Position Overview

The Director, IT Cyber Security (IT) is a hands-on, technical role that will lead, consult and provide technical expertise in planning, designing, delivering, assessing and supporting oversight and management of a secure information technology infrastructure for the ERO Enterprise which comprises NERC and the six Regional Entities. The position will identify security risks, recommend secure solutions and improvements, and assist in implementation of all data and systems security for the ERO Enterprise.

The Director, IT Cyber Security will ensure the ERO Enterprises systems meet industry security standards and best practices, and will work closely with all ERO Enterprise IT Directors/Managers to identify, recommend and assist with the implementation and support of secure and cost-effective security related technology solutions for all areas of the enterprise.

This position assists with planning, budgeting policies, and procedures for the enterprise. This position reports to NERC’s Vice President, Business Technology.

Your Role

· Consult with and partner with the Regional and NERC IT Leadership Teams and the E-ISAC to ensure achievement of ERO Enterprise goals and objectives.

· Develop a three-year IT Cyber Security roadmap to meet short-term and long-term ERO Enterprise goals.

· Coordinate with Regional IT leaders to evaluate business needs, objectives and goals; research, design, and implement solutions and procedures to best meet those needs.

· Protect information systems and technology assets by: developing cyber and physical security strategies, directing system controls, and developing access management, monitoring, control, and evaluation.

· Oversee the development of audit plans and risk register criteria and placement for cyber security concerns. Propose and develop ERO Enterprise IT policies, procedures, and standards to align with the corporate security posture.

· Promote a strong ERO Enterprise security program by recommending IT support staff security training.

· Collaborate and coordinate with the other Regional Entity IT leaders to share knowledge and resources where appropriate and influence the direction of the ERO Enterprise Cyber security programs.

· Participate in ERO Enterprise IT groups consisting of representatives from NERC and the six Regional Entities to align security goals and tools for the protection of the ERO Enterprise.