Director-Cyber Security & CISO

We’re committed to being the clean energy leader in Louisiana. By investing in renewables like solar and utilizing carbon capture and sequestration technology to make our air cleaner, we’re in this for the long haul, because our state and future generations depend on it. Come be a part of our journey at Cleco where we're Energizing Your Tomorrow.

Role Purpose:

The Director - Cyber Security & CISO is a leadership level professional who works closely with the Chief Information Officer and is responsible for leading all cybersecurity strategy, operations, governance, risk, compliance, physical security, and facility services for Cleco. A strategic and entrepreneurial thinker who takes initiative, has determination, a positive attitude, able to set expectations, delivers against those expectations, and provides innovative and creative leadership to safeguard Cleco’s digital and physical assets. This role is operationally responsible for; (1) digitally safeguarding Cleco IT assets through the day-to-day management of the IT Cybersecurity Operations and IT Governance, Risk, and Compliance (GRC) teams, (2) digitally safeguarding Cleco OT assets through close collaboration across Generation, Transmission, and Distribution LOBs (3) leading the strategic and operational activities related to Cleco physical security and facilities.

Key Responsibilities:

CYBERSECURITY

- Champions a corporate culture that emphasizes transparency, integrity, safety, environmental responsibility, employee development, diversity and inclusion, customer service, and operational excellence.

- Provides vision and leadership in the development and execution of Cleco’s cybersecurity strategy and roadmap, including aligning with business strategy, gaining executive approval and support, and overseeing successful execution.

- Maintains practical and actionable cybersecurity policies and standards that reflect the needs of the business while keeping pace with changes in the business environment, technology, and threats to effectively mitigate and manage risk to the business.

- Collaborates across the business to ensure participation in solution review for cybersecurity policy and standard alignment.

- Collaborates across the business to identify areas of potential cybersecurity risk, including third-party, and drives mitigation strategies to reduce these risks to acceptable levels.

- Collaborates across the business in the creation, maintenance, and monitoring of applicable IT controls, such as SOX, CIS CSC, NIST CSF, CISA CPGs, etc.

- Measures compliance with applicable IT controls as part of assessing the overall cybersecurity risk posture of the enterprise and initiates programs to achieve and maintain an acceptable cybersecurity posture.

- Builds and maintains relationships necessary for the successful execution of the cybersecurity program, including developing and maintaining internal and external relationships to influence cybersecurity policy, standards, and programs.

- Effectively partners with IT, OT, Legal/Compliance, and Regulatory teams in the execution of the cybersecurity strategy, roadmap, and operations.

- Collaborates across the business to maintain and train on the organizations’ unified Cybersecurity Incident Response Plan (CSIRP), including executing preparation exercises, developing risk scenarios, and scheduling/executing annual formal tabletop exercises.

- Partners with the business to develop and employ an ongoing cybersecurity communications, training and awareness program tailored to the evolving needs of the business and specific requirements of various user groups through change management.

- Provides regular reports to the EMT and other senior leaders regarding cybersecurity risk posture.

- Leverages cybersecurity investments to enhance business, administration, and compliance processes.

- Oversees the performance and development of managers, supervisors, and high-level technical employees, enabling them to deliver excellent operational performance with a customer-centric approach.

- Collaborates closely with external partners and law enforcement agencies, such as E-ISAC, CISA, and the FBI, regarding threats specific to Cleco and electric utilities.

- Oversees and manages the successful execution of the cybersecurity budget.

- FACILITIES

- Directs the design, planning, construction, and maintenance of Cleco’s facilities and real estate.

- Collaborates across the business to identify areas of potential physical security risk and drives mitigation strategies to reduce these risks to acceptable levels.

- Supervises all facilities, along with building and grounds, including suppliers and subcontractors.

- Negotiates contracts related to all real estate transactions, including providing advice and exercising contractual law when required.

- Oversees the functioning of all building systems including mechanical, electrical, fire/life safety, plumbing, and waste management.

- Coordinates remodeling and refurbishment initiatives, testing equipment, space needs, compliance with zoning laws, relocations, and lease agreements.

- Oversees and manages the successful execution of the facilities budget.

Qualifications:

- Master's / Bachelor's degree in Cybersecurity, Computer Science, Computer Information Technology, Business Administration, or related field.

- 10+ years leadership in cybersecurity policy, standards, architecture, engineering, technology, and programs. - 5+ years of staff management, development, and mentoring. - 5+ years of project management experience.

- Strong understanding of cybersecurity and the relationship between threat, vulnerability, information value, and impact in the context of risk management.

- Strong understanding and application of cybersecurity across IT and OT environments.

- Strong understanding in the application of industry cybersecurity control frameworks, such as SOX, CIS CSC, NIST CSF, CISA CPGs, etc.

- Strong understanding in the development and management of cybersecurity policies and standards in alignment with industry cybersecurity frameworks.

- Strong understanding of processes, tools, and techniques for assessing and controlling an organization's exposure to cybersecurity risks.

- Strong understanding of cybersecurity incident response planning, preparation, and execution.

- Knowledge of network attacks and the defenses used; Ability to defend and prevent electronic threats, theft and attacks.

- Experience developing and implementing a comprehensive cybersecurity strategy and plan, in support of the overall business plan and specific to the threats to Cleco.

- Experience using metrics and KPIs/KRIs to monitor cybersecurity effectiveness and identify areas for further improvement.

- Ability to implement cost-effective cybersecurity solutions to meet changing business needs.

- Experience in a leadership role, high-level analytical skills, exceptional relationship management competencies, and relevant project management work experience with a demonstrated record to lead and execute cybersecurity compliance and risk mitigation programs.

- Strong ability to apply policies and practices for planning and administering a budget.

- Experience team building, training, coaching, giving performance feedback, and providing a regular evaluation for associates as to the requirements for all team members to achieve success.

- Strong communications and relationship skills with the ability to interact effectively with senior leadership.

- Strong negotiating and influencing skills, while presenting ideas and opinions in a respective and collegial manner.

- Strong understanding and appreciation of diversity in the workplace.

- Strong interpersonal, communications, writing, speaking, and listening skills.

- Ability to exercise sound and independent judgment while knowing when to escalate issues to the next level.

- Ability to pass a Department of Homeland Security (DHS)/Cybersecurity and Infrastructure Security Agency (CISA) background check to obtain a Secret-level clearance as part of the State, Local, Tribal, and Private Sector Program (SLTPS) preferred.

Certifications:

At least one of the following active certifications: CISA, CISM, CRISC, CISSP, GSLC, GSTR or other equivalent SANS GIAC leadership certifications.

May perform other duties as assigned.

Salary dependent on experience, skills, education, and training