JOB PURPOSE

The Senior Manager of Information Security is responsible for establishing, leading, and maintaining the organization’s cybersecurity and information security programs to ensure alignment with business objectives, regulatory compliance, and security best practices. This role provides strategic direction, oversees cybersecurity operations, and manages risk across both IT and OT environments. The Senior Manager will lead a team of cybersecurity professionals and collaborate closely with internal departments, executive leadership, and external partners to protect the organization’s digital assets and ensure risk levels remain within acceptable thresholds.

Key Accountabilities

Leadership & Strategy Development

Develop, implement, and maintain a comprehensive cybersecurity strategy that aligns with business goals, regulatory requirements, and evolving threat landscapes. Lead and mature the organization’s cybersecurity program through risk-based decision-making and continuous improvement.

Industry Expertise & Thought Leadership

Stay informed on evolving IT and OT threat landscapes, cyberattack vectors, and relevant cybersecurity frameworks (e.g., NIST CSF, IEC/ISA 62443, CIS Controls). Maintain deep awareness of industry-specific challenges and regulations (e.g., NERC CIP and FERC) and how they impact cybersecurity programs.

Cybersecurity Operations & Risk Management

Direct the day-to-day security operations, including incident response, threat detection, vulnerability management, and third-party/vendor security risk management. Ensure the selection, configuration, and ongoing management of security tools and processes such as SIEM, endpoint protection, firewalls, and cloud security solutions.

Governance, Compliance & Policy Oversight

Ensure compliance with applicable regulations, industry standards, and internal governance frameworks, including NIST, ISO/IEC 27001, CIS Controls, NERC CIP, and IEC/ISA 62443. Oversee the development and enforcement of cybersecurity policies, standards, and procedures.

Incident Response & Business Continuity

Lead organizational response to cybersecurity incidents, including investigation, containment, recovery, and communication. Conduct tabletop exercises and maintain readiness through robust incident response and disaster recovery planning.

Security Awareness & Training

Drive security awareness and education programs across all levels of the organization to foster a culture of security consciousness and vigilance.

Team Leadership & Development

Recruit, mentor, and lead a high-performing cybersecurity team. Foster collaboration across IT, OT, and business units to embed security in all operation. Stakeholder Engagement & Reporting

Serve as the primary cybersecurity advisor to executive leadership, providing regular updates on cybersecurity risks, incidents, and program maturity. Build relationships across key departments including Legal, Compliance, and Operations.

Budget & Vendor Management

Manage the cybersecurity budget and oversee relationships with security vendors and service providers to ensure optimal use of resources and alignment with strategic objectives.

Experience/Qualifications/Education Required

Education:

Bachelor’s degree in Computer Science, Information Security, Engineering, or related field required.

Relevant certifications strongly preferred (CISSP, CISM, CRISC, CISA, CCSP, or equivalent).

Experience:

Minimum 10 years of progressive cybersecurity experience, including at least 5 years in a management role managing teams.

Deep technical knowledge of cybersecurity solutions, including hands-on experience with security tools, incident response, and risk management.

Strong understanding of cybersecurity frameworks and regulatory standards such as NIST, ISO/IEC 27001, CIS Controls, NERC CIP, and IEC/ISA 62443.

Experience with utility or energy generation industries and securing Industrial Control Systems (ICS) or SCADA is highly desirable.

Familiarity with public cloud security (AWS, Azure, GCP or OCI) and advanced knowledge of network security, including firewall, router, and switch configurations.

Proven ability to manage cross-functional teams and drive cybersecurity initiatives in complex environments.

Strong communication and executive presence, with the ability to convey technical information to non-technical audiences and influence senior stakeholders.

Demonstrated ability to balance security, risk management, and business objectives.

Strong problem-solving, interpersonal, and leadership skills with a collaborative mindset.

Data-driven approach to performance management and continuous improvement.

Ability to work independently and across multiple teams in a fast-paced environment.

Candidates must be located within the local region for 3 days per week on-site collaboration.

Other duties and responsibilities as assigned.

#LI-JH1 #LI-Hybrid