Southern Company

Program Manager - Exposure Management

Southern Company$100K — $130K *
Energy & Utilities
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 5+ years in program management, cybersecurity operations, or technology delivery roles.
  • Proven experience managing large-scale cybersecurity or technology programs.
  • Familiarity with vulnerability management, CTEM, and attack surface management practices.
  • Strong understanding of exposure management across various environments including on-prem, cloud, and OT.
  • Ability to work in a matrixed organization and manage cross-functional workstreams and competing priorities.

Responsibilities

  • Execute the Exposure Management and CTEM program roadmap and align with strategic direction.
  • Manage integrated program plans across vulnerability management and remediation initiatives, including risk management.
  • Establish program operating rhythms like status reporting and issue management.
  • Implement workflows and procedures to support effective exposure management execution.
  • Coordinate efforts across multiple teams to ensure timely execution of projects.
  • Ensure operational readiness before scaling initiatives, including documentation and stakeholder alignment.
  • Support ongoing maturation of exposure management capabilities to reduce risk and improve workflows.

Benefits

  • Flexible work schedule with 1 remote day per week.
  • Opportunities for professional development and continuous improvement.
  • Access to a variety of technical projects and collaborations across different teams.
  • Involvement in critical infrastructure cybersecurity efforts with a broad impact.
  • Supportive work environment promoting accountability and teamwork.
Full Job Description
Job Description

Southern Company Cybersecurity

Exposure Management Program Manager

Job Description

Schedule: M-F (Onsite 4 days a week, 1 day remote)

Location: Atlanta, GA. or Birmingham, AL.

Position Summary:

Southern Company is seeking a highly organized, execution-focused Program Manager to help drive delivery and operational effectiveness across the enterprise Exposure Management program. This role will report to cybersecurity leadership and serve as an operational lead, ensuring strategic priorities are translated into clear plans, measurable outcomes, and reliable execution. This is a primarily on-site role with 4 days per week in-office presence expected.

This position directly supports Southern Company's mission to identify, prioritize, and reduce cyber risk across its critical electric and gas utility infrastructure, operational technology environments, enterprise IT systems, and digital assets. The role partners closely with Cybersecurity, Technology, Infrastructure, Application teams, and business stakeholders to enable cross-functional alignment and consistent delivery of exposure reduction efforts.

The Exposure Management Program Manager will coordinate and drive execution across a portfolio of initiatives focused on vulnerability management, CTEM, exposure validation, attack surface visibility, prioritization, remediation tracking, and continuous improvement. This role is expected to help operationalize Continuous Threat Exposure Management (CTEM) efforts by connecting visibility, prioritization, validation, mobilization, and remediation activities into a repeatable program. Success in this role requires strong program management fundamentals, planning, governance, stakeholder alignment, metrics, and continuous improvement combined with the ability to operate in a highly regulated, mission-critical enterprise environment. This role ensures disciplined delivery through clear roadmaps, defined milestones, and outcome-based measurement to achieve predictable results and ongoing exposure management maturity.

Job Responsibilities
  • Execute the enterprise Exposure Management and CTEM program roadmap in alignment with strategic direction set by cybersecurity leadership.
  • Manage integrated program plans across vulnerability management, CTEM, exposure assessment, validation, remediation, and reporting initiatives, including milestones, dependencies, risks, and delivery timelines.
  • Establish and maintain program operating rhythms, including status reporting, risk and issue management, and action item tracking.
  • Implement and maintain operating models, workflows, and procedures to support effective and repeatable exposure management program execution.
  • Coordinate cross-functional delivery efforts across Cybersecurity, Technology, Infrastructure, Application, and business teams to ensure alignment and timely execution.
  • Ensure initiatives are operationally ready prior to scale or enforcement, including documented processes, escalation paths, communications, and stakeholder alignment.
  • Support enterprise efforts to define, implement, and govern risk-based prioritization models for vulnerabilities and exposures across on-prem, cloud, OT, and hybrid environments.
  • Support the design and execution of CTEM operating rhythms by coordinating activities across visibility, prioritization, validation, mobilization, and remediation functions.
  • Partner with validation and offensive security teams to support continuous testing efforts that confirm whether prioritized exposures are exploitable, materially impactful, and appropriately remediated.
  • Coordinate continuous offensive security validation activities, including purple team style assessments, adversary emulation informed testing, or other validation efforts that improve confidence in exposure prioritization and remediation decisions.
  • Drive ongoing maturity of exposure management capabilities by coordinating adoption, tuning, and remediation workflows to reduce risk while minimizing business friction.
  • Coordinate remediation activities for identified exposures, including vulnerabilities, misconfigurations, unsupported assets, weak controls, and externally visible risks.
  • Partner with security operations, threat intelligence, validation, and offensive security teams to support exposure triage, prioritization, escalation workflows, and continuous validation of control effectiveness.
  • Develop and maintain program metrics, dashboards, and reporting related to delivery progress, operational effectiveness, and exposure reduction outcomes.
  • Support governance, change management, and exception processes for exposure management policies, standards, and enforcement actions.
  • Promote a culture of accountability, collaboration, and continuous improvement across exposure management program stakeholders.


