Knowhirematch
Director Cybersecurity
Knowhirematch, Charlotte, North Carolina, United States, 28245
Charlotte, North Carolina, United States
The Director, Cybersecurity leads Company’s cybersecurity program in order to protect the organization's critical IT and OT systems and assets using the CIS Controls and NERC CIP cybersecurity frameworks and practices. As the subject matter expert in information security and cybersecurity, the Director supervises a team of security personnel and has the overall accountability of establishing, monitoring, managing, and maintaining the technologies and processes used to secure company information and operating technology systems, networks and data.Key Responsibilities:Develop, implement, manage, and maintain the organization's cybersecurity strategy and roadmap and associated plans, policies, procedures, practices, requirements, and controls.Establish, monitor, manage, and maintain the technologies and processes used to secure company information and operating technology systems, networks and data.Lead threat prevention and resiliency strategies for Company. Stay up to date on recent threats (e.g., OWASP Top 10), evaluate potential security threats and protect the organization’s infrastructure from those threats to minimize downtime and expenditures.Direct Company’s cybersecurity team in protecting the organization’s IT and OT infrastructure from threats, responding to security requests, investigating, and responding to alerts and incident tickets, developing and maintaining security documentation, managing network and endpoint security, vulnerability management, identity and access management, SIEM and log management, cloud security operations, and overall security monitoring and reporting.Oversee the development of the organization’s incident response plan and direct cyber incident response and crisis management for Company, ensuring swift and effective response to security events and incidents.Conduct regular risk assessments and vulnerability tests, including penetration tests, to identify potential security threats and develop strategies to reduce risk in security operations.Ensure new systems align with the organization’s overall security policies and data protection strategies.Prepare and manage the cybersecurity budget for the organization.Provide technical leadership and oversight to security design, security architecture activities, and initiatives.Be accountable for organizational compliance with security-related governmental laws, rules, and regulations, including NERC standard requirements. Ensure that all cybersecurity measures adhere to state and federal laws and regulations.Implement organizational strategies to meet or exceed the CIS Control framework.Develop security reporting mechanisms and associated security KPIs that keep the organization aware of its security risk profile.Serve as a liaison between business and security teams, facilitating communication and ensuring security requirements are identified and integrated efficiently into business processes and projects.Manage endpoint and network security environments and associated security tools to meet organizational cybersecurity objectives.Manage partners, stakeholders, vendors, and third-party service/solution providers of relevant cybersecurity services.Develop and implement security awareness programs to educate employees about security best practices and promote a culture of security within the organization.Provide technical cybersecurity support to the NERC CIP program staff to facilitate identification of efficient solutions to meet compliance obligations.Stay current with the latest industry trends, threats, and technologies to ensure that the organization's cybersecurity measures are current and effective.RequirementsEducation/Experience RequiredBachelor's degree in a related field such as Computer Science, IT or cybersecurity. Master’s degree in Information Systems or a related cybersecurity field preferred.At least 10 years of industry experience in Information Security and cybersecurity, with a minimum of 5 years in a leadership role over cybersecurity teams.Security certifications greatly preferred (e.g., CISSP, CISM, CISA).Mastery level experience with security tools, technologies, hardware, software, and processes in the network, server and endpoint, applications and cloud infrastructure domains.Experience understanding and implementing regulatory requirements and industry standards related to IT and OT security, such as NERC CIP, the NIST cybersecurity and CIS Controls frameworks, SOC1/2, PCI, HIPAA, CCPA/GDPR or related security frameworks.Demonstrated ability to identify and mitigate security risks.Strong leadership and management skills, with the ability to mentor, motivate, and inspire a team.Excellent problem-solving and analytical skills.Strong communication and interpersonal skills, with the ability to effectively communicate complex security concepts to both technical and non-technical stakeholders.Ability to work independently or as part of a team to manage multiple priorities and see tasks through to completion without significant guidance.Highly desirable skills include:Experience with power generation design, operations and maintenance as it relates to cybersecurity policies and practices.Support for power generation control systems.Disaster recovery training and experience.Scripting and source code programming languages that the cybersecurity team will be using.
