Sr Dir - Cybersecurity
Indexed description
Position Overview
This is a high-impact opportunity to help protect the technologies and people behind Oshkosh Corporation's mission — delivering innovative, purpose-built vehicles and equipment that empower everyday heroes around the world. From soldiers and firefighters to refuse collectors and construction workers, the work Oshkosh does matters. As Senior Director, Cybersecurity, you will translate enterprise-wide cybersecurity strategy into an integrated operating plan spanning multiple domains while advancing a modern and comprehensive information security program across Oshkosh’s global footprint.
You will serve as the CISO's primary operational deputy and a key member of the Cybersecurity leadership team, with broad accountability for protecting Oshkosh's digital environment. This role demands a leader who can operate at both the strategic and executive levels, translating enterprise risk into clear business decisions, and building a world-class cybersecurity organization capable of supporting Oshkosh's continued growth and innovation.
Essential Duties And Responsibilities
These duties are not meant to be all-inclusive and other duties may be assigned.
Strategy & Program Leadership
- Lead cross-domain execution of the enterprise cybersecurity strategy established by the CISO, translating it into a 3-5 year operating roadmap that aligns security investments and priorities with enterprise risk, business objectives, and the evolving threat landscape.
- Serve as the CISO's primary operational deputy, supporting executive, regulatory, audit committee, customer, and operational engagements as delegated by the CISO.
- Partner with the CISO, CIO, and senior business leaders to integrate cybersecurity strategy with corporate digital transformation initiatives, M&A activity, and global expansion priorities.
- Define and oversee cybersecurity governance structures, policies, standards, and control frameworks that enable business growth while maintaining enterprise resilience.
- Manage cybersecurity budgets, forecasts, vendor relationships, and strategic technology investment planning to optimize value and reduce enterprise risk.
- Coordinate three core cybersecurity domains through subordinate leaders: (1) Cybersecurity Architecture — accountable for enterprise security architecture, secure-by-design principles, and OT/ICS security; (2) Cybersecurity Engineering — responsible for the build, deployment, and operation of security controls and tools across all environments; and (3) Cyber Defense — encompassing threat intelligence, security monitoring, incident response, and forensic investigation across Oshkosh’s global operations.
- Drive modernization of security capabilities across cloud, identity, endpoint, network, infrastructure, OT, and manufacturing environments, with measurable improvement in the enterprise risk posture.
- Oversee security monitoring, threat detection, incident response, vulnerability management, and threat intelligence programs, ensuring rapid response and clear executive communication during significant security events.
- Lead cyber investigations, crisis response, and incident recovery efforts, providing decisive direction and timely communication to executive leadership, and supporting Board-level communication as delegated by the CISO.
- Establish cybersecurity KPIs, KRIs, dashboards, and reporting for executive leadership and the Audit Committee of the Board of Directors, demonstrating program maturity and risk posture over time.
- Direct security audits, risk assessments, regulatory compliance activities, and contractual security requirement analyses across all business units and geographies.
- Oversee third-party and supply chain cybersecurity risk programs, ensuring that partners, managed service providers, and strategic vendors meet Oshkosh security standards.
- Lead cybersecurity alignment with applicable frameworks and regulatory expectations, including NIST CSF, CMMC, and applicable defense/government contracting requirements.
- Drive enterprise security transformation by championing a security-first culture, advocating for risk-informed decision-making, and partnering with IT, Legal, HR, Engineering, Finance, and Compliance leaders.
- Lead cybersecurity integration for new business activities, acquisitions, divestitures, and new product development, proactively identifying and mitigating emerging risks before they materialize.
- Influence executive and business leadership to adopt security-enabling strategies, translating complex risk tradeoffs into clear business language and actionable recommendations.
- Identify opportunities to reduce risk, improve efficiency, optimize costs, and increase business value through security program innovation.
- Lead, mentor, and develop a high-performing team of cybersecurity managers and senior professionals, building organizational depth, succession readiness, and a culture of accountability and continuous improvement.
- Set team vision and direction, define performance expectations, and champion talent development programs that attract and retain top cybersecurity talent across multiple specialized domains.
- Bachelor's degree in Information Systems, Computer Science, Engineering, or related field.
- 12 or more years of progressive Information Security/Cybersecurity experience.
- 7 or more years of cybersecurity leadership experience managing programs, teams, and strategic initiatives.
- Demonstrated experience presenting cybersecurity strategy, risk, and program maturity to senior executive leadership.
- Ability to travel up to 15% of time, including international travel.
- Graduate degree in Information Systems, Cybersecurity, Business Administration, or equivalent.
- CISSP strongly preferred; CISM, CRISC, CCSP, GIAC, or equivalent certifications preferred.
- Experience in defense, government contracting, manufacturing, or other regulated industries with CMMC, ITAR, or similar requirements.
- Active U.S. Government Secret level clearance (or ability to obtain).
- Strong knowledge of cybersecurity operations, incident response, vulnerability management, cloud security, identity, OT/ICS security, security architecture, and enterprise risk management.
- Demonstrated ability to build and sustain relationships with C-suite executives, board members, regulators, and key external partners.
- Proficiency in cybersecurity risk quantification, business impact analysis, and communicating risk in financial terms to non-technical audiences.
- Experience managing multi-million dollar cybersecurity budgets, vendor negotiations, and technology investment planning.
The above pay range reflects the minimum and maximum target pay for the position across all U.S. locations. Within this range, individual pay is determined by various factors, including the scope and responsibilities of the role, the candidate's experience, education and skills, as well as the equity of pay among team members in similar positions. Beyond offering a competitive total rewards package, we prioritize a people-first culture and offer various opportunities to support team member growth and success.
Oshkosh is committed to working with and offering reasonable accommodation to job applicants with disabilities. If you need assistance or an accommodation due to disability for any part of the employment process, please contact us at [email protected].
Oshkosh Corporation is a merit-based Equal Opportunity Employer. Job opportunities are open for application to all qualified individuals and selection decisions are made without regard to race, color, religion, sex, national origin, age, disability, veteran status, or other protected characteristic. To the extent that information is provided or collected regarding categories as provided by law it will in no way affect the decision regarding an employment application.
Oshkosh Corporation will not discharge or in any manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with Oshkosh Corporation's legal duty to furnish information.
Certain positions with Oshkosh Corporation require access to controlled goods and technologies subject to the International Traffic in Arms Regulations or the Export Administration Regulations. Applicants for these positions may need to be "U.S. Persons," as defined in these regulations. Generally, a "U.S. Person" is a U.S. citizen, lawful permanent resident, or an individual who has been admitted as a refugee or granted asylum.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search