Cybersecurity Program Manager Job at Duck River Electric Membership Corporation

Job Classification: Exempt, Full-time

Reporting Relationship: Chief Information Officer

Reporting Location: Topeka, KS

Primary Accountability:

The Cybersecurity Program Manager (CPM) will support FreeState Electric Cooperative’s (FreeState’s) cybersecurity compliance efforts by assisting in the implementation and maintenance of security policies, procedures, and programs. The CPM will work under the direction of the Chief Information Officer (CIO) and collaborate closely with the IT Supervisor, OT Supervisor, and Government Contract Manager to ensure alignment with CMMC Level 2 and other relevant frameworks.

Additionally, the CPM will coordinate extensively with FreeState’s external managed service provider (MSP) and managed security service provider (MSSP) dedicated to CMMC compliance requirements. The position will also engage in cybersecurity functions across the broader organization, contributing to the administration and security of a diverse array of technologies and systems.

Essential Duties:

• Cybersecurity Policies: Maintains cybersecurity policies, manages risk assessments, and coordinates audits in compliance with CMMC Level 2 and other cybersecurity frameworks.
• Compliance: Coordinates with key stakeholders to maintain and organize detailed records of all cybersecurity activities, policies, procedures, and compliance evidence for auditing and certification processes.
• Service Provider Coordination: Acts as the primary liaison with MSPs and MSSPs for compliance and security services. Tracks and assesses performance of service providers and addresses issues, as needed.
• Asset & Configuration Management: Maintains asset inventories and system baselines and ensures secure system configurations. Works with Department Leadership to execute annual processes including creating, analyzing, and reviewing procedures.
• Risk & Vulnerability Management: Conducts risk assessments, oversees vulnerability scanning, and coordinates patch management.
• Security Monitoring & Incident Response: Reviews security logs, investigates and responds to incidents (including after hours, as needed), and manages security event integrations. Creates and maintains alerting rules for logging events to enable timely detection of security incidents, and updates incident response plans, as needed.
• Access Control & User Management: Develops, implements, and manages conditional access policies. Administers and oversees Microsoft security tools (PIM, Conditional Access, Purview).
• Security Tools & Platform Management: Administers DLP, SIEM, and IAM solutions, and enhances security platforms.
• Training & Awareness: Conducts security training for employees and ensures policy adherence. Collaborates with HR to integrate cybersecurity training into onboarding processes.
• Reporting & Communication: Provides updates to leadership, generates reports, and tracks security metrics.

Marginal Duties:

• Cybersecurity Roadmap: Assists in developing a long-term cybersecurity roadmap to identify projects and initiatives; evaluates organizational needs and budgetary impacts.
• Continuing Education: Keeps abreast of the latest cybersecurity threats, technologies, and regulatory changes, and informs Department Leadership of significant developments.
• Test Data Backup and Recovery: Coordinates with System Owners to verify the effectiveness of data backup and recovery processes for all IT and OT systems, and reports findings.

Qualifications:

• Education & Experience: bachelor’s degree in computer science, information security, or related field is required. 3-5 years of cybersecurity experience is required.
• Certifications: CISSP, Microsoft Certified: Cybersecurity Architect Expert, or equivalent, preferred. Having or obtaining CMMC Certified Professional (CCP) certification within 180 days is required.
• Technical Skills: Extensive experience with Microsoft 365 administration and security features is required. Experience with risk assessments, vulnerability management, and endpoint security is preferred. Experience with Microsoft Defender, CrowdStrike, and or Endpoint Privilege Management (EPM) is a plus.
• Soft Skills: Strong analytical, communication, and collaboration abilities with a proactive and adaptable mindset.

Physical Demands:

• Consistently sits for extended periods of time. Occasionally stands, walks, bends, stoops, squats, lifts, unpacks, and moves up to thirty (30) pounds.
• Able to perform finger and hand manipulation and perform repetitive motions to use a computer keyboard and telephone, as well as other office equipment.
• Able to read computer screens, mail, and?talk on the phone.?

Work Environment:

• Professional and deadline-oriented environment involving both indoor and outdoor activities.
• May be exposed to outside weather conditions such as extreme cold/heat.
• Regular, reliable attendance is required.
• Interaction with staff, vendors, and members.
• Must be able to report to their primary worksite after regular business hours, as soon as possible, in the event of an emergency situation such as electrical outages, inclement weather, etc.
• Ability to travel and attend meetings, trainings, workshops, and seminars, as directed.