Cogentrix Energy Power Management is hiring: Director-Cybersecurity in Charlotte
Cogentrix Energy Power Management, Charlotte, NC, United States, 28245
UNITED STATES • FIELD AREA (corporate or plant) • FULL-TIME Position Summary The Director, Cybersecurity leads Cogentrix’s cybersecurity program in order to protect the organization's critical IT and OT systems and assets using the CIS Controls and NERC CIP cybersecurity frameworks and practices. As the subject matter expert in information security and cybersecurity, the Director supervises a team of security personnel and has the overall accountability of establishing, monitoring, managing, and maintaining the technologies and processes used to secure company information and operating technology systems, networks and data. Major Duties & Responsibilities Develop, implement, manage, and maintain the organization's cybersecurity strategy and roadmap and associated plans, policies, procedures, practices, requirements, and controls. Establish, monitor, manage, and maintain the technologies and processes used to secure company information and operating technology systems, networks and data. Lead threat prevention and resiliency strategies for Cogentrix. Stay up to date on recent threats (e.g., OWASP Top 10), evaluate potential security threats and protect the organization’s infrastructure from those threats to minimize downtime and expenditures. Direct Cogentrix’s cybersecurity team in protecting the organization’s IT and OT infrastructure from threats, responding to security requests, investigating, and responding to alerts and incident tickets, developing and maintaining security documentation, managing network and endpoint security, vulnerability management, identity and access management, SIEM and log management, cloud security operations, and overall security monitoring and reporting. Oversee the development of the organization’s incident response plan and direct cyber incident response and crisis management for Cogentrix, ensuring swift and effective response to security events and incidents. Conduct regular risk assessments and vulnerability tests, including penetration tests, to identify potential security threats and develop strategies to reduce risk in security operations. Ensure new systems align with the organization’s overall security policies and data protection strategies. Prepare and manage the cybersecurity budget for the organization. Provide technical leadership and oversight to security design, security architecture activities, and initiatives. Be accountable for organizational compliance with security related governmental laws, rules, and regulation, including NERC standard requirements. Ensure that all cybersecurity measures adhere to state and federal laws and regulations. Implement organizational strategies to meet or exceed the CIS Control framework. Develop security reporting mechanisms and associated security KPIs that keep the organization aware of its security risk profile. Serve as a liaison between business and security teams, facilitating communication and ensuring security requirements are identified and integrated efficiently into business processes and projects. Manage endpoint and network security environments and associated security tools to meet organizational cybersecurity objectives. Manage partners, stakeholders, vendors and third-party service/solution providers of relevant cybersecurity services. Develop and implement security awareness programs to educate employees about security best practices and promote a culture of security within the organization. Provide technical cybersecurity support to the NERC CIP program staff to facilitate identification of efficient solutions to meet compliance obligations. Stay current with the latest industry trends, threats, and technologies to ensure that the organization's cybersecurity measures are current and effective. Education/Experience Required Bachelor's degree in a related field such as Computer Science, IT or cybersecurity. Master’s degree in Information Systems or a related cybersecurity field preferred. At least 10 years of industry experience in Information Security and cybersecurity, with a minimum of 5 years in a leadership role over cybersecurity teams. Security certifications greatly preferred (e.g., CISSP, CISM, CISA). Mastery level experience with security tools, technologies, hardware, software, and processes in the network, server and endpoint, applications and cloud infrastructure domains. This includes in-depth working knowledge of: Network security Endpoint security Application security and hands-on experience mitigating application vulnerabilities and threats, such as SQL injection and cross-site scripting. Intrusion detection and prevention systems Encryption Antivirus software Incident response and management processes Penetration testing Vulnerability testing and management using Nessus or similar products. Security risk assessments Active Directory #J-18808-Ljbffr