Manager IT CyberSecurity
Two North Ninth Street Allentown, PA 18101 | Direct Hire
Manager - IT Cybersecurity
- Status: Direct Hire (FTE)
- Location: Allentown, PA
- Salary: Based on Experience with incentive and bonus offered
As one of the largest investor-owned companies in the U.S. utility sector, the company delivers on its promises to customers, investors, employees and the communities served. Provide an outstanding service experience for our customers, consistently ranking among the best in the United States and the United Kingdom. The company has grown from a company with customers and facilities in one region of Pennsylvania to a diverse energy company with more than 10 million customers in the U.S. and the U.K. Company provides energy for millions of customers while providing challenging and rewarding careers for thousands of employees around the U.S. and abroad.
- Senior Manager
Responsible for leading the administration and operation of Information Technology (IT) Security functions within the Corporate computing environment, as well as in a cloud/on premise hybrid environment. Position responsibilities include supporting cybersecurity strategy and roadmap; leadership in developing and implementing security policies/standards/procedures for overall cybersecurity hygiene, consistent with applicable cybersecurity framework(s); oversight of team performing logging, monitoring, analyzing security posture relevant to information security event logs and proactive event correlation; security information/intelligence sharing; providing cybersecurity guidance to business, IT and operational technology (OT) functions and projects; performance of forensic investigations; managing cyber incident response processes; managing team to identify, track and research security alerts leveraging SIEM capabilities, and conduct vulnerability scanning/penetration testing and initiating actions for the organization through mitigation actions based on findings.
- Manages a group of exempt employees responsible for the range of IT security administration and operations.
- Oversees research, selection, architecture, implementation, training, and on-going operations of security assets, ensuring both a risk-based defense in depth and active defense security model.
- Maintains the rotating IT Security 24x/7x365 on-call function, and integration with evolving Global NOC and internal/external SOC/Threat Hunting capabilities.
- Facilitates operational technology (OT) areas with security related issues as warranted.
- Develops, maintains and enhances IT security policies, standards and procedures.
- Works with procurement functions and reviews contracts/vendor risks for appropriate IT Security requirements.
- Implements necessary technology, process, and procedural controls to effectively protect information technology assets from intentional or inadvertent modification, disclosure or destruction consistent with corporate and IT risk management processes.
- Provides operational leadership for security incident response processes.
- Escalates threats to leadership in a timely manner and appropriate convey information regarding risk, urgency, severity, credibility, and mitigation recommendations.
- Conducts evaluations and produces reports regarding the effectiveness of cybersecurity.
- Aligns disaster recovery and business continuity objectives to achieve availability targets.
- Provides security content input in developing and implementing a security awareness program to foster user community understanding and adherence to secure behavior to maintain a culture of cybersecurity focus.
- Manages to appropriate cybersecurity controls and compliance measures under the operational responsibility of the IT Security team, including NERC CIP and Sarbanes-Oxley Controls.
- Identifies, collects and leverages meaningful metrics and key performance indicators for reporting cybersecurity trends and areas of focus.
- Provides leadership and participation in both industry and cross-industry information/cybersecurity sharing forums.
- In-person supervision of employees to ensure compliance with FLSA wage and hour issues as well as to monitor compliance with safety rules.
- Physical presence in the office/on-site to engage in face-to-face interaction and coordination of work among direct reports and co-workers.
Candidates must meet the basic qualifications and pass all required tests or assessments to receive consideration.
In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility form upon hire.
- BS in Computer Science, Information Security, Computer Science, Computer Forensics or related field, or an alternate combination of education / experience which results in equivalent job knowledge.
- Minimum 5 years of relevant cybersecurity experience in IT Security, Incident Response or network security/SOC.
- Should possess business and technical skills / knowledge as would be acquired through experience as part of a diverse background in information technology and business management.
- Demonstrated leadership skills.
- Strong analytical, documentation and time management skills.
- Strong organization skills with effectiveness in developing security objectives and managing resources.
- Strong verbal/written communication and facilitation skills and the ability to share technical knowledge in layman' s terms.
- Budget planning and management experience, including vendor management.
- Demonstrated ability to manage multiple projects and priorities in an ever-changing environment.
- Masters Degree in cybersecurity related field.
- Holds security related certifications (e.g. CISSP, CISM, CRISC, CISA, CEH, GCIH, etc.)
- Experience in cybersecurity support of critical infrastructure organizations, especially in utility industry.
- Direct experience in support of responsibilities for complying to NERC CIP requirements.
- Strong technical network architecture understanding/experience, including knowledge of Tactics, Techniques and Procedures of threat actors and how common protocols and applications work at the network level.
- Knowledge and experience with a common scripting or programming language, e.g. Perl, Python, PowerShell.
- Holds active Secret Clearance.
If you feel like you are the right fit for the job above, please click the apply online button below and I will be sure to reach out ASAP!