Director, Enterprise Security & Chief Information Security Officer

The New York Independent System Operator (NYISO) manages the efficient flow of electricity on more than 11,000 circuit-miles of high-voltage transmission lines, dispatching power from hundreds of generating units across the state.

The New York Independent System Operator (NYISO) applies cutting-edge technology to operating a reliable electricity system, managing competitive markets for wholesale electricity, and planning for the Empire State's energy future. The NYISO’s Information Technology department invites applications for a full-time Director, Enterprise Security & Chief Information Security Officer.

The Director, Enterprise Security & Chief Information Security Officer is responsible for the design, implementation, and operations of the NYISO’s physical and cyber security programs to ensure the protection of NYISO assets, operations, and employees. This position is responsible for all aspects of the NYISO’s cyber and physical security program, including security risk management, threat & vulnerability management, incident response, data & information protection, security architecture, security infrastructure management, identity & access management, security training & awareness, and engagement on security matters with both internal and external entities, including government, law enforcement and NYISO stakeholders.

The Director, Enterprise Security & Chief Information Security Officer ensures a strong security posture across the organization, with a high degree of operational readiness and capability to detect and respond to continuously evolving threats and vulnerabilities. This position requires the development and management of key external relationships with security service providers, vendors, government intelligence partners, and law enforcement agencies.

The Director, Enterprise Security & Chief Information Security Officer leads participation in industry forums to augment the capabilities of the NYISO security staff and directs an internal team of security professionals charged with providing cyber and physical security services. The Director, Enterprise Security & Chief Information Security Officer oversees a security governance, risk, & compliance program that ensures adherence with applicable regulatory frameworks including NERC Critical Infrastructure Protection (CIP) standards and establishes trusted relationships throughout the electric utility industry to collaborate and share pertinent information. The Director, Enterprise Security & Chief Information Security Officer manages a team of cyber and physical security professionals, including a contract armed guard force, and reports directly to the Senior Vice President and Chief Information Officer.

- Provides vision and leadership to guide the development of the NYISO cyber and physical security strategy and strategic plan and directs the implementation of the strategy through annual resource, budgetary, and project planning activities.

- Directs all operational security functions, including oversight of the NYISO’s 24/7 Cyber Security Operations Center whose mission is to continuously monitor the threat landscape and immediately respond to events as necessary to protect the NYISO from cyber risks. Serves as senior cyber security escalation point for all cyber incidents and events and directs all activities across the organization during escalated cyber events and incidents.

- Oversees the cultivation of both classified and unclassified intelligence from government, law enforcement, and commercial partners, with processes that develop it into actionable information to be used by the cyber security analysts on the team.

- Leads the selection, design, engineering, and development of technical security infrastructure and cloud solutions. Develops security architectures to facilitate the application of security concepts and strategies into practical designs and configurations that are engineered to address evolving security challenges

- Oversees the NYISO’s Security Governance, Risk & Compliance programs including policies and practices ensuring the organization’s compliance with NERC Critical Infrastructure Protection standards, security components of Service Organization Control (SOC) 1, and other cyber and physical security standards. Engages in external outreach with NERC, NPCC, and other entities that audit NYISO’s compliance with regulatory standards.

- Oversees the NYISO physical security program, with accountability for the protection of facilities, property, and physical assets, as well as access control & badging systems, video surveillance, workplace violence prevention, and other areas as required. Manages a large contract guard force (including armed guards) to ensure the safety and protection of all who enter NYISO property and facilities. Ensures the safe handling and storage of sidearms employed by armed guards.

- Develops and implements an engaging and effective security awareness & training program for all NYISO employees and contractors, and fosters a strong security-oriented culture across the NYISO.

- Works directly with the leaders of business units to facilitate risk analysis and risk management processes, identify acceptable levels of risk, and bridges security and the business units together through strong collaboration.

- Guides the implementation of information protection policies and processes to protect NYISO information assets from inappropriate disclosure.