Requirements and Qualifications

Minimum
  • Proven experience managing cybersecurity or technology programs for large-scale enterprise initiatives.
  • 5+ years of experience in program management, cybersecurity operations, or technology delivery roles.
  • Experience coordinating or supporting exposure management capabilities such as vulnerability management, CTEM, attack surface management, remediation governance, validation, or risk prioritization programs.
  • Strong understanding of exposure management and CTEM concepts across on-prem, cloud, SaaS, OT, and hybrid environments.
  • Familiarity with validation practices such as offensive security testing, purple teaming, exposure validation, or control effectiveness assessments.
  • Demonstrated ability to manage cross-functional workstreams, dependencies, and competing priorities.
  • Communication and organizational skills, with the ability to produce executive-ready status updates and reporting.
  • Ability to operate effectively in a matrixed organization without direct authority.
  • Ability to work effectively in a highly regulated environment with strong attention to governance, risk reduction, and operational discipline.


Preferred Qualifications
  • Experience supporting or coordinating vulnerability management, CTEM, attack surface management, validation, or remediation governance programs.
  • Familiarity with risk-based prioritization approaches and exposure scoring models.
  • Experience developing program dashboards, KPIs, and operational reporting.
  • Experience coordinating exposure management initiatives with security operations, threat intelligence, validation, or GRC teams.
  • Exposure to continuous offensive security or validation programs that inform exposure prioritization and remediation outcomes.
  • Familiarity with vulnerability prioritization, remediation tracking, and attack surface visibility practices.
  • Experience supporting or securing highly regulated or critical infrastructure environments.
  • Working knowledge of vulnerability lifecycle processes, remediation coordination, and exposure reporting best practices.

This position falls under the company's Insider Threat Program and will have access to, and control over sensitive data, systems or assets. Enhanced personnel screening, which includes a background review, drug screen and psychological assessment, will be required if you are selected for this position

About the Team

Southern Company Services

About Southern Company

With 4.4 million customers and more than 42,000 megawatts of generating capacity, Atlanta-based Southern Company is the premier energy company serving the Southeast. A leading U.S. producer of electricity, Southern Company owns electric utilities in four states and a growing competitive generation company, as well as fiber optics and wireless communications. Southern Company brands are known for excellent customer service, high reliability and retail electric prices that are significantly below the national average. Southern Company has been listed the top ranking U.S. electric service provider in customer satisfaction for nine consecutive years by the American Customer Satisfaction Index.

Southern Company Careers

Join the dynamic team at Southern Company, a leader in energy innovation and a champion of sustainable practices. As one of the most respected companies in the energy sector, Southern Company offers unparalleled job opportunities that promise not only professional growth but also a commitment to diversity and leadership development.

Work You’ll Do

At Southern Company, we are not just about power generation; we are about empowering our team to innovate and lead the industry. By joining our team, you will collaborate with some of the brightest minds in the field, using your skills to solve complex problems and drive meaningful change.

Explore a World of Opportunities

Whether you are looking for a full-time position, an internship, or a leadership role, Southern Company has a place for you. Our wide range of employment options ensures that every team member can find a path that best suits their career ambitions and skills.

Innovate and Lead

Southern Company is at the forefront of technological innovation in the energy sector. Our team members are encouraged to lead projects and initiatives that push the boundaries of what is possible in energy production and management.

Grow and Develop

We believe in nurturing the potential of our employees through targeted diversity training, leadership workshops, and continuous professional development. Career growth at Southern Company is not just a possibility—it is an expectation.

Be Part of Our Culture

Southern Company’s culture is built on a foundation of respect, integrity, and inclusion. We celebrate diversity and believe that it drives innovation. Our team is our family, and we support each other in achieving personal and professional goals.

Benefits That Go Beyond

Choosing a career at Southern Company means enjoying a range of benefits designed to enrich your life and support your lifestyle. From health and wellness programs to retirement plans, we ensure our team members are taken care of.

Join Our Team

Ready to power up your career? Explore the job opportunities at Southern Company today. We are actively hiring and looking for passionate, curious, and solution-driven individuals. Enhance your skills, join a community of innovators, and work towards a sustainable future.

Stay Connected

Keep up to date with the latest at Southern Company by following our careers blog. Gain insider perspectives, industry-leading insights, and practical tips to advance your career.

Networking and Career Advancement

At Southern Company, networking and internal mobility are key components of career advancement. Connect with leaders, engage in cross-departmental projects, and take your professional journey to new heights.

Prepare for Your Interview

Make your mark from the first interview. Visit our career site for tips on crafting your resume, preparing for interviews, and making a lasting impression.

Join Southern Company—where careers glow brighter!

SEARCH SOUTHERN COMPANY JOBS Stay ahead of the curve in your career with Southern Company, where innovation meets tradition and every employee is empowered to excel.
Learn more about Southern Company
Size
27,000 employees
Market Cap
$77.6 billion
Industry
Net Income
$3.1 billion
Founded
1912
5 Year Trend
+3%
Revenue
$20.3 billion

Similar Jobs

More Jobs at Southern Company

More Energy & Utilities Jobs

Find similar Program Manager - Exposure Management jobs: