Cyber - Security Director

NRG Energy   •  

Scottsdale, AZ

Industry: Energy & Utilities


5 - 7 years

Posted 83 days ago

This job is no longer available.

Director, Cyber Security


The Director of Cyber Security position requires a hands-on leader with proven knowledge of technologies covering the corporate network, plant infrastructure and the broader digital ecosystem.As the organization's senior IT security officer, the Director of Cyber Security has enterprise-level responsibility for all data/information security policies, standards, evaluations, roles, and organizational awareness. This role is responsible for the establishment and overall management of information and cyber security programs for the company and willproactively work with business units to serve as the subject matter expert on all Information and Cyber Security matters. 


Summary: Responsible for developing and managing the enterprise wide CyberSecurity & NERC Critical Infrastructure Protection programs and systems for a fast paced renewable energy company.


Primary responsibilities include:

  • Establish, manage and continue to improve a new Cyber and Information Security program for a growing renewables business
  • Develop the internal and external teams to perform the day to day security tasks, cyber-incendent response, compliance management and security govenance
  • Build, manage and continue to improve a new NERC CIP compliance program for 68+, medium and low impact  renewable sites that delivers effective and risk managed compliance
  • Achieve process improvement to drive efficiency and effectiveness in the NERC CIP program; deliver ongoing improvement outcomes
  • Develop and manage annual budget for the Cyber Security team and program implementation
  • Partner with Regulatory Compliance to deliver positive audit results with minimal self-report and financial impacts to the Company
  • Monthly and quarterly progress reporting and corrective action planning with accountability to the COO, CAO, Head of IT, SVP Operations and Compliance
  • Identify and assess risks in implementing business innovations. Provide assessment of those risks tobusiness stakeholders
  • Partner with Regulatory Compliance to manage any self-report and violation mitigation efforts in an effective and expedient manner
  • Primary advocate responsible for communicating and gaining enterprise-wide support for CIP Compliance; develop and implement an enterprise wide awareness program
  • Partner with IT and Plant Operations to manage project implementation for cyber remediation at newly identified critical asset sites due to changes in cyber regulations
  • Coordinate internal and exteral vulnerability assessments and remediation on corporate, plant cloud and control system evironments
  • Manage guidance and technical expertise to site personnel for troubleshooting and resolving cyber incidents
  • Manage the Cyber Security team thru regular assessments and tracking of compliance to all technical requirements for each site including information protection, account management, change control, patch management, anti-virus programs and test procedures
  • Manage Technical Feasibility Exceptions submittals, reporting and remediation as needed until completion of mitigation, where needed
  • Act as business owner of Cyber and Information Security corporate policies



  • Bachelor degree. Concentration in computer science, engineering, management information systems or related field is a plus. MBA is a plus
  • Five to ten years of experience in the Information Technology industry or related Cyber Security role
  • Two years in a role responsible for, or heavily involved in, managing an enterprise-wide Cyber Security program
  • Proven experience in building, leading and developing a team of security individuals into a high performing cohesive group. Experience with all aspects of personnel decisions, management and development
  • At least 5 years’ experience in an industrial controls environment (power plant/energy, manufacturing, industrial, or equivalent) with practical knowledge of SCADA/DCS systems and related hardware and software managing Cyber Security requirements
  • Proven experience in working large cross-functional efforts in a matrix organization
  • Proven experience in developing and implementing efforts to drive efficiency and effectiveness thru process improvement in a large scale program or project
  • Knowledge and identification of network infrastructure threats or virus, intrusion containment and mitigation techniques
  • Practical knowledge of basic security and networking concepts including: LAN/WAN, firewalls, routers and switches, VPN, encryption, IDS/IPS sensors
  • Experience with NERC Critical Infrastructure Protection standards is required
  • Experience implementing changes on large networks
  • Demonstrated ability to communicate (verbal and written) with all levels of internal and external customers. Demonstrated presentation skills
  • Demonstrated planning and project management skills
  • Demonstrated ability to set priorities and to respond to changing requirements
  • Demonstrated analytical and problem solving skills
  • Ability to respond to issues outside of normal working hours and flexibility to travel domestically 30% of the time
  • Audit  and SOX experience a plus