Cyber Security Risk Management Program Manager

Nextera Energy   •  

Palm Beach, FL

Industry: Energy & Utilities

  •  

8 - 10 years

Posted 64 days ago

This job is no longer available.

PRIMARY FUNCTION:

Lead initiative directed toward the development and optimization of an enterprise wide cyberrisk management program. Organize the processes, technologies, and capabilities that enable the analysis, measurement, management and communication of enterprise wide cyberrisks. Role is accountable to deliver the specific outcomes defined by the program.

KEY RESPONSIBILITIES:

  • Works closely with the cybersecurity team members, stakeholders, and Information Technology staff to create strategy, approach, sequencing, and timeline for the overall cyberrisk management program, focusing on metrics driven outcomes.
  • Provides guidance and coordination for cyberrisk management efforts including identification, assessment, tracking and resolution of risk management activities across all levels of the organization.
  • Processes vulnerability and threat data from a variety of internal and external sources to provide actionable risk management tactics to internal consumers in order to reduce overall enterprise cyberrisk.
  • Engages leaders from all business areas to understand and prioritize cybersecurityrisks through formal risk assessments and maintains a risk register.
  • Builds and institutes a cyberrisk management program to focus cybersecurityinvestments with guidance from executive cybersecurity steering committees or champions.
  • Ensures multiple projects that comprise the program are linked in an effective manner to deliver the expected program outcomes and benefit, in an integrated fashion.
  • Serves as lead and point of contact for all cybersecurityrisk management related activities.
  • Creates or implements tools for regular reporting of risk management activities and progress across all areas of cybersecurity.
  • Builds processes and tools to provide the business visibility of cybersecurityrisks and drive accountability.
  • Assists in development and maintenance of policies, standards, processes, and procedures to assess, monitor, report, escalate and remediate cyberrisk.
  • Educates and advises technology and business executives as needed on cyber and technologyrisk as well as appropriate mitigation strategies and approaches related to security and risk management. Ensure communications are consistent and coordinated at the enterprise level.
  • Gathers and maintains knowledge and spread awareness of trends in the threatlandscape.
  • Serve as the primary point of contact for cyberrisk assessment reviews performed by outside entities.
  • Performs assigned work safely adhering to established departmental safety rules and practices. Reports to supervisor, in a timely manner, any unsafe activities, conditions, hazards or safety violations that may cause injury to oneself, other employees, patients and visitors.
  • Performs other related duties as required

KNOWLEDGE, SKILL, AND ABILITY REQUIREMENTS:

  • Ability to lead, influence and collaborate with remote team members, proven delivery, remediation and cyberrisk management background.
  • Ability to work with and translate complex scenarios into a simplistic manner for non-technical resources (legal, business leaders, Privacy Committee, etc.)
  • Understanding of security operations concepts, vulnerability management and incident remediation within a complex organization
  • Understanding of securitythreat environment relative to computer networkarchitectures, designs, topologies, applications, databases, email systems, remote access, and operating system platforms
  • Understanding of firewalls, routers, switches, messaging systems, various commonly used operating systems (Windows, Linux, UNIX), common attack tools, and vulnerability detection/management tools
  • Demonstrated experience in project planning and execution, change planning and management.
  • Experience with leading the development, implementation, and management of cyberrisk management activities
  • Experienced in, and able to formulate, the cost effectiveness benefit of security initiatives in the context of overall business risk mitigation and the company's operational objectives
  • Demonstrated knowledge of recognized security industry standards and leading practices (e.g., NIST, ES-C2M2, ISO)
  • Demonstrated understanding of technological trends and developments in the areas of cybersecurity, risk management, web architectures and cloud computing.
  • Skill in presenting to groups of all technical, managerial and executive levels
  • Skill in developing requests for information and request for proposals for hardware and software
  • Ability to identify key elements of an assignment, anticipate potential problems and take steps to avoid them
  • Ability to handle multiple tasks simultaneously, and remain effective in high pressure situations
  • Ability to assume responsibility and to work flexible hours with minimal supervision, supporting on-call situations, as needed

PREFERRED CERTIFICATIONS:

CISSP, CEH, CISM, CISA or other industry-relevant cyber-security certifications

Job Overview

This position establishes strategy, develops business plans, and oversees and leads in the design, development and implementation of technology solutions to meet business needs. Leaders in this role provide leadership and oversight to manage performance and results in one or more Information Technology (IT) disciplines. Individuals will be accountable for the reliability, performance, security, and continuity of IT systems and supported business processes.

Job Duties & Responsibilities

  • Provides leadership, influence, vision, and direction to the organization to contribute to achieving the company's goals
  • Works with IT leaders to develop overall IT strategy in alignment with business strategy
  • Oversees value stream by focusing on cost and risks of technologyportfolio to meet business needs
  • Supports and fosters innovative technologies to deliver new ideas that enable business transformation
  • Ensures high levels of ongoing system and application performance in production environments
  • Oversees development of processes and tools to automate code releases from development to operations (DevOps)
  • Attracts, develops and retains a high-performing and diverse team
  • Establishes and drives technology roadmaps that align with current and future business needs
  • Manages third party technical and outsourcing relationships to deliver project and operational support objectives
  • Ensures technology processes are conducted in line with applicable standards and company policies
  • Performs other job-related duties as assigned

Required Qualifications

  • High School Grad / GED
  • Bachelor's or Equivalent Experience
  • Experience: 7+ years

Preferred Qualifications

  • Bachelor's - Information Systems
  • Supervisor/Management Experience: 2+ years.

Requisition ID: 28223