S'INSCRIRE

Offres d'emploi

Trouvez des postes près de chez vous, sur site, hybrides ou à distance.
  • Emplois similaires à : Director, Cyber Security Practice
XX
Director, Cyber Security ServicesDC WaterWashington, Utah, United States
Postuler Maintenant
XX

Director, Cyber Security Services

DC Water
  • US
    Washington, Utah, United States
  • US
    Washington, Utah, United States
Postuler Maintenant

À propos

Overview The Director, Cyber Security Services is responsible for identifying, assessing, and quantifying cybersecurity risks across the enterprise, encompassing both information technology (IT) and operational technology (OT) environments. This role evaluates, designs, develops, and oversees the implementation of cybersecurity and disaster recovery programs across all aspects of the Authority’s computing infrastructure to mitigate cyber risks and ensure the highest levels of cyber resilience. The Director, Cyber Security Services collaborates with a wide range of internal and external stakeholders, including IT and engineering leadership, security professionals, and regulatory partners such as WaterISAC, CISA, DHS, TSA, the FBI, and local law enforcement, as well as cybersecurity hardware and software vendors, to identify, plan, and implement physical and cybersecurity initiatives and programs that meet or exceed industry standards and Authority requirements.
Maintains awareness of industry specific developments regarding cybersecurity and assesses the impact on Authority systems and develops plans and schedules as necessary to ensure compliance. Monitors implementation plans for successful execution. Directs the Authority’s patch management and release management processes to ensure all systems are patched in a timely manner. Coordinates patching and maintenance with third party providers to ensure cloud solutions remain compliant. Conducts vendor risk assessments and ensures all IT vendors comply with Authority IT standards and guidelines, especially those related to cybersecurity. Leads risk management activities to enhance assessment and mitigate cyber risks for both IT and OT systems. Directs a network of security professionals and vendors via a matrix structure to evaluate, assess, and develop strategies regarding potential threats to the Authority’s computer and information infrastructure. Designs and implements protection goals, objectives, and metrics consistent with the corporate strategic plan to ensure the highest level of cyber resiliency; creates work breakdown structures (WBS), project plans, project cost estimates, project recommendations, status reports, and executive presentations focused on mitigating cybersecurity risks. Ensures security audits, risk analyses, vulnerability assessments, and network testing are conducted successfully. Directs the development and implementation of global security policies, standards, guidelines, and procedures to ensure ongoing maintenance of security posture. Manages IT Assets and IT Inventory functions. Develops executive-level dashboards and reporting frameworks that clearly measure and communicate cyber risk, performance, and program maturity. Translates technical cybersecurity risks into clear business impacts and recommendations for executive leadership to support informed decision-making. Briefs leadership on the company’s cybersecurity posture, key risks, and mitigation strategies to ensure strong governance and alignment with risk tolerance. Collaborates with executives to prioritize security initiatives and spending based on appropriate risk management and/or financial methodology. Maintains relationships with local, state, and federal law enforcement and other related government agencies. Oversees incident response planning as well as the investigation of security breaches and assists with disciplinary and legal matters associated with such breaches as necessary. Directs activities of third party and internal resources in testing of cybersecurity protocols to ensure successful implementation and protections. Mentors the entire organization on security best practices by executing employee education/awareness programs. Ensures compliance with training initiatives designed to maintain enterprise-wide awareness levels. Leads the Cyber Threat Intelligence (CTI) Program by gathering and analyzing threat intelligence from a network of intelligence sources including but not limited to WaterISAC, DHS, the FBI, and others to ensure the Authority assets are properly secured. Guides enterprise strategic planning and operations related to cyber resiliency in collaboration with IT management. Prepares, champions, and manages the budget to support cyber resiliency capabilities for the enterprise. Works with outside consultants as appropriate to conduct independent security audits, assessment of security best practices and evaluation of products and services to meet a broad range of security needs for the Authority. Manages the IT Change Management process. Works with IT management on the design, implementation and testing of the enterprise Disaster Recovery Program and coordinates with the Emergency Management Group to ensure alignment with the broader Business Continuity Plan. Evaluates custom and third party hardware and software solutions from the perspective of security to ensure that all deployed solutions are secured in a manner consistent with the Authority’s approved security policies and procedures. Leads the Enterprises Incident Response team as it relates to issues concerning cybersecurity and/or business continuity and disaster recovery. Performs other duties and projects at the discretion of the Vice-President, Information Technology.
Supervisory Responsibilities Directs a group of consultants and employees to ensure the security program and objectives are met. Key Working Relationships Interacts with Senior and Executive Level Staff members and employees throughout the Authority and representatives from other utilities and other government organizations and agencies. Skills & Qualifications The qualifications listed below are representative of the knowledge, skill, and ability necessary for an individual to perform each essential responsibility satisfactorily. Reasonable amounts of training are provided. Required Skills & Qualifications Required Experience
A minimum of ten (10) years of experience in the Information Technology field, including security, incident response, or a related area, with at least seven (7) years of management experience. Bachelor’s degree in Information Technology/Information Security Systems or a related technical field or the equivalent combination of education and experience consisting of a High School Diploma or General Educational Development certificate (GED) and a minimum of fourteen (14) years of experience in the Information Technology field, including security, incident response, or a related area, with at least seven (7) years of management experience.
Required Skills
Must be able to communicate security-related concepts to a broad range of technical and non-technical staff. Experienced in business continuity planning, auditing, and risk management, as well as contract and vendor negotiation. Excellent oral and written communications skills. Experience in leading organizations through compliance requirements.
Required Licenses & Certifications
Must possess a CISSP or equivalent certification.
#J-18808-Ljbffr
  • Washington, Utah, United States

Compétences linguistiques

  • English
Avis aux utilisateurs

Cette offre provient d’une plateforme partenaire de TieTalent. Cliquez sur « Postuler maintenant » pour soumettre votre candidature directement sur leur site.