Ohio Transmission Corporation
Cyber Security Director
Ohio Transmission Corporation - Columbus, Ohio, United States, 43224
Work at Ohio Transmission Corporation
Overview
- View job
Overview
The Director Cybersecurity provides leadership to ensure our systems and infrastructure are protected from the ever-evolving cybersecurity threats. This will involve developing a detailed understanding of our system landscape, working with key external system partners, developing strategies and plans to mitigate risks, and leading the implementation of these plans. The Director Cybersecurity provides thought leadership and helps guide OTC's cyber security maturity, to include the refinement of insourced and outsourced cyber support services, annual cyber budget requirements, cyber tool selection, cyber training for associates, and cyber reporting.
What You'll Do
Provide Cyber Security Leadership:
Provide leadership in all security areas to ensure OTC and our external system partners are minimizing cyber security risks, including Security Architecture, Governance, Risk & Compliance, Identity and Access management, Cyber Threat Research, Vulnerability Assessment and Pen testing, Security Project Management, and SOC Analysis. Security Operations:
Oversee all security operations including managing our external SOC relationship and activities to ensure the correct classification of vulnerabilities/issues and timely resolution. Provide risk-based activities prioritization, tracking, reporting, and liaising with external vendors and internal stakeholders. Exercise good judgment when dealing with issues and ensuring a sense of urgency in their resolution while remaining calm and focused. Security Planning and Projects:
Design, implement, and maintain OTC's cyber security plan. Initiate, oversee, and report on projects that will improve our security stance. Lead the planning and the decision support process for the security program, coordinating with a variety of internal stakeholders and senior executives. Research and evaluate new cybersecurity threats and security controls. Ensure response plans are kept up to date and communicated to leadership, in addition to leading preparation sessions for cyber response (tabletop) and leading forensic investigations when necessary. Security Processes:
Develop, implement, and oversee enforcement of security policies, procedures, and work plans based on industry best practices. Ensure that IT security audits are conducted. Develop and deliver cyber training and testing. People Management:
Develop effective relationships with strategic systems providers. Mentor members of the IT team. Supervise cyber security personnel. What You'll Need Bachelor's degree in Computer Science, CIS, or related field and a minimum of three years of direct work experience in Cyber Security required, or a minimum of ten years of progressive job experience required. Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) certifications, or other IT or management certifications are preferred. Required hands-on experience in establishing security processes; creating roadmaps to reduce the security threat footprint; instituting cyber security and risk metrics for reporting; identity and access management; cyber threat hunting, research, and mitigation; application security; vulnerability management programs; and pen testing. Required strong knowledge of firewalls, SIEM, SOAR, EDR, Antivirus, IDS/IPS, DLP, MFA, Microsoft 365 security, ERP security, Active Directory security policies, TCP/IP protocols, CIS, NIST, ISO, SOC, PCI-DSS, and other security tools and frameworks. Demonstrated management skills, such as budget and policy development, staff training, and development. Experience training cyber security best practices, tools, and processes to your team members and other staff. Well-developed research, analytical, and problem-solving skills. Ability to effectively communicate and foster strong working relationships with all levels of personnel. Competencies/Skills: Disaster Recovery Planning, Security Architecture, Cyber Security principles, Encryption, Incident Response and Incident Management, Cybersecurity Operations Experience, Information Security Governance, Network Security, Penetration Testing, Requirement Analysis, Security Architecture and Models, Strategy Development, Policy Management, Threat Modeling, Vulnerability Assessment, Technical Project Management, Strategic Planning, Risk Management, Firewall and other Security Hardware, Team Building, Project Management, and Audit Management.
#J-18808-Ljbffr
Provide leadership in all security areas to ensure OTC and our external system partners are minimizing cyber security risks, including Security Architecture, Governance, Risk & Compliance, Identity and Access management, Cyber Threat Research, Vulnerability Assessment and Pen testing, Security Project Management, and SOC Analysis. Security Operations:
Oversee all security operations including managing our external SOC relationship and activities to ensure the correct classification of vulnerabilities/issues and timely resolution. Provide risk-based activities prioritization, tracking, reporting, and liaising with external vendors and internal stakeholders. Exercise good judgment when dealing with issues and ensuring a sense of urgency in their resolution while remaining calm and focused. Security Planning and Projects:
Design, implement, and maintain OTC's cyber security plan. Initiate, oversee, and report on projects that will improve our security stance. Lead the planning and the decision support process for the security program, coordinating with a variety of internal stakeholders and senior executives. Research and evaluate new cybersecurity threats and security controls. Ensure response plans are kept up to date and communicated to leadership, in addition to leading preparation sessions for cyber response (tabletop) and leading forensic investigations when necessary. Security Processes:
Develop, implement, and oversee enforcement of security policies, procedures, and work plans based on industry best practices. Ensure that IT security audits are conducted. Develop and deliver cyber training and testing. People Management:
Develop effective relationships with strategic systems providers. Mentor members of the IT team. Supervise cyber security personnel. What You'll Need Bachelor's degree in Computer Science, CIS, or related field and a minimum of three years of direct work experience in Cyber Security required, or a minimum of ten years of progressive job experience required. Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) certifications, or other IT or management certifications are preferred. Required hands-on experience in establishing security processes; creating roadmaps to reduce the security threat footprint; instituting cyber security and risk metrics for reporting; identity and access management; cyber threat hunting, research, and mitigation; application security; vulnerability management programs; and pen testing. Required strong knowledge of firewalls, SIEM, SOAR, EDR, Antivirus, IDS/IPS, DLP, MFA, Microsoft 365 security, ERP security, Active Directory security policies, TCP/IP protocols, CIS, NIST, ISO, SOC, PCI-DSS, and other security tools and frameworks. Demonstrated management skills, such as budget and policy development, staff training, and development. Experience training cyber security best practices, tools, and processes to your team members and other staff. Well-developed research, analytical, and problem-solving skills. Ability to effectively communicate and foster strong working relationships with all levels of personnel. Competencies/Skills: Disaster Recovery Planning, Security Architecture, Cyber Security principles, Encryption, Incident Response and Incident Management, Cybersecurity Operations Experience, Information Security Governance, Network Security, Penetration Testing, Requirement Analysis, Security Architecture and Models, Strategy Development, Policy Management, Threat Modeling, Vulnerability Assessment, Technical Project Management, Strategic Planning, Risk Management, Firewall and other Security Hardware, Team Building, Project Management, and Audit Management.
#J-18808-Ljbffr