Senior Manager of Information Security

About The Position

Requirements

• Bachelor's degree in Computer Science, Information Security, Engineering, or related field required.
• Minimum 10 years of progressive cybersecurity experience, including at least 5 years in a management role managing teams.
• Deep technical knowledge of cybersecurity solutions, including hands-on experience with security tools, incident response, and risk management.
• Strong understanding of cybersecurity frameworks and regulatory standards such as NIST, ISO/IEC 27001, CIS Controls, NERC CIP, and IEC/ISA 62443.
• Familiarity with public cloud security (AWS, Azure, GCP or OCI) and advanced knowledge of network security, including firewall, router, and switch configurations.
• Proven ability to manage cross-functional teams and drive cybersecurity initiatives in complex environments.
• Strong communication and executive presence, with the ability to convey technical information to non-technical audiences and influence senior stakeholders.
• Demonstrated ability to balance security, risk management, and business objectives.
• Strong problem-solving, interpersonal, and leadership skills with a collaborative mindset.
• Data-driven approach to performance management and continuous improvement.
• Ability to work independently and across multiple teams in a fast-paced environment.
• Candidates must be located within the local region for 3 days per week on-site collaboration.

Nice To Haves

• Relevant certifications strongly preferred (CISSP, CISM, CRISC, CISA, CCSP, or equivalent).
• Experience with utility or energy generation industries and securing Industrial Control Systems (ICS) or SCADA is highly desirable.

Responsibilities

• Develop, implement, and maintain a comprehensive cybersecurity strategy that aligns with business goals, regulatory requirements, and evolving threat landscapes.
• Lead and mature the organization's cybersecurity program through risk-based decision-making and continuous improvement.
• Stay informed on evolving IT and OT threat landscapes, cyberattack vectors, and relevant cybersecurity frameworks (e.g., NIST CSF, IEC/ISA 62443, CIS Controls).
• Maintain deep awareness of industry-specific challenges and regulations (e.g., NERC CIP and FERC) and how they impact cybersecurity programs.
• Direct the day-to-day security operations, including incident response, threat detection, vulnerability management, and third-party/vendor security risk management.
• Ensure the selection, configuration, and ongoing management of security tools and processes such as SIEM, endpoint protection, firewalls, and cloud security solutions.
• Ensure compliance with applicable regulations, industry standards, and internal governance frameworks, including NIST, ISO/IEC 27001, CIS Controls, NERC CIP, and IEC/ISA 62443.
• Oversee the development and enforcement of cybersecurity policies, standards, and procedures.
• Lead organizational response to cybersecurity incidents, including investigation, containment, recovery, and communication.
• Conduct tabletop exercises and maintain readiness through robust incident response and disaster recovery planning.
• Drive security awareness and education programs across all levels of the organization to foster a culture of security consciousness and vigilance.
• Recruit, mentor, and lead a high-performing cybersecurity team.
• Foster collaboration across IT, OT, and business units to embed security in all operation.
• Serve as the primary cybersecurity advisor to executive leadership, providing regular updates on cybersecurity risks, incidents, and program maturity.
• Build relationships across key departments including Legal, Compliance, and Operations.
• Manage the cybersecurity budget and oversee relationships with security vendors and service providers to ensure optimal use of resources and alignment with strategic objectives.