- Manages NYISO employees assigned to the security team, including hiring, training, staff development, performance management and annual compensation review of department employees, and oversees contractors assigned in support of the physical security function.

- Provides presentations and briefings on all security matters to the Board of Directors, NYISO executive leadership, and industry leaders and dignitaries conveying security concepts in clear and concrete business terms.

- Oversees the business aspects of the security function including contracting, budgeting, vendor management and asset management. Develops strong, collaborative relationships with security service providers as a key component of the NYISO security program

- Provides subject matter expertise to senior leadership on a broad range of technical security standards and best practices. Represents the organization at conferences, seminars, and industry events.

- Establishes effective communications and reporting of security status at all levels of the organization. Briefs executive leadership, board members, and market participants on security matters, including strategy, operational status, security planning, and other matters.

- Establishes & maintains strong partnerships with local, state and federal law enforcement and other related government agencies.

- Builds relationships and forums with NYISO’s stakeholders seeking to elevate the overall security awareness and posture of NY’s electric industry.

Supervisory Responsibilities

This position does possess supervisory responsibility and there are supervisory employees who report to this position. Manages full time and contract employees.

- Bachelor’s Degree (BS) in Computer Science, Engineering, Management, or related technical field required; Master’s Degree (MS/MBA) strongly preferred.

- At least fifteen years experience in progressively responsible IT management positions is required.

- Broad and deep understanding of technical security concepts and familiarity with related technologies and infrastructure, as well as a solid conceptual knowledge of enterprise IT architecture, infrastructure, software, and operational functions.

- Demonstrable experience in senior positions leading and motivating cross- functional, interdisciplinary teams, including strong enterprise security operations & incident management experience.

- Project management skills, experience managing department finances & budgets, and contracting and vendor negotiations.

- Experience in the energy sector and familiarity with Critical Infrastructure Protection standards is strongly desirable.

CERTIFICATES, LICENSES, REGISTRATIONS

- Must be able to obtain and maintain a DHS, DOE, or DOD security clearance to be granted access to classified intelligence and information.

- Professional cyber security certification, such as a CPP, CISSP, CISM, CISA or other physical and/or information security credentials, is a plus.

Additional Requirements

- Ability to read, analyze and interpret general business periodicals, professional journals, technical procedures, and governmental regulations. Ability to write reports, business correspondence, and procedure manuals. Ability to write presentations and articles for publication that conform to prescribed style and format. Ability to effectively communicate security and risk-related concepts to technical and nontechnical audiences including senior NYISO leadership and the NYISO Board of Directors.

- Ability to define problems, collect data, establish facts and draw valid conclusions. Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and concrete variables.

- High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity.

- Proficient with personal computers running the Windows operating system; experience with productivity software such as Microsoft Office applications, e-mail, and Internet programs.

PHYSICAL DEMANDS

While performing the duties of this job, the employee is regularly required to talk or hear. The employee frequently is required to stand, walk, sit and use hands to perform routine office tasks. The employee is occasionally required to reach with hands and arms. The employee must occasionally lift and/or move up to 15 pounds. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

The noise level in the work environment is usually moderate. Contact with staff and public will occur. Travel may be required to attend and/or conduct meetings, conferences and training. This position may require work on nights, weekends or holidays.

At the NYISO, we realize the importance of balancing the availability of remote work with the inherent value of bringing people together to attain success in the areas of maximum collaboration, relationship building and growth, teamwork, innovation and problem solving, as well as professional development and mentoring. In this role, you will be required to work onsite from our Rensselaer, NY location several days per workweek, with the option to work remotely on the remaining days. You will also be expected to respond to all business needs that may require any increase to the regular onsite requirements.

The NYISO takes pride in recruiting, developing and retaining highly talented individuals. In addition to competitive salaries, we offer a comprehensive benefits package and innovative reward programs.

All offers of employment will be made contingent upon the successful completion of a drug screening and background check.

Salary Range

$170,500 - $306,400 USD