Reporting to the Chief Information Officer, will lead the Cyber Security Manager will lead the Cyber Security Program for the U.S. business, develop and coordinate execution of cyber security strategies for all assets. The Cyber Security Manager will manage the program and proactively strategize, implement and protect against cyber security risk.

Responsibilities

• Provide compliance oversight, guidance, and direction necessary to maintain ongoing compliance with NERC CIP cyber security for the protection of Generation assets to maintain reliable operation of the Bulk Electric System.
• Develop cyber security program that has visibility beyond stops at the asset router and firewall. Manage the elevated risk from state actors, cyber security programs needs to expanded down to our asset level to secure our assets.
• Support the increase mandate new tools and capabilities is needed to improve our ability to perform risk assessment, monitor our assets and support asset management on a broader scale.
• Identify fundamental gaps like a standard incident response plan, risk assessment strategy and common reporting framework to track how well we are managing our cyber security risks.
• Support the Operations team to manage cyber security vendors support the program and service
• Apply IT technical and NERC CIP compliance expertise in problem-solving to propose recommendations and alternative solutions that support compliance.
• Document progress on all compliance related activities while assisting in the development and maintenance of documentation for the Generation NERC CIP related policies, processes, and procedures.
• Work with Generation personnel to apply processes, procedures, and technology to ensure compliance.

Requirements

• Advanced degree in Information Technology
• 5-10 years of experience managing cyber security efforts for an organization
• Understand of cyber security standards like NIST, ideally exposure to NERC CIP
• Experience working with cyber security technologies like Firewalls, SIEM and other platforms
• Experience with vendor management and doing cyber security reporting
• Professional with a positive attitude and capable of contributing to a dynamic and team-oriented culture.
• Knowledge of NERC CIP standards or similar information security, privacy, or regulatory standards (such as NIST).
• Project management, analysis, assessment and investigation skills to determine recommendations or plans of action.