Senior Manager, Cybersecurity Risk and Governance

Description ENERGY FOR WHAT'S AHEAD Are you looking to make a difference in your career? We're working on smarter grids, cleaner energy and tools to help people manage energy more efficiently. This Position... As a Senior Manager in Cybersecurity Risk and Governance, you will lead a team who evaluates, tests, recommends, develops, coordinates, monitors, maintains, audits and implements Cybersecurity standards, governance policies, procedures and systems.You will guide governance and risk assessment efforts for hardware, firmware and software across the SCE Corporate environment. You assist in the investigation of security incidents and recommend improvements for governance and risk assessment methodologies. Responsible for ensuring that appropriate cybersecurity governance processes are in place for programs such as NIST policy standards. As part of SCE's Cybersecurity team, you will create innovative programs to protect our key electric infrastructure against threats, propels transformation, and drives growth.   Detailed stuff you will be doing... As the Senior Manager, you are responsible for leading and coordinating, articulating, and tracking actions related to developing and driving the implementation of the cyber assurance plans, ensuring effective cybersecurity governance and risk management practices, and engaging with the business unit members on a wide range of cybersecurity matters to achieve overall business objectives. Plan, direct and control ongoing information technology (IT) governance and risk management programs including identification, classification and prioritization of riskassociated with information resources. Analyzes risk management programs and observations and makes recommendations as to the most helpful and cost-effective approaches to addressing riskthreatening cybersecurity. Implement tools and technology to provide important metrics and reports for cybersecurity governance, risk and adherence to cybersecurity standards. You will maintain an integrated governance and risk technology roadmap to ensure key integration of risk and governance tool sets with cybersecurityinfrastructure Qualifications Qualifications you need... You have seven (7) years of experience supervising or managing a technical teams or business units, though ten (10) or more years of management experience is preferred. You have five (5) or more years of experience deconstructing complex securityprocesses and solutions to identify relevant risk areas, potential control points, and provide sound recommendations for risk treatment.   Preferred requirements include... It is preferred if you have ten (10) years of experience in the information security field and managing an information security staff in a medium to large company or installation. It is preferred if you have five (5) or more years of experience with various security disciplines, up to and including securing Internet/web development, security practices and methodologies, or equivalent strengths in security controls architecture on mainframe or mid-range systems, firewalls and dial up systems, and industry technologies, such as public key infrastructures (PKI), digital certificates, intrusion detection/prevention, and encryption. Additional preferences include: Broad inter-disciplinary skills, with a demonstrated capability of bringing to any scale environment a solid background in information security technologies, tools, and competencies, as well as strong analytical proficiencies, program management skills, knowledge of client business, and a real-world perspective and application of security technology trends and advances. Analysis, design, and implementation of industry-standard information security programs on mainframe, mid-range, network, and distributed computing environments. Development of strategic information security plans, policies, procedures, and controls, and an extensive experience in regulatory compliance, up to and including, external and internal audits. Design and implementation of security systems, common services, governance, programs, administrative functions, and energy systems, as well as an in-depth knowledge of information classification, forensicsinvestigations, incident response and tracking, and risk management and assessment methodologies and programs. Deconstruct complex securityprocesses and solutions to identify relevant risk areas, potential control points, and provide sound recommendations for risk treatment. Knowledge of Information Security best practice such as NIST 800 series, ISO 27000 series, ISA, or COBIT. Experience with security related compliance standards such as NERC CIP, NRC or comparable standards. Interpersonal and leadership skills to form and maintain effective project teams consisting of members across organizations. Knowledge of change management process such as ITIL, Six Sigma, or MSF. Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM), or GIAC GSEC certified. Bachelor's degree in Engineering, Computer Science, Information Systems or related field. You should know... Relocation is available for this position, and who wouldn't want to live in sunny Southern California? US Citizenship required as part of Critical Infrastructure security protocols. NERC/CIP - This position has been identified as a NERC/CIP impacted position - Prior to being hired, the successful candidate must pass a Personnel Risk Assessment (PRA) or Background Investigation. Once hired, the candidate must complete specified training prior to gaining un-escorted access to assigned work location and performing necessary job duties. 71023790
Salary Range: NA
Minimum Qualification
5 - 7 years

Don't Be Fooled

The fraudster will send a check to the victim who has accepted a job. The check can be for multiple reasons such as signing bonus, supplies, etc. The victim will be instructed to deposit the check and use the money for any of these reasons and then instructed to send the remaining funds to the fraudster. The check will bounce and the victim is left responsible.