Sr. Manager, Cybersecurity

About The Position

Requirements

• 10+ years in IT security roles, ideally 5+ years specifically in cybersecurity leadership positions and/or managing IT Cybersecurity Operations and corresponding functions for the enterprise.
• Proven experience developing and implementing enterprise security programs
• Direct experience managing a program adhering to at least one leading industry-standard cybersecurity control framework is a requirement. Experience specifically with CIS, NIST, ISO or other frameworks a strong plus.
• Proven experience implementing, administering, and supporting the enterprise cybersecurity cloud application and infrastructure stack.
• Explicit experience securing Microsoft and AWS cloud infrastructures.
• Skilled in incident response investigation analysis, cross-functional team triage, containment, recovery, post-incident review and root-cause analysis.
• Security mindset and dedication to best-practice and continual improvement.
• Service oriented, collaborative, and solution-driven mindset first and foremost.
• Strong communication skills, attention to detail, and ability to self-organize while parallel-processing and driving projects to completion.
• Experience with standard principles and practices of project management and budget development, work planning and organization.

Nice To Haves

• Direct experience with NERC CIP Compliance standards and controls a strong plus.
• Cybersecurity Certification such as CISSP, CISM, CCSP, or other equivalent certification highly preferred.
• Explicit experience implementing AI governance for the enterprise is a strong plus.

Responsibilities

• Maintain and improve the efficacy of our IT cybersecurity solutions, controls, procedures, and policies that support the security posture of the company.
• Respond to cybersecurity incidents, delegating investigation analysis and response to internal and external resourcing, as appropriate. Escalate incident response to leadership according to incident response plans, as appropriate.
• Drive solutions implementations and systems changes, with the help of internal IT support staff and external consultants, as necessary. Organize and manage projects and the required resources from start to finish.
• Work closely with the Vice President of Information Technology & Security, as well as other IT staff, to continually develop the strategy and trajectory of the broader IT department and the systems that support the company.
• Work closely with the Vice President of Information Technology & Security, as well as other IT staff, to execute cybersecurity solution implementations and special projects in support of the broader maturity and scaling of the IT cybersecurity program and its supporting systems.
• Work closely with the Vice President of Information Technology & Security, as well as other IT staff, to develop controls, standards, best-practice, policy, and process that will streamline cybersecurity operations and help protect the business as we scale.
• Lead the continued development and maturity and accuracy of security incident and event management (SIEM) systems, vulnerability management, security analytics, incident response, and other cybersecurity operational systems.
• Work closely with the Vice President of Information Technology & Security, as well as other IT staff, to strategically support broader IT infrastructure, systems, and cybersecurity initiatives.
• Generate and maintain project trackers, reports, or dashboards as helpful and efficient to support the team. Collaborate with IT and business stakeholders to deliver to longer-term projects, successfully documenting and executing change plans, and executing rollouts of cybersecurity systems and features in line with IT department and company goals.
• Stay on top of industry trends and new technologies as applicable and relevant to the business, including by leveraging access to various cybersecurity industry subscriptions, community networks, conferences and events, training platforms, and other resources, as supported by the company.
• Mentor and provide collaborative cybersecurity guidance to IT team members and business stakeholders.
• Work closely with the Vice President of Information Technology & Security, as well as other IT staff and external resources, to ensure compliance with and continual improvement to applicable control standards and compliance and risk-management frameworks, for corporate and power generation project entities. Maintain and update risk registers and control remediation reporting for executive audiences.
• Drive the development and ongoing maintenance of high-quality and consistent cybersecurity training resources, documentation, and runbooks. Work with IT staff to maintain up-to-date cybersecurity resources on the company Intranet and knowledge bases.
• Drive the enhancement of both the quality and frequency of cybersecurity trainings and communications to the business, including templatized notifications, targeted trainings, table-top exercises, and standardized incident responses.
• Monitor security operations and logging dashboards, as well as alerts to triage and escalate security incidents, with the ability to delegate to other IT team members or external resources as appropriate.
• In collaboration with other senior IT team members, assist in the recurring audit responsibilities to maintain cybersecurity controls validation and remediation tracking.
• In collaboration with cybersecurity consulting and solutions partners, as applicable, maintain features and functionality of cybersecurity solutions in a manner consistent with the needs of the business.
• Oversee a risk-prioritized recurring testing program to validate effectiveness of security controls across the environment.
• Proactively recommend improvements to controls to address security gaps and oversee the implementation and validation of approved recommendations.
• Contribute to and influence the development, implementation, monitoring, and iteration of AI Governance & Enablement strategies for the business.
• Maintain and keep up-to-date external cybersecurity solutions support and service level agreements and provide recommendations for improvements where applicable.
• Maintain and keep up-to-date licensing support agreements for cybersecurity systems. Assist with software renewals, license audits and cost governance, and upkeep of contract deadlines and vendor contact details within IT systems of record.
• Adhere to responsible change management, documentation, and business continuity best-practice and process in coordination with and in support of all team members.
• Work collaboratively with other IT team members, internal Avantus resources and stakeholders, and external IT solutions partners as one team to solve problems and develop solutions in support of our team and our business.

Benefits

• competitive compensation
• excellent benefits package
• 401(k) matching
• comprehensive medical and dental plan options
• flexible PTO