Director, Cyber Security Services - (26-IT-601015-082)

About The Position

Requirements

• A minimum of ten (10) years of experience in the Information Technology field, including security, incident response, or a related area, with at least seven (7) years of management experience.
• Bachelor’s degree in Information Technology/Information Security Systems or a related technical field or the equivalent combination of education and experience consisting of a High School Diploma or General Educational Development certificate (GED) and a minimum of fourteen (14) years of experience in the Information Technology field, including security, incident response, or a related area, with at least seven (7) years of management experience.
• Must be able to communicate security-related concepts to a broad range of technical and non-technical staff.
• Experienced in business continuity planning, auditing, and risk management, as well as contract and vendor negotiation.
• Excellent oral and written communications skills.
• Experience in leading organizations through compliance requirements.
• Must possess a CISSP or equivalent certification.

Nice To Haves

• N/A

Responsibilities

• Maintains awareness of industry specific developments regarding cybersecurity and assesses the impact on Authority systems and develops plans and schedules as necessary to ensure compliance. Monitors implementation plans for successful execution.
• Directs the Authority’s patch management and release management processes to ensure all systems are patched in a timely manner. Coordinates patching and maintenance with third party providers to ensure cloud solutions remain compliant.
• Conducts vendor risk assessments and ensures all IT vendors comply with Authority IT standards and guidelines, especially those related to cybersecurity.
• Leads risk management activities to enhance assessment and mitigate cyber risks for both IT and OT systems.
• Directs a network of security professionals and vendors via a matrix structure to evaluate, assess, and develop strategies regarding potential threats to the Authority’s computer and information infrastructure.
• Designs and implements protection goals, objectives, and metrics consistent with the corporate strategic plan to ensure the highest level of cyber resiliency; creates work breakdown structures (WBS), project plans, project cost estimates, project recommendations, status reports, and executive presentations focused on mitigating cybersecurity risks.
• Ensures security audits, risk analyses, vulnerability assessments, and network testing are conducted successfully.
• Directs the development and implementation of global security policies, standards, guidelines, and procedures to ensure ongoing maintenance of security posture.
• Manages IT Assets and IT Inventory functions.
• Develops executive-level dashboards and reporting frameworks that clearly measure and communicate cyber risk, performance, and program maturity.
• Translates technical cybersecurity risks into clear business impacts and recommendations for executive leadership to support informed decision-making.
• Briefs leadership on the company’s cybersecurity posture, key risks, and mitigation strategies to ensure strong governance and alignment with risk tolerance.
• Collaborates with executives to prioritize security initiatives and spending based on appropriate risk management and/or financial methodology.
• Maintains relationships with local, state, and federal law enforcement and other related government agencies.
• Oversees incident response planning as well as the investigation of security breaches and assists with disciplinary and legal matters associated with such breaches as necessary.
• Directs activities of third party and internal resources in testing of cybersecurity protocols to ensure successful implementation and protections.
• Mentors the entire organization on security best practices by executing employee education/awareness programs.
• Ensures compliance with training initiatives designed to maintain enterprise-wide awareness levels.
• Leads the Cyber Threat Intelligence (CTI) Program by gathering and analyzing threat intelligence from a network of intelligence sources including but not limited to WaterISAC, DHS, the FBI, and others to ensure the Authority assets are properly secured.
• Guides enterprise strategic planning and operations related to cyber resiliency in collaboration with IT management.
• Prepares, champions, and manages the budget to support cyber resiliency capabilities for the enterprise.
• Works with outside consultants as appropriate to conduct independent security audits, assessment of security best practices and evaluation of products and services to meet a broad range of security needs for the Authority.
• Manages the IT Change Management process.
• Works with IT management on the design, implementation and testing of the enterprise Disaster Recovery Program and coordinates with the Emergency Management Group to ensure alignment with the broader Business Continuity Plan.
• Evaluates custom and third party hardware and software solutions from the perspective of security to ensure that all deployed solutions are secured in a manner consistent with the Authority’s approved security policies and procedures.
• Leads the Enterprises Incident Response team as it relates to issues concerning cybersecurity and/or business continuity and disaster recovery.
• Performs other duties and projects at the discretion of the Vice-President, Information Technology.

Benefits

• General office conditions