• Develop and implement a strategic, long-term information security strategy and roadmap to ensure American Tower’s information assets are adequately protected.
• Lead the information security function across the company to ensure consistent and high-quality information security management in support of the business goals.
• Provide regular reporting on the status of the information security program to senior business leaders and the board of directors as part of a strategic enterprise risk management program.
• Identify, evaluate, and report on information security risks in a manner that meets compliance and regulatory requirements and aligns with the risk posture of the enterprise.
• Develop and enhance an information security management framework, including with respect to AI tools governance, based on industry standards and best practices.
• Create and manage information security and risk management awareness training programs for all employees, contractors, and approved system users.
• Work with various stakeholders to ensure the company’s information security policies, standards, and procedures are up-to-date and enforced.
• Review and lead the enterprise-wide incident response program; investigate and manage security breaches, and collaborate with key stakeholders and external partners, as necessary.
• Collaborate with IT and business leaders to manage security vulnerabilities and ensure the security of the company’s information assets.
• Prepare materials and presentations for the board and reports for senior leaders, as necessary.

Required Qualifications

• Bachelor’s degree in computer science, Information Systems, or a related field
• Minimum of 15 years of experience in a combination of information security, and IT jobs.
• Detailed knowledge of common information security management frameworks, such as ISO/IEC 27001/2, NIST, and CIS.
• Understanding of security architecture design, network security, vulnerability management and risk analysis.
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security- and risk-related concepts to technical and nontechnical audiences.
• Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.
• Ability to develop and articulate a long-term vision for the company’s global information security strategy.
• Expertise in hiring and managing third party information security consultants.
• A deep understanding of evolving cybersecurity threats, events, and geographically specific challenges to evaluate potential impacts and prioritize strategic focus areas.
• Ability to collaborate, influence and build consensus across various geographies and business units.
• Strong organization, planning, and project management skills; ability to prioritize tasks for self and team to meet requirements and deadlines.
• Ability to work with different functional groups and levels of employees to effectively and professionally achieve results.
• Strong leadership skills: ability to drive and motivate teams to achieve results. A track record of recruiting, developing, and retaining top talent.
• Experience leading incident response efforts during information security breaches or incidents, preferably at publicly traded companies.

Preferred Qualifications

• Master’s degree and information security industry certifications (such as CISSP) preferred.

NA