Manager – Cyber Security

At ERCOT, our diverse and dynamic work environment provides a platform on which employees can work together to build the future of the Texas power grid and wholesale market utilizing the latest technologies and resources.  We encourage you to join our talented, dedicated workforce to develop world-class solutions for today and tomorrow’s energy challenges while learning new skills and growing your career.

ERCOT is committed to fostering inclusion at all levels of our company. It is the cornerstone of our corporate values of accountability, leadership, innovation, trust, and expertise. We know that individuals with a wide variety of talents, ideas, and experiences propel the innovation that drives our success. An inclusive and diverse workforce strengthens us and allows for a collaborative environment to solve the challenges that face our industry today and in the future.

JOB SUMMARY
Manages the cyber security team to provide an efficient, effective, and up-to-date risk management environment. Engages with the business on key areas of information security and aligns information security strategy with ERCOT’s strategy and key performance indicators. Establishes and implements the security program to deliver security operations, policies and standards, architecture, compliance controls, awareness, threat monitoring and risk management. Develops, maintains and enhances information security related activities in support of ERCOT’s business needs. Provides recommended actions
and implements preventive and detective controls as needed. Responsible for management and administration of security policies, processes and technologies at ERCOT. Works with security management to ensure that the Security Controls team provides effective and efficient services in support of ERCOT’s information security objectives.

JOB DUTIES

• Responsible for hiring, coaching, training, and performance management of staff.
• Frequently interacts with reporting supervisors, customers, and/or functional peer group managers, normally involving matters between functional areas or customers.
• Responsible for the management of subordinate staff within a department. Typically has individual contributors as direct reports, but could have supervisory direct reports. Has full responsibility for direct reports.
• Generally provides input to budgeting and financial decisions that impact the department. Requests approval for financial actions beyond a limited scope.

ADDITIONAL JOB DUTIES

• Develops and tracks to a multi-year information security plan and roadmap to ensure a proactive security posture
• Develops and refines security defenses to prepare the company for current and ongoing security threats
• Develops and continually reviews and enforces enterprise security policies and practices in compliance with regulatory requirements defined for the security of information, personal data, and intellectual property
• Understands business needs and work with ERCOT business groups to create, communicate and enforce Security Policies, Standards or Procedures
• Advises senior management of risks and best security practices, ensuring proper methods are used for compliance controls
• Provides leadership and development for the Cyber Security group, including Security Operations, Awareness, Consulting and Compliance Controls
• Documents findings, plan/forecast, and progress toward defined security goals
• Manages small and large scale projects, directing an integrated (multi-departmental) team
• Provides technical, architecture and procedural consulting to other groups on security requirements
• Maintains working knowledge regarding security for Supervisory Control and Data Acquisition (SCADA) and Energy Management Systems (EMS) and domain-specific knowledge about ERCOT’s control systems infrastructure and security controls
• Manages the security group’s Incident Response Team
• Studies and maintains current knowledge of security issues and threats
• Develops a standardized format for presenting analytical, statistical and trending security metrics targeted to multiple audiences such as management and staff
• Enforces security policies and procedures by administering and monitoring security profiles, reviews security violation reports and investigates possible security exceptions, updates, and maintains and documents security controls
• Gives advices and support in the design of network topology, firewall configuration, VLANs, VPN, SSL and data communications
• Provides guidance in deploying and managing enterprise security technologies and services, including but not limited to encryption (whole-disk, email/file, PKI), endpoint security, network security, threat/incident management, data loss prevention, and access control
• Identifies and develops alternatives to remedy or reduce security weaknesses and vulnerabilities of operating systems, networks, and software applications

EXPERIENCE

• Requires minimum 8 years job related work experience and 2 years in a leadership role in excess of degree requirements. Minimum years of job related experience can include time in leadership roles.

EDUCATION

• Bachelor’s Degree : Cyber Security, Computer Science, Management Information Systems, or related discipline (Required)
• or a combination of education and experience that provides equivalent knowledge to a major in such fields is required

CERTIFICATION

• CISSP Certified Information Systems Security Professional (Required)
• CISM Certified Information Security Manager (Preferred)

The foregoing description reflects the minimum qualifications and the essential functions of the position that must be performed proficiently with or without reasonable accommodation for individuals with disabilities.  It is not an exhaustive list of the duties expected to be performed, and management may, at its discretion, revise or require that other or different tasks be performed as assigned.  This job description is not intended to create a contract of employment with ERCOT.  Both ERCOT and the employee may exercise their employment-at-will rights at any time.
 

ERCOT is firmly committed to equal employment for all qualified persons without regard to race, sex, medical condition, religion, age, creed, national origin, citizenship status, marital status, sexual orientation, physical or mental disability, ancestry, veteran status, genetic information or any other protected category under federal, state or local law.

Expected Salary Range:

$132,078 – $224,536