- In collaboration with management, plans, organizes, leads, administers, and evaluates the projects and activities of the Risk Management / Governance and Compliance function.
- Supervises a work group cyber security professional. Hires, evaluates, trains, disciplines, schedules and assigns work, and recommends promotions, transfers, or terminations as necessary.
- Provides guidance on design, implementation, administration, and enforcement of information security controls to application systems and tools, including network security and monitoring, intrusion prevention, intrusion and endpoint detection and response, virus protection, and identity and access management.
- Evaluates risks and designs controls to manage risks. Documents and reports control failures and gaps to stakeholders.
Provides remediation guidance and prepares management reports to track remediation activities.
Manages the implementation of projects and processes such as GRC (Governance, Risk and Compliance) to automate and continuously monitor information security controls, exceptions, risks, and testing.
Leads the development of reporting metrics, dashboards, and evidence artifacts.
- Provides technical expertise and guidance of security control implementation.
- Remains current on information security management and technological advancements. Maintains comprehensive knowledge of the current cyber threat landscape, cyber security product categories and their application, and available and immerging technologies.
- Evaluates technology and current and future security-related requirements and develops or recommends technical and operational solutions
- Actively participates in strategic planning and leads tactical planning to coordinate the delivery of products and services.
Provides project management for applicable technology deployments.
Participates in the development and administration of section budget; implements and allocates resources following budget approval;
approves expenditures.
- Improves PSEG security positioning through process, policy, and procedure development.
- Performs other duties as assigned.
Job Specific Qualifications
Required :
Bachelor's degree in Computer Science, Information Systems, Cyber Security, Engineering or related discipline and minimum of 6 years of experience in Information Security.
In lieu of a degree, minimum of 10 years of experience in information security role or related experience.
- Knowledge of information security risk management frameworks and compliance practices.
- Knowledge of securing network technologies, client, and server operating systems.
- Ability to develop security standards and guidelines based on best practices and industry standards.
- Excellent oral and written communication skills. Excellent leadership, planning and organizing, results orientation, technical / professional knowledge.
- Ability to foster working relationships with the team, IT Management and Client departments.
- Ability to explain technical concepts to the business users in the context of business requirements.
- Technical experience includes : information / data / network / computer security design, administration and / or assessment.
- Broad knowledge of information systems including Windows security, network security, systems development, communication networks, security software / hardware and operating systems.
Specific Experience Required :
- Supervise team tasked with ensuring suppliers remains in compliance with cybersecurity requirements and industry best practices.
- Responsible for maintaining pertinent risk information pertaining to vendor, and communicate this data via consistent reporting to senior leadership, pertinent stakeholders.
- Responsible for developing and report on key risk metrics for the vendor risk management program.
- Lead the development and implementation of the system-wide risk management function of the information security program to ensure cyber security risks are identified and monitored.
- Lead the system-wide information security compliance program, ensuring cyber activities, processes, and procedures meet defined requirements, policies and regulations.
- Develop and implement effective and reasonable policies and practices to secure protected and sensitive data and ensure cyber security and compliance with relevant legislation and legal interpretation.
- Work with Internal and External Auditors as appropriate on required security assessments and audits.
Desired :
- Experience in Operational Technology (OT) Security is a plus.
- ISC2 Certified Information Systems Security Professional (CISSP) or equivalent.
- Programming Experience in Python.
Minimum Years of Experience
6 years of experience
Education
Bachelors
Certifications
None Noted