Manager of Information Security

Overview

We have an exciting opportunity for a Manager of Information Security to join our team!

The Manager of Information Security and Governance will provide leadership for planning, developing, directing, and operating an innovative, trusted, and reliable information security program at Citizens Energy Group. The security program will protect the confidentiality, integrity and availability of the information technology systems at Citizens Energy Group. This role will work with the Director of Information Security to execute on the security program and other security projects that help mitigate risks while meeting business requirements. The incumbent will ensure the success of the program by managing, coaching and developing of a team of security and compliance professionals. The Manager of Information Security and Governance will also oversee daily security operations, incident response activities, vulnerability management, ongoing assessment and audit activities, and security awareness training. This role will also function as the primary SME for cybersecurity within the business and will work with business units to identify and mitigate cyber risks. Finally, this role will also oversee the IT governance framework including policies, procedures, and self-assessments in addition to external compliance activities such PCI compliance and compliance with security directives from regulators.  

Citizens Energy Group offers competitive salary and benefits including:

• Health, Dental & Vision
• Defined Benefit Pension Plan
• 401(k) Retirement Plan with company match
• Short Term Incentive Pay (STIP) Plan
• Health Savings Account (HSA) with company contribution
• Wellness Program
• Adoption and tuition assistance
• Employee Credit Union
• PTO and Paid Holidays
• Flexible Hybrid Work Schedule

If you are looking for a new opportunity, we invite you to apply and talk about the possibilities of starting a rewarding new chapter of your career! Minimum Salary: $129,200 (Grade 14)

Responsibilities

Personnel Management

• Manage a staff of information security professionals, hire and train new staff.
• Conduct performance reviews, and provide leadership and coaching, including technical and personal development programs for team members.
• Identify skills gaps within the team and identify appropriate training programs.
• Manage adoption of technical knowledgebase to ensure smooth transition of technical responsibilities.

Strategic Support

• Work with the Director of Information Security to develop a security program and security projects that address identified risks and business security requirements.
• Manage the process of gathering, analyzing and assessing the current and future threat landscape, as well as providing an overview of risks and threats in the enterprise environment.
• Present to leadership on current threat landscape, cybersecurity risks, and the overall security program.
• Serve as core team member to the Enterprise Risk Management (ERM) team and represent all cyber-related risks.

Operational Support

• Manage and coordinate all components of security operations including incident management, detection, response and reporting.
• Manage outsourced vendors that provide information security functions for compliance with contracted service-level agreements.
• Maintain a knowledgebase comprising a technical reference library, security advisories and alerts, information on security trends and practices, and laws and regulations.
• Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk.
• Manage security projects and provide expert guidance on security matters for other IT projects.
• Design, coordinate and oversee security assessments (such as penetration tests and red team exercises) to verify the security of systems, networks and applications, and manage the remediation of identified risks.

Security Consulting

• Establish security requirements for large enterprise projects. Work with project managers and technical leads to develop testing and acceptance criteria for security requirements.
• Work with supply chain and legal departments to review contracts and establish mutually acceptable contracts and service-level agreements.
• Work with supply chain to establish and maintain third party vendor cyber risk program.  
• Assist IT staff in understanding and responding to security audit findings.
• Provide security communication, awareness and training for audiences, which may range from senior leaders to field staff.
• Function as security SME during incidents, and participate in problem and change management groups.

Architecture and Engineering

• Serve as member of the Architecture Review Board to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software.
• Define and support security-related aspects of the IT architectural standards.  
• Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software, and analyze its impact on the existing environment; provide technical and managerial expertise for the administration of security tools.
• Work with the enterprise architecture team to ensure that there is a convergence of business, technical and security requirements; liaise with IT management to align existing technical installed base and skills with future architectural requirements.
• Develop a strong working relationship with business areas to develop and implement controls and configurations aligned with security policies and legal, regulatory and audit requirements.

Governance and Compliance

• Oversee the lifecycle of the IT policy and procedure framework including updates, reviews, approvals, and attestation.
• Monitor and report on compliance with security policies, as well as the enforcement of policies within the IT department.
• Manage compliance with external regulatory requirements including PCI compliance and TSA security directives.
• Manage external audit process for IT department and function as primary liaison to external auditors.  

Miscellaneous 

• Perform other duties as assigned.

Qualifications

• Bachelor’s degree (B. A.) in Business or technical area from a four-year College or University required.
• Minimum 7 years related experience in Information Security or IT equivalent areas.
• Minimum 3 years of experience in managing or leading IT teams.
• Knowledge of cybersecurity risk concepts and overall enterprise risk management frameworks.
• Highly proficient in cybersecurity technical concepts, risk and compliance.
• Consultative skills, including the ability to understand, communicate, apply requirements, and articulate risk.
• Strong collaboration, prioritization, and adaptability skills required.
• Experience communicating complex security concepts to executive management.
• Excellent communication, negotiation, presentation, and consensus building.
• Experience in cost management, budgeting and forecasting.
• Enrollment in InfraGard once employed with Citizens.

Preferred Skills/Qualifications

• Master's Degree in technical or business discipline or related experience.
• CISSP or CCSP certification.

Job Posting Deadline: Open until filled Citizens is a drug-free, Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, age, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status. 

Salary : $129,200