Cyber Security Manager

Job Summary

The Manager of Cyber Security leads the development, implementation, and ongoing coordination of an enterprise-wide cyber security governance, risk & compliance management (GRC) program including cyber risk identification, analysis, and mitigation, tracking and reporting to executive management. Coordinates among all lines of business and service departments, as well as external risk organizations (including E-ISAC, and other cyber industry trade organizations) and peer energy companies, as the Client's senior leader responsible for Cyber GRC. This leader develops and maintains enterprise information and cyber security policies to ensure the Client's digital products and services have best in class cyber security, oversees vendor risks and influences user behavior to ensure that information, cyber assets, and industrial control systems are adequately protected.

This leader is responsible for defining and aligning security policies, strategy, standards and controls, risk management, 3rd party risk, assessments, baseline security controls, as well as technology compliance initiatives. The Cybersecurity leader engages across the enterprise and supports cyber innovation activities based upon emerging operating horizon needs. This individual is responsible for maintaining the client's NIST CSF program and oversees Information Security staff in the evaluation of risks and threats. This individual is responsible for the development, implementation, communication, operation, monitoring and maintenance of the security policies and procedures to promote secure and uninterrupted operation of all systems, application and infrastructure.

Additionally, this role is responsible for planning, executing, and closing specific cybersecurity projects for the client. This includes defining project scope, allocating resources, managing timelines, and coordinating efforts across the teams. This includes completing projects, controlling business processes, and ensuring effective capability maturation in support of the business. Determines the potential needs of Cyber including Delivery capacity planning, Day 2 strategy planning, and Dependency (Down & Cross-stream) planning. Responsible for managing all requests along the across the run, build, transform spectrum and tracking & forecasting OPEX, CAPEX including HW, SW, & licensing. Responsible for all regular and ad hock reporting and dashboarding.

Job Responsibilities

• Provide leadership and direction to a team responsible for information security policies and practices., Completes risk analysis & assessments, and maintain compliance to standards and regulatory requirements. Manage other matrix relationships both internal and external to Cyber (such as Business Continuity, IT Operations, and OT Operations) required to complete all assigned tasks.
• Establishes measurable individual and team objectives aligned with organizational and business goals. Recognize and reward associates commensurate with performance. Ensure that staff has the resources and skills needed to support all work initiatives.
• Ensure that the Client's Digital Services offered to external customers are secure and follow regulatory and best practice frameworks.
• Work with Functional Areas to implement practices that meet defined policies and standards for information security. Oversee all information and cyber security risk management activities and ensures effective coordination with corporate risk management.
• Establish information security baseline and advances information security maturity model; subject matter expert to executive management and external stakeholders on range of information security standards as influenced by federal and state regulatory agencies (e.g., NERC, NRC) and industry best practices (e.g. C2M2, NIST). Communicates and ensures information security programs, and other assigned frameworks are in compliance with regulatory applicable laws, policies, organizational security policies and standards. Lead efforts to establish and implement integrated cyber security and risk management solutions.
• Develop and manage a GRC capital and O&M budgets to meet business needs. Provide leadership in the identification of optimal O&M and capital allocations, inclusive of opportunities to reduce expenditures while transforming the way the Client conducts its business. Lead and/or participate in business case development.
• Aligns cyber strategies, services, investment decisions and delivery structures and processes with the strategic direction of the organization.
• Develop and monitor a strategic, comprehensive cyber security and risk management program (including strategy, policies, standards, processes, and guidelines) to ensure the integrity and confidentiality of information owned, controlled or processed by the organization.
• Coordinate information security and risk management projects with the Client's IT Application and Infrastructure delivery and operations groups as well as business unit teams; provide strategic and tactical security guidance for all IT projects, including the evaluation and recommendation of technical controls. Coordinate with the Client's Strategic Sourcing to ensure that information security requirements are incorporated into third party arrangements.
• Responsible for cyber program management including, delivery management, capacity management, demand management, cost management, and metrics & reporting.

Job Specific Qualifications

Required

• Bachelors degree and 10 years of relevant cyber security experience
• Over 10 years of information security management experience to include a combination of security application development and system security administration in large multi-platform environments (e.g. UNIX, Windows, Linux, and Industrial Control System)
• Over 5 years of experience in an Information Security leadership role managing teams of at least 5 FTEs
• Strong understanding of current cyber threats, regulatory frameworks (e.g. NERC CIP) and information security technologies
• Expert in interpreting and communicating technical information in business language and vice versa
• Can anticipate change and effectively and efficiently deploy resources
• Able to take innovative approaches to problem solving
• Thinks strategically with a focus on business value; able to develop strategies while incorporating a broad organizational perspective
• Makes decisions at the appropriate time, taking into account the needs of the situation, priorities, constraints and the availability of necessary information
• Identifies inspiring goals and objectives, then motivates and leads others towards them
• Experience with the implementation of NIST Cyber Security Framework (CSF), North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) or other comparable frameworks
• Track record of metric-based evaluation of cyber security posture and proven ability to balance risks and make sound decisions in emergency situations
• Strong process discipline in a continuous improvement environment. Experience managing cost center and departmental financial functions like budgets, etc.
• Demonstrated capabilities in leadership, innovation, problem solving, influencing, organizing and relationship building.
• Excellent verbal and written communication skills, persuasion, and the ability to communicate security and risk-related concepts to both technical and non-technical audiences at all levels, including the C-suite
• CISSP or equivalent security certification

Desired

• Experience in Electric or Gas Utility or Power Generation Sectors
• Experience designing security for commercial digital products used on a large customer basis
• Proven track record of developing cyber processes that improve effectiveness, efficiency and controls
• Experience in dealing with internal / external auditors and regulators