Head of Cybersecurity

McCarthy Holdings, Inc. (McCarthy), is the holding entity for McCarthy Building Companies, Inc., the oldest privately-held national construction company in America, and Castle Contracting. McCarthy provides the crucial business infrastructure for these entities and connects the day-to-day operations to ensure seamless operations across the business. Repeatedly honored as a great place to work and healthiest employer, McCarthy is a 100 percent employee-owned company.At McCarthy, we are committed to sustaining a culture that delivers great experiences for everyone. This begins with developing high-performing individuals and teams through our award-winning learning and development programs, best-in-class Total Rewards benefits, and our inclusive culture aligned with our core values: Genuine. We, Not I. All In.How do McCarthy partners define our culture? We Live Our Core Values: We do whatever it takes to deliver on our promises with honesty and integrity. We are Employee Owned: We are personally invested in building the things people need in our communities. We Feel Like a Family: We value genuine connections and help each other succeed in an inclusive environment. We are Builders: We respect the work we do and everyone who helps make it happen safely.We are seeking a forward-thinking Head of Information Security to build and lead a modern, business-aligned cybersecurity program. This leader will protect the enterprise while actively enabling innovation – serving as a trusted partner across the Digital Enterprise organization to ensure security is embedded in how we build, operate, and scale.This role goes beyond traditional security. The ideal candidate brings a progressive mindset with a strong point of view on AI, automation, and digital transformation both in securing the enterprise and enabling the safe adoption of emerging technologies across the business. This leader will carry enterprise-wide security authority, with a direct working relationship across all Digital Enterprise functions to ensure consistent security posture regardless of functional ownership.The role is intentionally scoped to flex based on experience and capability, with the opportunity to operate at a Director, Senior Director, or Vice President level – calibrated to the candidate's background, with compensation structured accordingly. The right candidate will bring both strategic vision and execution strength, with the potential to shape and scale the long-term security function for the enterprise.Digital Enterprise ContextThe Digital Enterprise organization encompasses five integrated functions. Understanding how security intersects with each is essential to success in this role.Products & Platforms: Owns the products and platforms that enable the business, ensuring they evolve to deliver measurable value. This includes enterprise platforms including Glean (AI-powered knowledge and search) and agentic AI capabilities. This team presents the highest density of emerging AI risk and will be one of this leader's most active security partnerships.Engineering & Intelligence: Full-stack architecture and build, AI engineering, and data intelligence. Security-by-design must be embedded at the engineering layer, making this a critical partnership for secure development lifecycle and AI model governance.Infrastructure: Network, cloud operations, and end-user computing. The operational foundation of the enterprise security posture; this team has the most direct day-to-day intersection with security execution and resilience.Technology Support Services: IT support and service delivery functions across the enterprise.Strategic Initiatives: Cross-functional digital programs focused on modernizing core systems and accelerating our digital and AI capabilities. These initiatives require close security partnerships to align on full-stack development and AI governance. Key Responsibilities Security Strategy & Business EnablementDefine and execute an enterprise security strategy aligned to business growth, digital transformation, and risk tolerance.Partner across all Digital Enterprise functions with depth in Products & Platforms, Engineering & Intelligence, and Infrastructure to embed security-by-design into products, platforms, and operations.Translate security risks into clear business decisions and priorities for executive leadership.Champion enterprise-wide security awareness, communication, and change management as core components of the security strategy recognizing that building security fluency across the workforce is as critical as any technical control. AI & Emerging Technology SecurityLead the secure adoption of AI, automation, and emerging technologies including agentic AI systems, large language models, and enterprise AI platforms such as Glean and Palantir Foundry.Evolve existing governance, risk frameworks, and guardrails for responsible AI use across the enterprise.Leverage AI-enabled security capabilities to modernize detection, response, and risk management. Risk, Governance & ComplianceOwn the enterprise security risk management program, including risk identification, prioritization, and mitigation aligned to business context.Establish and maintain policies, standards, and governance aligned with leading frameworks, keeping accountability at the right level without over-escalating routine decisions.Partner with Legal, Risk, and Audit to ensure compliance and effective control environments. Security Operations & ResilienceOversee security operations, including monitoring, incident response, and recovery readiness.Ensure strong incident response capabilities with tested playbooks and cross-functional coordination across Digital Enterprise teams.Define and track metrics that reflect real security posture improvement, not just compliance activity. Identity, Data & Ecosystem SecuritySet strategy for identity, access, and data protection including secure use of enterprise and AI-driven data environments.Lead third-party and vendor security risk management across the ecosystem, including cloud providers, SaaS platforms, and AI technology partners.Ensure secure architecture across cloud, platforms, and integrations in partnership with Infrastructure and Engineering & Intelligence. Leadership, Culture & Program ExecutionBuild and lead a high-performing, future-ready security team that reflects the pace and ambition of the broader Digital Enterprise.Foster a strong security culture through awareness, training, and genuine business engagement.Manage budget, vendors, and KPIs to drive measurable risk reduction and program maturity.QualificationsBachelor's degree in Information Security, Computer Science, Information Systems, or equivalent experience.10+ years of progressive cybersecurity experience with demonstrated leadership progression.Proven ability to lead teams and enterprise-wide security initiatives in complex, matrixed environments.Strong communication skills, including experience presenting security posture, risk, and investment needs to executive leadership in plain business terms.Experience aligning to leading security frameworks (e.g., NIST, CMMC).Experience securing cloud and hybrid environments in close partnership with infrastructure teams.Preferred ExperienceExperience securing AI/ML, data platforms, or advanced analytics environments including agentic AI systems.Familiarity with AI-enabled security tools and automation strategies.CISSP, CISM, or equivalent certification.Leadership ProfileStrategic thinker who can translate vision into execution and measurable outcomes.Strong communicator who simplifies complex technical risk into business terms.Collaborative partner who builds genuine alignment across Digital Enterprise functions, operating with influence rather than authority where needed.Progressive mindset with curiosity and enthusiasm for AI, automation, and innovation. This leader should be excited by what the Digital Enterprise is building, not threatened by it.Values-driven leader who develops people, fosters accountability, and builds trust across the organization.McCarthy is proud to be an equal opportunity and affirmative action employer regardless of race, color, gender, age, sexual orientation, gender identity, religious beliefs, marital status, genetic information, national origin, disability, or protected veteran status.NOTICE TO EXTERNAL SEARCH FIRMS: McCarthy’s Talent Acquisition Team is the only authorized representative permitted to engage with external search firms, staffing agencies, or other third-party recruiting partners. McCarthy maintains an Approved Agency List for recruiting partners, which is reviewed and updated annually.McCarthy will only consider submissions from agencies with a signed fee agreement in place for the current year. McCarthy does not accept unsolicited resumes, candidate submissions, or referrals from agencies that do not meet these requirements.If a candidate is submitted without an active agreement, McCarthy will have no obligation to pay any fees and reserves the right to contact, engage, interview, or hire such candidate(s) without any financial or other responsibility to the submitting agency. Unsolicited resumes, including those sent directly to hiring managers or other employees, will be considered the property of McCarthy.