Director, Cybersecurity Risk & Governance
Vacancy expired!
OUC - The Reliable One , an industry leader and the second largest municipal utility in Florida committed to serving the community and the environment, is presently seeking a Director, Cybersecurity Risk & Governance to join the Office of General Counsel division.We are looking for a strategic and experienced professional to provide leadership, oversight, and subject matter expertise for the development, implementation, and maintenance of the enterprise-wide cybersecurity program.In this role, you will be responsible for providing strategic direction and operational governance for all core digital, corporate technology, and data security services while also partnering with internal stakeholders in the Technology & Transformation team to implement and monitor an enterprise risk-based approach to cybersecurity management and governance.OUC’s mission is to provide exceptional value to our customers and community by delivering sustainable and reliable services and solutions. Click here (https://youtu.be/sZnGjXSas) to learn more about what we do.The ideal candidate will have:
Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or related field of study from an accredited college or university.
Minimum of ten (10) years of experience in Cybersecurity Management to include:
Experience in enterprise-widesecurity programming and analysis, governance, standards development,risk assessment, creating awareness and education programs.
Experience developing andimplementing cybersecurity policies and procedures in accordance withNIST Cybersecurity Framework and other relevant industry standards .
Five (5) years of formal leadership/management experience over IT staff, preferably IT security team members (required);
Working understanding of NERC compliance (preferred)
Current Professional Certifications in Cloud Security, Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), and/or Certified Information Security Manager (CISM) (preferred)
OUC offers a very competitive compensation and benefits package. Our Total Rewards package includes, to cite a few:
Competitive compensation
Low-cost medical, dental, and vision benefits and paid life insurance premiums with no probationary period. Retirement benefits include a cash balance account with employer matching along with a health reimbursement account
Paid vacation, holidays, and sick time
Educational and Professional assistance programs; Paid Memberships in Professional Associations
Access to workout facilities at each location
Paid Conference and Training Opportunities
Free downtown parking
Hybrid work schedule
Click here to view our Benefits Summary. (https://www.ouc.com/docs/human-resources-documents/benefitssummary.pdf)Salary Range: $144,391.64 - $180,489.83 (Commensurate on experience)Location: Reliable Plaza 100 W. Anderson St. Orlando, FL 32801Please see below a complete Job description for this position.Job Purpose:Provides thought leadership, oversight and subject matter expertise for the development, implementation and maintenance of the enterprise-wide cybersecurity program. Provides strategic direction and operational governance for all core Digital, Corporate Technology and Data Security services – including on premise and cloud technology, production services (data center, server and storage, network engineering, telecommunications and desktop technologies), support services (videoconferencing, productivity, client applications, and mobile), and security/cybersecurity (technical security, user provisioning). Partners with internal stakeholders in the Technology & Transformation team to implement and monitor an enterprise risk-based approach to cybersecurity management and governance. The Director will facilitate the Enterprise Security Risk Council responsible for the governance and oversight of the organization's cybersecurity risk management efforts.Primary Functions:
Develop, implement, and monitor a strategic, comprehensive enterprise-wide cybersecurity governance and verification program;
Collaborate with D&T and OT organizations to provide oversight for the Enterprise Cybersecurity program to ensure the integrity, access, & confidentiality of information owned, controlled or processed by the organization.;
Partner with the Enterprise Security Risk Council (ERSC) to ensure effective oversight of the organization's cybersecurity risk management efforts.
Develop and maintain OUC customized cybersecurity policies and standards in accordance with relevant industry standards;
Manage the information security framework and governance based on standard risk management processes, including threat assessment and reporting in collaboration with the Technology & Transformation (D&T) team;
Partner with D&T team on cybersecurity and risk management projects to ensure appropriate resource allocation for risk mitigation efforts;
Create an ongoing cybersecurity oversight program that includes regular assessments and audits to identify, evaluate, and report on information security risks in alignment with the risk posture of the enterprise;
Monitor and analyze cybersecurity risks to provide cybersecurity maturity level and security posture reports to senior leadership based on industry trends and data (e.g., ES-ISAC, Dragos) and security reporting from internal OUC resources (e.g., IT Security, Network Management, etc.)
