and cost transparency.Lead and mentor a high-performing information security team, fostering a culture of ethics, service, and continuous learning.Serve as the executive liaison for internal and external audits, compliance reviews, and regulatory reporting related to cybersecurity.Stay ahead of evolving threats, particularly those involving AI misuse, data poisoning, and adversarial attacks, and integrate defenses into enterprise security posture.Provide executive-level reporting on risk posture, incidents, and metrics that connect security outcomes to business and financial value. EDUCATION AND WORK EXPERIENCEBachelor's or Master's degree in information security, Computer Science, Information Technology, or a related field.10+ years of experience in information security, including at least 5 years in a senior leadership or management capacity.Advanced security certifications strongly preferred (CISSP, CISM, CISA, CRISC, CCISO, etc.).Demonstrated experience managing security for cloud and hybrid environments, and integrating controls for AI, analytics, and data platforms.Proven record of financial accountability, including budget ownership, cost optimization, and vendor governance.Experience implementing and auditing against leading security frameworks (NIST CSF, C2M2, ISO 27001, SOC 2) and regulatory standards (GDPR, HIPAA, PCI, etc.). KNOWLEDGE, SKILLS, ABILITIES Deep expertise in cybersecurity, risk management, and incident response, including threat intelligence, vulnerability management, and data protection.Strong knowledge of AI and data security principles, including model governance, data ethics, and emerging threats tied to generative AI.Uncompromising integrity and sound judgment in handling confidential and financial information.Strong grasp of financial concepts related to technology management: budgeting, forecasting, cost-benefit analysis, and vendor contract negotiation.Exceptional leadership and communication skills — able to translate complex security concepts into clear, actionable guidance for executives and teams.Ability to lead under pressure with discipline, humility, and transparency.Demonstrated track record of fostering a culture of trust, compliance, and ethical leadership.The above statements are intended to describe the general nature and level of work being performed by employees assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and/or skills required of all personnel so classified.Summit offers competitive pay and medical/dental/vision and other benefits that provide flexibility, choice and support to our employees when they need it most. We understand that home and family are essential pieces of your life, and our benefits are designed to support you both at work and at home. Summit Utilities, Inc. is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or protected veteran status and will not be discriminated against on the basis of disability or veteran status.

PI280522879