Director, Enterprise Security

Summary Description:

The Director of Enterprise Security is responsible for the strategy, design, engineering, implementation, and ongoing operations of NCEMC’s

enterprise security program

, encompassing both

cybersecurity

and

physical security

. This role safeguards NCEMC’s information assets, operational systems, facilities, and critical infrastructure—including substations, control centers, generation facilities, and corporate offices—through a layered defense approach (

deter, detect, delay, respond, recover

) and continuous maturity of the organization’s security posture.

This position collaborates closely with

Network Services, Datacenter Operations, and the Service Center

to ensure the performance, reliability, and security of IT infrastructure. The Director also partners with

Software Development, Data Management, and EMS/OT teams

to embed security by design across applications, data platforms, and operational technologies. The role serves as a key liaison with contractors, vendors, law enforcement, and regulatory bodies to ensure audit readiness and alignment with industry standards and applicable regulations.

Academic and Trade Qualifications:

- Bachelor’s degree in

computer science, Information Security, Security Management, Emergency Management

, or a related field. An equivalent combination of education, training, and relevant work experience may be substituted for the degree requirement.

- A master's degree is preferred.

- Certifications:

Advanced security certifications such as

CISSP, CISM, CISA, CRISC, or CCISO

are strongly preferred.

Work Experience:

6–10 years of progressive experience across IT/cybersecurity and physical security, including:

- At least 5+ years focused on cybersecurity/physical security - 3–5+ years of leadership/management experience in security or IT.

- Electric utility operations experience preferred (including familiarity with substations, control centers, and generation facilities).

Responsibilities:

Strategic Leadership & Program Development

- Develop and execute an

enterprise-wide security strategy

covering both

cyber

and

physical

security domains.

- Establish and maintain

policies, standards, procedures

, and

site security plans

aligned with industry best practices (e.g.,

ASIS

,

DHS CISA

,

NFPA

,

NERC

).

- Coordinate enterprise risk management activities:

risk assessments

,

criticality analyses

,

threat/vulnerability reviews

, and remediation roadmaps.

- Define security architecture and control baselines across IT, OT, facilities, and corporate environments.

Cybersecurity Operations & Governance

- Oversee the Manager of Cybersecurity, including

policy development

,

regulatory compliance

,

security assessments

(internal and third-party), and

incident response planning and execution

.

- Ensure security is integrated into SDLC, data platforms, and EMS/OT systems; collaborate with Software Development and Data Management teams to

embed cybersecurity controls

.

- Oversee audit readiness and compliance with applicable standards and regulations (e.g.,

NERC CIP

where applicable).

- Manage

cybersecurity awareness and training

for all staff and facilitate executive briefings and security committee meetings.

Physical Security Operations & Incident Management

- Oversee the Manager of physical security systems to ensure NCEMC’s seven facilities across the state of NC are safe and secure.

- Lead and coordinate response to physical security incidents; manage investigations and reporting with

law enforcement

and

regulatory agencies

.

Capital Planning & Project/Portfolio Management

- Plan and execute security infrastructure projects balancing

cost, risk reduction, regulatory compliance, and operational impact

.

- Prepare and manage budgets for

cybersecurity

and

physical security

operations and capital initiatives.

Training, Awareness & Exercises

- Develop and deliver training for employees, contractors, member organizations, and security personnel on

site access

,

reporting

, and

emergency response protocols

.

- Establish criteria for coordinate

drills and exercises

in collaboration with internal safety personnel and relevant external partners.

Governance, Compliance & Reporting

- Ensure compliance with regulatory requirements and maintain audit readiness, including

NERC CIP-003-8

(where applicable).

- Define and report

security performance metrics, risks, and improvement plans

for senior leadership.

- Maintain and continuously improve the

incident response plan

and

business continuity interfaces

.

Team Leadership & Collaboration

- Manage and mentor the

cybersecurity and physical security managers

.

- Foster strong cross-functional relationships with IT, operations, facilities, and business units to

integrate security

into daily operations and strategic initiatives.

Job Knowledge:

- Working knowledge of IT hardware, operating systems, applications, and datacenter operations.

- Expertise in cybersecurity tools, network topologies, intrusion detection/prevention, and network security.

- Familiarity with physical security systems, site assessments, CCTV operations, perimeter defense, and visitor/access control management.

- Experience interpreting and implementing cybersecurity and physical security regulations/standards (e.g., NIST CSF, DOE C2M2, ASIS, DHS CISA, NFPA, and NERC CIP low- and medium-impact physical security requirements where applicable).

- Strong understanding of documentation processes, operational procedures, project planning and management, and audit practices.

Abilities and Skills:

- Proven ability to lead and develop teams (cyber and physical security) and manage contractors/vendors.

- Strong oral and written communication; effective presentation skills for technical and executive audiences.

- Demonstrated customer and colleague relationship-building skills; cross-functional collaboration.

- Strength in risk assessment, incident/crisis management, analytical thinking, problem solving, conflict resolution, and adaptability.

- Familiarity with CIS (Center for Internet Security). security frameworks and maturity models.

Relationships and Contacts:

Must maintain the internal and external relationships necessary to achieve the purpose of the position and desired results. Works cooperatively with staff members across divisions and with key partners to resolve mutual operational challenges and meet corporate policies, procedures, and goals. Interacts with NCEMC member organizations, vendors, consultants, contractors, law enforcement, and regulatory bodies as necessary to accomplish objectives.

Reports to:

Chief Information Officer (CIO)

Working Conditions:

- Normal business hours with occasional overtime.

- Travel ~20% across the state of North Carolina to remote NCEMC locations (substations, control centers, generation facilities, and offices).

- Ability to lift and move items up to 25 pounds as needed.

Company Profile:

NCEMC (

https://www.ncelectriccooperatives.com/who-we-are/

) is one of the largest generation and transmission cooperatives in the nation and is the power supplier for most of the state's member cooperatives. NCEMC acquires the power it sells to its member cooperatives in a number of ways, including asset ownership and Purchased Power Agreements.

North Carolina Electric Membership Corporation provides equal employment opportunities (EEO) to all applicants for employment.