Develop, maintain and publish up-to-date security procedures, standards and guidelines, and oversee the development and implementation of cybersecurity awareness training for the enterprise including external vendors and contractors;
Ensure that cybersecurity programs are in compliance with relevant laws, regulations and policies to minimize risk and audit findings;
Collaborate on the evaluation and maintenance of IT, OT systems and network through a cybersecurity lens; Engage in continuous process improvement based on the evolving landscape of risks and threat assessments;
Envision, develop and communicate cybersecurity risk mitigation and governance policies in alignment with overall business goals;
Evaluate and align talent to current and future business needs; mitigate talent risks;
Support and maintain effective business unit work groups and foster a culture of respect and continuous learning;
Develop, measure, and take action on performance metrics for teams and individuals within the business unit; communicate performance expectations, support staff professional goals, and brief all related issues, initiatives, and actions, risks or concerns with Leadership;
Manage selection and promotion procedures including reviewing applicants and interviewing potential new employees to select candidates for open positions within the cybersecurity team;
Develop the annual operating and/or capital budgets for the cybersecurity department; ensure that operations are managed within authorized budgets; advise, develop, review and approve budgets, plans, and business goals.
Perform other duties as assigned.
Technical Requirements:
Working knowledge of all, but not limited to the following:
Cybersecurity requirements, best practices, and execution;
System design and architecture with cybersecurity technologies;
Risk management and mitigation;
Cybersecurity regulations applicable to electric utilities
Industry-specific cybersecurity initiatives and emerging activities;
Project management methodologies;
Familiarity with all, but not limited to the following:
Corporate Software Applications: CIS, ERP, GIS, CRM
Security monitoring, analysis and forensics tools;
Network monitoring and analysis technology;
Threat assessments;
Technical reports;
Agile methodologies;
Budgeting and Resource Planning;
Vendor and Contract Management;
Performance Management;
Effective written, oral, and interpersonal communication skills to articulate complex cybersecurity concepts and strategies to both technical and non-technical stakeholders.
Ability to:
Inspire, motivate, and guide cross-functional teams toward achieving cybersecurity goals and fostering a security-conscious culture.;
Prepare and deliver related presentations to senior leadership;
Excellent verbal and written communication skills
Identify strategic needs and develop departmental strategic plans and goals;
Prioritize tasks, manage multiple projects simultaneously, and allocate resources effectively to ensure the timely completion of key cybersecurity initiatives.
Develop and maintain capital and operational budgets;
Analyze complex issues, identify root causes, and develop effective solutions to address cybersecurity challenges.
Education/ Certification/Years of Experience Requirements:
Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or related field of study from an accredited college or university.
Minimum of ten (10) years of experience in Cybersecurity Management, to include:
Experience in enterprise-wide security programming and analysis, governance, standards development, risk assessment, creating awareness and education programs;
Experience developing and implementing cybersecurity policies and procedures in accordance with NIST Cybersecurity Framework and other relevant industry standards
Five (5) years of formal leadership/management experience over IT staff, preferably IT security team members (required);
Five (5) years of experience with cybersecurity in a utility setting (preferred);
Five (5) years of implementing cybersecurity regulations, specifically NERC CIP (preferred);
Current Professional Certifications in Cloud Security, Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), and/or Certified Information Security Manager (CISM) (preferred)
Working Conditions:This job is performed primarily in an office work environment. This job may occasionally work in confined spaces. This job occasionally requires call outs and/or extended work hours, including evenings, weekends, and/or holidays.Physical Requirements:This job consists of sitting, walking, standing, and may lift up to twenty (20) pounds, bending/stooping, and repetitive motions. This job requires constant speaking and hearing, writing, typing, and detailed inspection.OUC–The Reliable One is an Equal Opportunity Employer who is committed through responsible management policies to recruit, hire, promote, train, transfer, compensate, and administer all other personnel actions without regard to race, color, ethnicity, national origin, age, religion, disability, marital status, gender, sexual orientation, gender identity or expression, genetic information and any other factor prohibited under applicable federal, state, and local civil rights laws, rules, and regulations .EOE M/F/Vets/Disabled
Vacancy expired!