Cybersecurity Assurance Manager

About The Position

Requirements

• Bachelor’s degree preferred. An advanced degree is desirable.
• 7+ years of cybersecurity experience in architecture, engineering, operations, or compliance
• 5+ years of experience in leading teams, comfortable leading distributed/remote personnel
• Demonstrated ability to be an inclusive leader
• Strong leadership abilities, with the capability to attract and retain top talent, and motivate and develop personnel and future leaders
• Outstanding credibility and demonstrated ability to build strong relationships within the company and industry, as well as with vendors/suppliers.
• Experience with measuring cybersecurity programs via formal frameworks such as NIST CSF, NIST 800-53, ISO 27001/27002, CIS, Cloud Security Alliance (CSA) required
• Familiarity with adversary techniques/tactics to enable effective SOC collaboration, steer assessments, and develop/tune security control validation testing required
• Demonstrated knowledge of best practices related to cyber risk management, measurement and tracking
• Experience with information security regulation, to include those applicable to energy and utility industry, required
• Experience with driving cyber risk reduction in large, multi-stakeholder enterprise environments required
• Demonstrated ability to influence management and key stakeholders and lead through influence
• Strong oral and written communication skills, and the ability to communicate very complex or risk-related concepts to technical and non-technical audiences required
• Must pass NERC CIP & Insider Threat Protection background checks
• Must be able to obtain and maintain security clearance
• This position falls under the company’s Insider Threat Program and will have access to, and control over sensitive data, systems or assets. Enhanced personnel screening, which includes a background review, drug screen and psychological assessment, will be required if you are selected for this position

Nice To Haves

• Familiarity with the Department of Defense Federal Acquisition Regulation Supplement (DFARS)’s Cybersecurity Maturity Model Certification (CMMC) desired
• Industry certification preferred (CISSP, CISA, GIAC, CISM)

Responsibilities

• Hire, develop, inspire, reward and retain a highly qualified and diverse team including supporting leaders
• Apply strong leadership and strategic thinking to a diverse set of opportunities and challenges
• Create an environment that fosters accountability and engagement at all levels
• Establish and maintain excellent working relationships and partnerships across the Technology Organization functions, business partners, and external vendors and suppliers
• Perform cyber risk management by collaborating with the business to identify cyber risks, both within Technology Organization and associated business partners.
• Document unowned or long-term issues, exceptions, and/or risks to drive remediation, ownership, and accurately communicate risk posture.
• Develop executive‑level metrics, KPIs, and KRIs that communicate control effectiveness, exposure, and cyber risk trends to senior leadership and governance forums
• Measure adherence to published standards (company policies and requirements) and frameworks (e.g. NIST CSF, Gartner CARTA, CIS)
• Map capabilities and gaps to stated strategy/direction, capital projects, and reporting
• Oversee and conduct periodic risk assessments in support of organizational goals These include broad organizational assessments as well as targeted adversarial assessments of technology environments or applications
• Manage and oversee Federal (DoD, DoE) cyber security compliance and related required reporting
• Manage Southern’s Security Architecture Review process, ensuring that new/modified technology solutions add only well-managed security risk to our technology environments
• Manage 3 rd party cybersecurity risk to the Company, collaborating closely with Supply Chain partners and business units owning supplier relationships
• Manage continuous review and improvement of Company cyber security Standards, Policies, Requirements, and Guidelines
• Support Company Risk Management leadership to enable periodic renewals of Cyber Insurance
• Responsible for the discovery, qualification, monitoring, and reporting of cybersecurity asset and application vulnerabilities as well as misconfigurations both on-premise and in the cloud
• Responsible for the use of security controls validation testing to verify that cybersecurity solutions are performing as expected and drive the remediation of identified risks
• Drive innovation and leverage technology to create value and transform the business
• Establish an annual budget and meet expense and capital spend targets
• Maintain current knowledge of cybersecurity threats, tactics, techniques and procedures to inform above efforts