#J-18808-Ljbffr
The Director, Cybersecurity leads Company’s cybersecurity program in order to protect the organization's critical IT and OT systems and assets using the CIS Controls and NERC CIP cybersecurity frameworks and practices. As the subject matter expert in information security and cybersecurity, the Director supervises a team of security personnel and has the overall accountability of establishing, monitoring, managing, and maintaining the technologies and processes used to secure company information and operating technology systems, networks and data.Key Responsibilities:Develop, implement, manage, and maintain the organization's cybersecurity strategy and roadmap and associated plans, policies, procedures, practices, requirements, and controls.Establish, monitor, manage, and maintain the technologies and processes used to secure company information and operating technology systems, networks and data.Lead threat prevention and resiliency strategies for Company. Stay up to date on recent threats (e.g., OWASP Top 10), evaluate potential security threats and protect the organization’s infrastructure from those threats to minimize downtime and expenditures.Direct Company’s cybersecurity team in protecting the organization’s IT and OT infrastructure from threats, responding to security requests, investigating, and responding to alerts and incident tickets, developing and maintaining security documentation, managing network and endpoint security, vulnerability management, identity and access management, SIEM and log management, cloud security operations, and overall security monitoring and reporting.Oversee the development of the organization’s incident response plan and direct cyber incident response and crisis management for Company, ensuring swift and effective response to security events and incidents.Conduct regular risk assessments and vulnerability tests, including penetration tests, to identify potential security threats and develop strategies to reduce risk in security operations.Ensure new systems align with the organization’s overall security policies and data protection strategies.Prepare and manage the cybersecurity budget for the organization.Provide technical leadership and oversight to security design, security architecture activities, and initiatives.Be accountable for organizational compliance with security-related governmental laws, rules, and regulations, including NERC standard requirements. Ensure that all cybersecurity measures adhere to state and federal laws and regulations.Implement organizational strategies to meet or exceed the CIS Control framework.Develop security reporting mechanisms and associated security KPIs that keep the organization aware of its security risk profile.Serve as a liaison between business and security teams, facilitating communication and ensuring security requirements are identified and integrated efficiently into business processes and projects.Manage endpoint and network security environments and associated security tools to meet organizational cybersecurity objectives.Manage partners, stakeholders, vendors, and third-party service/solution providers of relevant cybersecurity services.Develop and implement security awareness programs to educate employees about security best practices and promote a culture of security within the organization.Provide technical cybersecurity support to the NERC CIP program staff to facilitate identification of efficient solutions to meet compliance obligations.Stay current with the latest industry trends, threats, and technologies to ensure that the organization's cybersecurity measures are current and effective.RequirementsEducation/Experience RequiredBachelor's degree in a related field such as Computer Science, IT or cybersecurity. Master’s degree in Information Systems or a related cybersecurity field preferred.At least 10 years of industry experience in Information Security and cybersecurity, with a minimum of 5 years in a leadership role over cybersecurity teams.Security certifications greatly preferred (e.g., CISSP, CISM, CISA).Mastery level experience with security tools, technologies, hardware, software, and processes in the network, server and endpoint, applications and cloud infrastructure domains.Experience understanding and implementing regulatory requirements and industry standards related to IT and OT security, such as NERC CIP, the NIST cybersecurity and CIS Controls frameworks, SOC1/2, PCI, HIPAA, CCPA/GDPR or related security frameworks.Demonstrated ability to identify and mitigate security risks.Strong leadership and management skills, with the ability to mentor, motivate, and inspire a team.Excellent problem-solving and analytical skills.Strong communication and interpersonal skills, with the ability to effectively communicate complex security concepts to both technical and non-technical stakeholders.Ability to work independently or as part of a team to manage multiple priorities and see tasks through to completion without significant guidance.Highly desirable skills include:Experience with power generation design, operations and maintenance as it relates to cybersecurity policies and practices.Support for power generation control systems.Disaster recovery training and experience.Scripting and source code programming languages that the cybersecurity team will be using.
#J-18808-Ljbffr