Security Program Lead - Rensselaer, United States - New York ISO

New York ISO

Verified Company

Rensselaer, United States

2 weeks ago

Posted by:

Mark Lane

beBee recruiter

Description

The New York Independent System Operator (NYISO) manages the efficient flow of electricity on more than 11,000 circuit-miles of high-voltage transmission lines, dispatching power from hundreds of generating units across the state.

The Security Program Lead oversees key ancillary functions and supporting services that are an integral part of the larger program to secure and protect NYISO resources including security program administration, strategic planning, security budget and resource planning, security metrics and reporting, security training and awareness, security maturity assessment, and facilitation of industry partnerships.

The Security Program Lead evaluates existing NYISO security measures, assesses the effectiveness of those measures, and recommends changes that will improve all aspects of NYISO security.

ESSENTIAL DUTIES and RESPONSIBILITIES

Administers the security strategic planning process, including development of IT and security strategy into strategic plan milestones and program plans. Facilitates meetings and discussions to create actionable department plans to accomplish the security strategy.
Develops and leads programs to expand accountability for security across the organization, including actions that empower and support the various information technology functions. Ensures tools, training, and processes from all areas support enhanced accountability for security, and security risk is considered during project planning, design, and implementation activities.
Develops and leads the NYISO Security Awareness program, and champions a culture of security and compliance across the organization through effective & engaging communications, awareness campaigns, and other activities. Plans and develops highimpact communications campaigns to convey security concepts to the organization.
Facilitates budget and resource planning for all aspects of the security program
Develops structured, relevant security training for all employees and contractors, and oversees training programs to ensure security competency and compliance with regulatory requirements for training.
Leads the Enterprise Security Steering Committee to ensure alignment of the security program with key business partners, and implementation of security processes and controls in a manner that still permits the efficient conduct of business
Develops and leads large regional security exercises for NY State electric sector members, government, and other stakeholders, and facilitates NYISO participation in GridEx, CyberStrike, and other national cyber security exercises.
Leads the NYS Security Working Group, including development of the function, organization of quarterly meetings, governance of activities, and interaction with constituents to develop a collective approach to cybersecurity in the NYISO footprint. Organizes and facilitates relationships with selected stakeholder groups, public and private utilities, designated electricity industry organizations, State and Federal organizations and utility regulatory staff to ensure secure, reliable and resilient operation of the New York Bulk Electric System (BES).
Develops and tracks security program metrics that measure the performance and effectiveness of security processes, controls, and technologies, and reports on performance to NYISO leadership and other stakeholders in clear, relatable business terms.
Establishes a security maturity measurement program using industry frameworks such as NIST and ES-C2M2, and then facilitates ongoing measurement and reporting on the effectiveness of security controls, processes, and initiatives.
Leads the organizational effort to stem risks associated with phishing, vishing, and other forms of social engineering through development of phishing simulation, awareness efforts, and other methods. Makes recommendations on initiatives to improve organizational response and susceptibility.
Develops clear, wellwritten, and concise communication for NYISO employees with timely and appropriate recommendations to respond to security and compliance threats, vulnerabilities and other risks to the NYISO.
Leads and/or participates in special projects, programs, and initiatives as directed by the Chief Information Security Officer.
Develops professional, polished communications and messaging on security matters for NYISO executives, staff, stakeholder groups, industry councils and associations, and government partners.
Engages with Information Technology, Product & Project Management, and other delivery teams to provide guidance on implementing security and compliance guidelines in a balanced and appropriate manner. Develops strategies to ensure the ubiquity of security and advocates on behalf of NYISO business partners.

QUALIFICATIONS

Bachelor's degree (BS) in Information Security, Computer Science, or Business with extensive coursework in Information Systems or related field required. MS/MBA preferred.
Seven years pro