IT Security Administrator, Hays

Job Summary (Overall Purpose of the Position)

The purpose of the IT Security Administrator is to design, implement, maintain, and monitor the IT security program to protect Midwest Energy’s data, devices and computer networks from cyber-attacks and help set and maintain security standards. The position ensures that computer systems, data systems, software solutions, servers and networks are monitored for security issues and that protective security software is installed and operating as designed. The position will work to act against cyber-attacks and document events, incidents, or breaches. The IT Security Administrator will collaborate with all members of the IT department in implementing security solutions, policies, and procedures.

Job Duties - Responsibilities – Tasks

Corporate Security

- Research current industry cybersecurity best practices. Develop a strategy and lead the implementation of the best cybersecurity practice standards accordingly.

- Prepare and report security metrics (KPIs) at defined intervals based on the adopted cybersecurity framework (CSC 18, NIST, SANS, etc.) and identified baselines.

- Implement and facilitate a cyber security awareness user training program for all employees. Define, develop and present performance metrics associated to the training to report the progress and performance of the company.

- Monitor computer networks and devices for security issues and compliance with defined security standards including but not limited to missing and installed patches, hardened baselines, hardened software configurations, and known vulnerability mitigations.

- Defend systems against unauthorized access.

- Either directly or by working in conjunction with IT Department members, install cybersecurity measures by configuring, supporting, and operating software and solutions to protect systems, corporate software and information infrastructure, including firewalls and antivirus/antimalware and IDS/IPS software.

- Alert Midwest Energy employees when a new dangerous threat is identified by the cybersecurity community that cannot be mitigated through technology.

- Perform active Threat hunting, looking for indicators of threats and indicators of compromise.

- Perform network vulnerability assessments through periodic visits (as prescribed by the V.P. Information Technology) to the Kansas Intelligence Fusion Center and communicate assessment results with the V.P. Information Technology.

- Perform internal vulnerability assessments and plan a strategy for remediation.

- Review and update the Corporate Cybersecurity Incident Response (IR) Plan and associated IR Playbooks defining the process used to investigate security breaches and other cyber security incidents.

- Document security breaches and assess the damage caused as laid out in the Corporate Cybersecurity Incident Response Plan.

- Organize and execute an annual penetration test with an outside firm. Work with the other members of the IT Dept. to remediate any weakness.

- Assist in the purchase of cybersecurity related IT hardware and software.

- As Midwest Energy is required by the North American Electric Reliability Corp. (NERC) and the relevant Reliability Entity to adhere to internal standards, procedures, and maintenance practices related to Critical Infrastructure Protection (CIP), the Corporate Network and Corporate Data Center infrastructure might, on occasion, be impacted by these compliance standards. This position will assist in the compliance measures as they relate to the Corporate Network and Corporate Data Center infrastructure.

Leadership

- Lead and champion the implementation of the corporate defined security program set forth by the Center for Internet Security (CIS) and defined as the 18 Critical Security Controls (CSC 18) or any other adopted security framework such as NIST, SANS, etc.

- Act as the Incident Response (IR) Coordinator as defined by the Corporate Cybersecurity Incident Response Plan. Coordinate the mitigation and remediation of detected vulnerabilities with the cooperation of applicable IT Department team members to maintain a high security standard.

- Coordinate and/or lead tabletop exercises to test the Incidence Response plan and associated IR Playbooks. Revise the IR plan and IR Playbooks if necessary and review with the team.

- Lead and champion the Technology Roadmap initiatives assigned to the Datacenter Engineers. Act as a project lead, core team member and/or subject matter expert as assigned. Assist in the evaluation and definition of new Technology Roadmap initiatives.

- Actively participate in the “Leadership 40” meetings. Periodically present to the Board of Directors, Executive Staff, Leadership 40 and the employee base at large regarding IT security affairs.

- Research, prepare, and present enhancements to Administrative Policies, IT Department Policies and departmental procedures to support the implementation and ongoing adherence to the adopted ITIL standards and cybersecurity framework.

- Ensure Corporate IT security procedures are adhered to and accurately documented.

- Maintain costs and forecast budgets relating to the corporate security program.

General

- Develop and maintain internal and external working relationships for maximum effectiveness in serving Midwest Energy customers and communities. Ensure communication and exchange of information to present a positive corporate image, both internally and externally. Keep management informed of issues that might impact the work environment.

- Coordinate and provide direction in conjunction with key entities for effective outcomes.

- Keep informed of changes concerning IT security trends, technology trends and security standards through trade magazines, conference participation and webinars. Keep informed of current IT threats such as malware, ransomware, phishing tests, smishing, etc.

- Promote safe working habits and enforce all safety rules and regulations of Midwest Energy, Inc. Lead by example in safety compliance and take corrective action on safety violations, defective equipment, and any other practice that may adversely affect a safe working environment.

Education and Experience

- Bachelor’s degree in cyber security, information systems, computer science, data processing or a related technical field of study. Alternatively work experience and/or a combination of education and work experience will be accepted. Master's Degree is preferred.

- Preferred certification and/or minimum 10 years’ experience working with

- CompTIA Security+

- Cisco Certified Network Associate

- Cisco Certified Network Professional

- TCP/IP and OSI network models

- Security operations

- Network administration

- Windows Server operating systems

- VMware products

- Microsoft Azure

- Linux Server operating systems

- Windows Power Shell and Linux bash scripting

- Cloud environment security

- Must be able to pass a FBI or Department of Homeland Security background check in order to participate in the Kansas Intelligence Fusion Center program.

- Knowledge of electric or gas utility industry is preferred.

Key Competencies

- Ability to manage and supervise others in a team environment to facilitate the completion of Technology Roadmap initiatives and the advancement of the IT security program.

- Exhibits professionalism and integrity by maintaining composure in challenging situations, demonstrating accountability, and upholding confidentiality and ethical standards.

- Demonstrate proper and respectful communication etiquette and proficiency in verbal and written communication to correspond with the user community, cross-functional team members, managers, vendors and consultants. Demonstrate proficiency in grammar, punctuation, and style to ensure all written content is professional and polished.

- Ability to build trust through accountability, collaboration, promoting a culture of leadership, and mutual respect, while maintaining uncompromising integrity.

- Skilled in organizing, planning, and directing multiple processes and activities.

- Ability to prioritize and execute multiple issues simultaneously.

- Demonstrate skills utilizing project management techniques and methodologies.

- Demonstrated ability to provide quality customer service and establish effective working relationships with end-users, consultants, vendors, contractors and other utility companies.

- Demonstrated analytical skills and proper troubleshooting techniques to efficiently resolve issues.

- General knowledge and understanding of IT acumen associated to best practice ITIL standards including Change Control and IT Service Desk.

- General knowledge and understanding of IT acumen associated to Networking, Telecommunications, PC Support and Database Administration.

- Demonstrate detection and analytical skills. Demonstrate skills utilizing technology platforms and reporting tools including Linux and Windows.

- Ability to quickly and accurately find a solution to security breaches.

- Ability to acquire, within a reasonable time, an understanding of basic utility operations.

- Ability to organize and lead end-user training.

- Must hold and maintain a valid Kansas Driver’s License.

Posting Close Date: September 9, 2025