Senior Director/Director Cybersecurity

About The Position

Requirements

• BS in Computer Science, Business, or related degree or equivalent. MBA or Master's degree preferred.
• Comprehensive IT technical and managerial knowledge and perspective with a minimum of ten (10) years’ experience in cybersecurity, enterprise architecture, IT audit, regulatory compliance, or business systems integration.
• Five (5) years in leadership position(s) in one or more of those roles.
• Significant knowledge of business processes, competitive trends, and developments in information security and regulatory compliance including risk assessments, data protection, and disaster recovery planning.
• Proven experience in creating and overseeing regulatory compliance programs.
• Significant knowledge of Information Systems technologies.
• Demonstrated effective oral, written and presentation communication skills; marketing and negotiation skills; and highest quality interpersonal and people management skills.
• In-depth knowledge of NERC CIP and SOX regulations.
• Must hold or be eligible for U.S. National Security Clearance at the Secret level.
• Desired certifications include CISSP, GIAC GCIH, GIAC GCIL, and/or CISM.

Nice To Haves

• Background in IT architecture, engineering, or platform delivery, with a solid understanding of how systems are designed, built, and run
• Experience leading the implementation of security capabilities, not just setting policy, but delivering and operating solutions
• Ability to collaborate with multiple IT and business teams to embed security into day-to-day IT operations and delivery (cloud, infrastructure, applications, DevOps) in a practical, low-friction way
• Strong communicator who can translate technical risks into clear business terms and influence across all levels of the organization
• Proven ability to drive change and adoption, bringing teams along and making security part of how work gets done
• Pragmatic, risk-based mindset that balances protection with business needs and operational realities

Responsibilities

• Lead the enterprise cybersecurity program to safeguard APS operations, uphold brand integrity, and fulfill customer and regulatory requirements
• Govern, and provide strategic direction for, the enterprise privacy program to protect customer, employee, and contractor information.
• Provide oversight, leadership, and direction for all cybersecurity compliance initiatives including SOX, NERC CIP, Export Control, and other applicable regulations.
• Serve as primary cybersecurity advisor to executive leadership and Board of Directors.
• Translate cybersecurity risk into business and financial impact to support executive decision-making.
• Oversee coordination and facilitation of internal audits. Collaborate with internal audit group to ensure audit findings and recommendations are addressed, and any risks or exposures are properly mitigated.
• Lead security governance activities including risk assessment, policy development, policy compliance, security strategy, security programs, awareness/training, and incident response.
• Work closely with operational business units and the corporate emergency management program to provide comprehensive and integrated support to APS's business resiliency goals.
• Represent APS in industry forums. Act as APS subject matter expert for cybersecurity and compliance policies, programs, and practices.
• Promote best practices approach in support of company-wide information security initiatives.
• Identify and evaluate trends and implement as appropriate to maximize operational effectiveness and reduce company cybersecurity or privacy risk.
• Provide strategic and tactical guidance and vision for all cybersecurity matters.
• Maintain relationships with local, state, and federal law enforcement and other related government agencies.
• Provide leadership, employee development, and facilitation of performance management tools including Performance Management process, compensation administration, and coaching and discipline.

Benefits

• This position may require access to and/or use of information subject to control under the Department of Energy's Part 810 Regulations (10 CFR Part 810), the Export Administration Regulations (EAR) (15 CFR Parts 730 through 774), or the International Traffic in Arms Regulations (ITAR) (22 CFR Chapter I, Subchapter M Part 120) (collectively, 'U.S. Export Control Laws'). Therefore, some positions may require applicants to be a U.S. person, which is defined as a U.S. Citizen, a U.S. Lawful Permanent Resident (i.e. 'Green Card Holder'), a Political Asylee, or a Refugee under the U.S. Export Control Laws. All applicants will be required to confirm their U.S. person or non-US person status. All information collected in this regard will only be used to ensure compliance with U.S. Export Control Laws, and will be used in full compliance with all applicable laws prohibiting discrimination on the basis of national origin and other factors. For positions at Palo Verde Nuclear Generating Stations (PVNGS) all openings will require applicants to be a U.S. person.
• Pinnacle West Capital Corporation and its subsidiaries and affiliates ('Pinnacle West') maintain a continuing policy of nondiscrimination in employment. It is our policy to provide equal opportunity in all phases of the employment process and in compliance with applicable federal, state, and local laws and regulations. This policy of nondiscrimination shall include, but not be limited to, recruiting, hiring, promoting, compensating, reassigning, demoting, transferring, laying off, recalling, terminating employment, and training for all positions without regard to race, color, religion, disability, age, national origin, gender, gender identity, sexual orientation, marital status, protected veteran status, or any other classification or characteristic protected by law.
• Federal law requires all employers to verify the identity and employment eligibility of every person hired to work in the United States, refer to E-Verify poster. View the employee rights and responsibilities under the Family and Medical Leave Act (FMLA).
• In compliance with the Drug Free Workplace Act of 1988, the Company is committed to a work environment that is free from the effects of alcohol and controlled substances, and free from the abuse or inappropriate use of prescribed and over-the-counter medications. The Company requires employees to be subject to drug and alcohol testing that is job-related and consistent with business necessity, regulatory requirements and applicable laws.
• This position requires Critical Infrastructure Protection (CIP) access consistent with North American Electric Reliability Corporation (NERC) standards. The applicant considered for this role will be required to obtain and maintain CIP access for the duration of employment in this position. A full seven (7) year criminal history will be obtained through the pre-employment background check process (or, for current employees, through supplemental background check process) to fulfill the CIP access requirements. In addition, this position requires an additional background check every seven years to maintain access.