Cyber Risk Manager

About The Position

Requirements

• Bachelor's degree in Cyber Security, Computer Science, Technology Management, SCADA/Communications Engineering, or a closely related field, or an equivalent combination of education, training, and experience.
• Five years of progressively responsible experience in threat management, information assurance, security operations, systems engineering, security policy development/administration, and/or security tool administration and use, preferably in an electric utility environment.

Nice To Haves

• Understanding of Power Grid Operational Technologies.
• Ability to plan, manage, and execute multiple tasks and projects within defined timelines.
• Experience using GRC/IRM tools for cybersecurity processes
• Experience with NERC-CIP cyber security requirements and compliance.
• Background in common information and operational technologies applied in Utilities.
• Ability to work in fast-paced government technology environment; to work as a productive member of a professional team, as well as initiative to be a self-starter; ability to work under pressure, multi-task, and rapidly change priorities.

Responsibilities

• Lead, mentor, and develop a team of cyber risk specialists and consultants. Set team goals, performance expectations, and professional development plans. Foster a culture of accountability, trust, collaboration, and continuous improvement.
• Lead implementation and enhancement work for cyber risk management workflows, dashboards, and reports within Archer GRC to meet business and regulatory needs. Drive automation and efficiency through effective use of Archer capabilities.
• Oversee the cyber risk register and associated issues management functions for cyber risks, to ensure risk items are being properly communicated and addressed by stakeholders.
• Maintain the risk management frameworks and metrics used to monitor and report on risks, maturity, and progress of the cyber security program, which helps to identify high priority goals and support roadmap development.
• Track and communicate cyber risk posture and key metrics to City Light Cyber Security Sr Mgr, CISO.
• Directly conduct or support third-party/consultant conducting of cyber risk assessments. Risk assessments may include OT/SCADA environments, IT/OT convergence areas, Grid Modernization technology, and various other existing and emerging utility technologies.
• Assess and provide subject-matter expertise and guidance on cybersecurity risk for technology projects and change requests.
• Support utility cyber security objectives, to include compliance, safety, reliability, and business continuity/disaster recovery initiatives. This includes leading/participating in various security enhancement projects to improve cyber security controls, and ensuring operational technology practices comply with organizational policies, industry best practices, and NERC-CIP regulatory requirements.
• Lead development of policies, guidelines, and standards to ensure the safety, reliability, availability, confidentiality, and integrity of a wide range of operational technologies to include SCADA systems, HMIs, RTUs, various IEDs, internal and perimeter communications, and other applicable devices or supporting services.
• Support the vulnerability management program, to include developing policies and procedures for assessing systems for vulnerabilities, advising system owners on remediation strategies, and leveraging penetration testing where appropriate to validate controls and presumed security levels.
• Participate in 24/7 standby watch duty rotation. Standby personnel are responsible for responding to cybersecurity alerts and incidents, triage and prioritize events, and ensure timely escalation in accordance with incident response procedures.
• Support incident response activities to minimize risk of compromised systems without impeding real time power grid operations.
• Support cyber security threat management activities, to include gathering, analyzing, and assessing the current and future threat landscape; understanding threats to City Light infrastructure and operational missions; and developing and sharing threat intelligence through collaborative efforts to include coordination with DHS, US-CERT, MS-ISAC, E-ISAC, WSFC, FBI, SPD, and other threat sharing vectors. Develop threat summary reports and provide appropriate communications to leadership and operations staff.
• Support cyber security training and awareness efforts to include developing security awareness materials, supporting role based cyber security training for technical staff, and developing cyber security exercises.
• Keep abreast of technological advancements and operational technology cyber security best practices for the electric power grid. Maintain subject matter expertise and represent City Light through various collaborative efforts, such as industry partnerships and participating in cyber security conferences, workshops, and information sharing.
• Additional duties as assigned.

Benefits

• vacation
• holiday
• sick leave
• medical
• dental
• vision
• life and long-term disability insurance for employees and their dependents