Senior Director​/Director Cybersecurity

Our present and future success depends on the creative and dedicated people of our company who demonstrate the principles outlined in the APS Promise:
Design for Tomorrow, Empower Each Other and Succeed Together.

Cybersecurity at APS is more than protecting systems. It's about protecting the people and communities who count on us to keep the lights on. We're looking for a senior cybersecurity leader to step into our CISO (Chief Information Security Officer) role and shape how we defend the company, our customers, and the operations behind one of Arizona's most essential services.

You'll set the long-term strategy for cybersecurity and compliance across APS, with accountability for the security of our IT and operational technology, the privacy of customer and employee information, and our standing under SOX, NERC CIP, Export Control, and related regulations. You'll be our company's primary cybersecurity advisor to senior leadership and the Board of Directors, translating risk into the business and financial terms that drive real decisions.

Day to day, you'll lead the enterprise cybersecurity program, security governance, incident response, and the work that keeps our compliance posture strong. You'll partner closely with business units and emergency management to support APS's resiliency goals, oversee internal audits, and represent APS in industry forums and with law enforcement and government partners. You'll also lead and develop the team that makes all this possible.

• A senior cybersecurity leader who has built and run enterprise programs, ideally in a regulated or critical infrastructure environment.
• Deep fluency in cyber risk across IT and OT, with real command of NERC CIP and SOX.
• Someone who can sit across from executives and a Board of Directors, discuss risk, and advise them as they make decisions.
• A track record in security governance, audit, and regulatory compliance.
• A steady, credible presence who earns trust inside the company, across the industry, and with the agencies we work alongside.

• BS in Computer Science, Business, or related degree or equivalent. MBA or Master's degree preferred.
• Comprehensive IT technical and managerial knowledge and perspective with a minimum of ten (10) years' experience in cybersecurity, enterprise architecture, IT audit, regulatory compliance, or business systems integration.
• Five (5) years in leadership position(s) in one or more of those roles.
• Significant knowledge of business processes, competitive trends, and developments in information security and regulatory compliance including risk assessments, data protection, and disaster recovery planning.
• Proven experience in creating and overseeing regulatory compliance programs.
• Significant knowledge of Information Systems technologies.
• Demonstrated effective oral, written and presentation communication skills; marketing and negotiation skills; and highest quality interpersonal and people management skills.
• In-depth knowledge of NERC CIP and SOX regulations. Must hold or be eligible for U.S. National Security Clearance at the Secret level. Desired certifications include CISSP, GIAC GCIH, GIAC GCIL, and/or CISM.

• Background in IT architecture, engineering, or platform delivery, with a solid understanding of how systems are designed, built, and run.
• Experience leading the implementation of security capabilities, not just setting policy, but delivering and operating solutions.
• Ability to collaborate with multiple IT and business teams to embed security into day-to-day IT operations and delivery (cloud, infrastructure, applications, Dev Ops) in a practical, low-friction way.
• Strong communicator who can translate technical risks into clear business terms and influence across all levels of the organization.
• Proven ability to drive change and adoption, bringing teams along and making security part of how work gets done.
• Pragmatic, risk-based mindset that balances protection with business needs and operational realities.