Cyber Risk Program Manager - Phaxis LLC
Columbus, OH
About the Job
Cyber Risk Program Manager
The Cyber Risk Assessment Program Manager is responsible for guiding Association members in developing, implementing, and maintaining a robust cybersecurity risk management program. This role provides strategic leadership to enhance members' cybersecurity posture and ensures alignment with industry standards and best practices.
Key Responsibilities:
Program Administration:
- Oversee the Association's cybersecurity program, performing assessments for members biannually.
- Review and track progress on cyber improvement goals from previous assessments.
- Address and resolve identified vulnerabilities in member systems.
-Consulting and Support:
- Conduct consulting visits and lead tabletop exercises for cybersecurity preparedness.
- Regularly review and update Cyber Incident Response Plans for members.
- Facilitate the adoption of cybersecurity initiatives such as NRECA's Cyber Goals Program.
Cybersecurity Advancement
- Provide strategic advice and resources to help members enhance their cybersecurity posture.
- Align Association cybersecurity efforts with industry standards and best practices.
- Offer training sessions for IT professionals and disseminate educational resources at Association meetings.
Threat Monitoring and Policy Development:
- Monitor and analyze cybersecurity threats, issuing alerts as necessary for timely responses.
- Assist members in developing cybersecurity policies, providing templates, and reviewing existing policies for established programs.
Incident Response Support:
- Offer guidance and support during cyber incidents, including coordinating with external organizations like the FBI, CIA, and Homeland Security.
- Maintain resources and contact lists for incident response assistance.
Industry Engagement:
- Stay updated on cybersecurity trends, emerging technologies, and regulatory changes.
- Engage in state and national cybersecurity initiatives to advance member interests.
- Act as a resource for both corporate and Association members on cybersecurity matters.
Qualifications:
Education:
- Bachelor's degree in Computer Science, Computer Engineering, Information Technology, or a related field. Relevant experience or certifications may substitute for part of the educational requirement.
Licenses and Certifications:
- Possess a relevant professional certification (e.g., CISSP, CISM) or equivalent.
Experience:
- Minimum of 10 years of experience in information technology and cybersecurity.
- Experience in managing cybersecurity within a critical infrastructure environment preferred.
Skills and Abilities:
- Proven leadership experience in cybersecurity or information security roles.
- Advanced knowledge of cybersecurity techniques, especially for electric utility applications.
- Understanding of operational technology (OT) systems and associated cybersecurity risks.
- Expertise in security technologies, risk assessment methodologies, and industry best practices.
- Excellent communication and interpersonal skills for collaboration with technical staff and business leaders.
- Ability to make strategic decisions and influence organizational change.
- Strong business acumen, financial responsibility, and familiarity with regulatory compliance standards.
- Capability to analyze and address complex digital control and data processing issues.
Work Environment:
- Flexibility to work outside regular hours as needed.
- Travel up to 40% of workdays, including overnight stays both within and outside the state.
Compensation: Based on experience
Reference #: 24-03370
The Cyber Risk Assessment Program Manager is responsible for guiding Association members in developing, implementing, and maintaining a robust cybersecurity risk management program. This role provides strategic leadership to enhance members' cybersecurity posture and ensures alignment with industry standards and best practices.
Key Responsibilities:
Program Administration:
- Oversee the Association's cybersecurity program, performing assessments for members biannually.
- Review and track progress on cyber improvement goals from previous assessments.
- Address and resolve identified vulnerabilities in member systems.
-Consulting and Support:
- Conduct consulting visits and lead tabletop exercises for cybersecurity preparedness.
- Regularly review and update Cyber Incident Response Plans for members.
- Facilitate the adoption of cybersecurity initiatives such as NRECA's Cyber Goals Program.
Cybersecurity Advancement
- Provide strategic advice and resources to help members enhance their cybersecurity posture.
- Align Association cybersecurity efforts with industry standards and best practices.
- Offer training sessions for IT professionals and disseminate educational resources at Association meetings.
Threat Monitoring and Policy Development:
- Monitor and analyze cybersecurity threats, issuing alerts as necessary for timely responses.
- Assist members in developing cybersecurity policies, providing templates, and reviewing existing policies for established programs.
Incident Response Support:
- Offer guidance and support during cyber incidents, including coordinating with external organizations like the FBI, CIA, and Homeland Security.
- Maintain resources and contact lists for incident response assistance.
Industry Engagement:
- Stay updated on cybersecurity trends, emerging technologies, and regulatory changes.
- Engage in state and national cybersecurity initiatives to advance member interests.
- Act as a resource for both corporate and Association members on cybersecurity matters.
Qualifications:
Education:
- Bachelor's degree in Computer Science, Computer Engineering, Information Technology, or a related field. Relevant experience or certifications may substitute for part of the educational requirement.
Licenses and Certifications:
- Possess a relevant professional certification (e.g., CISSP, CISM) or equivalent.
Experience:
- Minimum of 10 years of experience in information technology and cybersecurity.
- Experience in managing cybersecurity within a critical infrastructure environment preferred.
Skills and Abilities:
- Proven leadership experience in cybersecurity or information security roles.
- Advanced knowledge of cybersecurity techniques, especially for electric utility applications.
- Understanding of operational technology (OT) systems and associated cybersecurity risks.
- Expertise in security technologies, risk assessment methodologies, and industry best practices.
- Excellent communication and interpersonal skills for collaboration with technical staff and business leaders.
- Ability to make strategic decisions and influence organizational change.
- Strong business acumen, financial responsibility, and familiarity with regulatory compliance standards.
- Capability to analyze and address complex digital control and data processing issues.
Work Environment:
- Flexibility to work outside regular hours as needed.
- Travel up to 40% of workdays, including overnight stays both within and outside the state.
Compensation: Based on experience
Reference #: 24-03370
Source : Phaxis LLC