What are the responsibilities and job description for the Cybersecurity Manager - Cyber Fusion Center position at Sempra LNG?
Primary Purpose
The Cybersecurity Manager role involves leading the Cyber Threat Intelligence, Cyber Threat Hunting, Incident Detection & Response, and Digital Forensics teams for its Cyber Fusion Center (CFC). The role will have strong leadership and strategic vision, excellent communication and collaboration skills, and deep technical expertise in cybersecurity, including threat intelligence, incident response, and data analytics. Proficiency in security tools and technologies, such as SIEM systems and user behavior analytics, is essential.
Responsibilities include recruiting, training, and developing team members, fostering a collaborative environment, setting clear goals and expectations, monitoring performance, and providing regular feedback. The manager will also allocate resources efficiently and stay updated on the latest cybersecurity trends and threats to guide the team in implementing proactive measures and strategies.
Operational Management:
The Cybersecurity Manager role involves leading the Cyber Threat Intelligence, Cyber Threat Hunting, Incident Detection & Response, and Digital Forensics teams for its Cyber Fusion Center (CFC). The role will have strong leadership and strategic vision, excellent communication and collaboration skills, and deep technical expertise in cybersecurity, including threat intelligence, incident response, and data analytics. Proficiency in security tools and technologies, such as SIEM systems and user behavior analytics, is essential.
Responsibilities include recruiting, training, and developing team members, fostering a collaborative environment, setting clear goals and expectations, monitoring performance, and providing regular feedback. The manager will also allocate resources efficiently and stay updated on the latest cybersecurity trends and threats to guide the team in implementing proactive measures and strategies.
Operational Management:
- Security Operations: Overseeing daily operations, monitoring networks and systems for suspicious activity.
- Oversee the Incident Response and Cyber Monitoring teams responsible for threat detection and malicious activity
- Manage analysis of security system log files and track triggered events.
- Develop and modify cybersecurity correlation rule sets and operate security equipment and technology.
- Manage incidents through the event management lifecycle and improve processes through runbooks and playbooks.
- Conduct incident response tabletops and threat simulations periodically.
- Execute a data analytics strategy based on the NIST Cybersecurity Framework.
- Oversee the evaluation and maturation of data collected from cyber defense tools.
- Manage the response to routine and urgent cybersecurity situations.
- Investigate and analyze incident response activities to ensure real-time cyber defense incident handling.
- Incident Response: Leading and coordinating responses to cybersecurity incidents.
- Threat Detection and Analysis: Utilizing advanced tools to detect and analyze potential threats
- Vendor Management: Manage the performance of outsourced vendors and cybersecurity providers
- Collaboration: Working with other departments such as IT, Legal, HR, etc. to ensure a cohesive approach to cybersecurity.
- Establish relationships between the incident response team and other internal and external groups.
- Collaborate with cyber operations planners to identify and validate requirements for collection and analysis.
- Compliance: Ensuring compliance with relevant regulations and standards.
- Communication: Ensuring clear and effective communication within the cybersecurity team and with other stakeholders.
- Generate routine and urgent reports to support enhanced security procedures and response measures.
- Manage the production of timely, fused, all-source cyber operations intelligence products.
- Threat Intelligence: Collecting, analyzing, and disseminating threat intelligence to identify potential risks.
- Analyze threat information from multiple sources and synthesize intelligence information.
- Manage the development of cyber threat indicators and maintain awareness of the operating environment.
- Coordinate the collection, processing, analysis, and dissemination of cyber threat assessments
- Work with cross-functional IT and enterprise teams to build alignment and model commitment to high performance as “one team”
- Drive the relationship and communications to inspire stakeholders like future users or customers with ideas and exemplary solutions through strategic scenarios and proposals
- Responsible for functional area leadership, collaboration, and conflict resolution. Providing direction, motivation, and strategic oversight of the functional area.
- Responsible for all aspects of performance management, training, and development.
- Provides the leadership needed regarding people-care activities, including 1-on-1’s, career development, and roadmap activities, to ensure that employees receive effective feedback and development opportunities
- Performs other duties as assigned (no more than 5% of duties).
- Bachelor's Degree in Bachelor's Degree in Computer Science, Cybersecurity, or related fields
- 8 years’ experience in Information Security, Cyber Security, or relevant roles
- 3 years in managing the Information Security functions of an organization with a complex Information Technology environment
- Technical Skills and Knowledge:
- Threat Intelligence: Understanding and analyzing threat data to identify potential risks and vulnerabilities
- Incident Response: Managing and coordinating responses to cybersecurity incidents, including detection, containment, eradication, and recovery, tailoring incident response strategies to address the unique challenges of energy systems
- Security Information and Event Management (SIEM): Proficient in SIEM systems to monitor and analyze security events
- Network Security: Knowledge of network protocols, firewalls, intrusion detection/prevention systems (IDS/IPS), and network segmentation
- Behavior Analytics: Utilizing user and entity behavior analytics (UEBA) to detect anomalies and potential threats
- Critical Infrastructure Protection: Implementing measures to protect critical infrastructure from cyber threats
- Physical Security Integration: Integrating cybersecurity measures with physical security to protect energy facilities
- Cybersecurity Frameworks and Standards: Familiarity with frameworks such as NIST, ISO 27001, CIS Controls and regulations such as NERC CIP, and standards like IEC 62443
- Emerging Threats in Energy: Staying updated on the latest threats and vulnerabilities targeting the energy sector
- Business Continuity and Disaster Recovery: Developing and implementing plans to ensure business continuity and disaster recover
- People and Vendor Leadership:
- Demonstrated skills to manage a diverse technical workforce spread across multiple locations involving the full range of technology platforms and solutions as well as vendor personnel
- Ability to lead, manage and coach staff; Personal drive and energy level to achieve superior results individually and through others; Proven track record of successful team leadership and development
- Ability to manage the performance of outsourced vendors and Managed Services agreements
- Cross-Functional Collaboration:
- Ability to participate in co-operative working relationships including knowledge sharing and partnership in achieving solutions within and across business or operational functions
- 3 years in experience in the energy industry
- Master's Degree in Cybersecurity or IT Management
- Professional certifications in Information Security (CISSP, CISM, CISA) strongly encouraged
- Technical certifications (operations i.e. GCIA, GCIH, CEH, SSCP, endpoint protection i.e. GCTI, CCIP, CCTA, defense i.e. GSEC, GCED, and GISF or GIAC, and in other relevant areas) is a plus
