Director of Enterprise Security

About The Position

Requirements

• Bachelor’s degree in computer science, Information Security, Security Management, Emergency Management , or a related field. An equivalent combination of education, training, and relevant work experience may be substituted for the degree requirement.
• 6–10 years of progressive experience across IT/cybersecurity and physical security, including:
• At least 5+ years focused on cybersecurity/physical security
• 3–5+ years of leadership/management experience in security or IT.
• Working knowledge of IT hardware, operating systems, applications, and datacenter operations.
• Expertise in cybersecurity tools, network topologies, intrusion detection/prevention, and network security.
• Familiarity with physical security systems, site assessments, CCTV operations, perimeter defense, and visitor/access control management.
• Experience interpreting and implementing cybersecurity and physical security regulations/standards (e.g., NIST CSF, DOE C2M2, ASIS, DHS CISA, NFPA, and NERC CIP low- and medium-impact physical security requirements where applicable).
• Strong understanding of documentation processes, operational procedures, project planning and management, and audit practices.
• Proven ability to lead and develop teams (cyber and physical security) and manage contractors/vendors.
• Strong oral and written communication; effective presentation skills for technical and executive audiences.
• Demonstrated customer and colleague relationship-building skills; cross-functional collaboration.
• Strength in risk assessment, incident/crisis management, analytical thinking, problem solving, conflict resolution, and adaptability.

Nice To Haves

• A master's degree is preferred.
• Advanced security certifications such as  CISSP, CISM, CISA, CRISC, or CCISO  are strongly preferred.
• Electric utility operations experience preferred (including familiarity with substations, control centers, and generation facilities).
• Familiarity with CIS (Center for Internet Security). security frameworks and maturity models.

Responsibilities

• Strategic Leadership & Program Development Develop and execute an enterprise-wide security strategy covering both cyber and physical security domains. Establish and maintain policies, standards, procedures , and site security plans aligned with industry best practices (e.g., ASIS , DHS CISA , NFPA , NERC ). Coordinate enterprise risk management activities: risk assessments , criticality analyses , threat/vulnerability reviews , and remediation roadmaps. Define security architecture and control baselines across IT, OT, facilities, and corporate environments.
• Cybersecurity Operations & Governance Oversee the Manager of Cybersecurity, including policy development , regulatory compliance , security assessments (internal and third-party), and incident response planning and execution . Ensure security is integrated into SDLC, data platforms, and EMS/OT systems; collaborate with Software Development and Data Management teams to embed cybersecurity controls . Oversee audit readiness and compliance with applicable standards and regulations (e.g., NERC CIP where applicable). Manage cybersecurity awareness and training for all staff and facilitate executive briefings and security committee meetings.
• Physical Security Operations & Incident Management Oversee the Manager of physical security systems to ensure NCEMC’s seven facilities across the state of NC are safe and secure. Lead and coordinate response to physical security incidents; manage investigations and reporting with law enforcement and regulatory agencies .
• Capital Planning & Project/Portfolio Management Plan and execute security infrastructure projects balancing cost, risk reduction, regulatory compliance, and operational impact . Prepare and manage budgets for cybersecurity and physical security operations and capital initiatives.
• Training, Awareness & Exercises Develop and deliver training for employees, contractors, member organizations, and security personnel on site access , reporting , and emergency response protocols . Establish criteria for coordinate drills and exercises in collaboration with internal safety personnel and relevant external partners.
• Governance, Compliance & Reporting Ensure compliance with regulatory requirements and maintain audit readiness, including NERC CIP-003-8 (where applicable). Define and report security performance metrics, risks, and improvement plans for senior leadership. Maintain and continuously improve the incident response plan and business continuity interfaces .
• Team Leadership & Collaboration Manage and mentor the cybersecurity and physical security managers . Foster strong cross-functional relationships with IT, operations, facilities, and business units to integrate security into daily operations and strategic initiatives.