Director, Critical Infrastructure Security
ERCOT is looking for motivated people to join our team in contributing to something that impacts all of us – reliable electric power. Join our growing organization in the important mission of operating the electric grid reliably; providing fair access to the competitive electricity markets; helping the electric markets to operate efficiently; and planning for the future.
Responsible for the security of personnel, information and physical assets, operations and security compliance.
Directs the Information Security, Physical Security and Compliance Monitoring groups in developing and implementing enterprise wide cyber and physical security, security compliance and compliance training initiatives. Responsible for establishing and communicating security best practices to ERCOT personnel. Responsible for maintaining compliance with the NERC Critical Infrastructure Protection requirements and communicating security policies and expectations for the Texas Electric Market participant companies.
Essential Job Duties and Tasks
- Directs and oversees the work of security departments and security programs for the corporate enterprise.
- Responsible for hiring, coaching, training, and performance management of staff.
- Develops an overall integrated security strategy (physical, personnel, cyber) consistent with strategic plans, identified goals, objectives and metrics related to Physical protection responsibilities which include asset protection, personnel security, access control systems and video surveillance; Information protection responsibilities which includes infrastructure security architecture, infrastructure monitoring, policy development, personnel education and awareness, and Security compliance responsibilities which include compliance monitoring and personnel training.
- Evaluates enterprise operations and identify the relevant security needs for the organization through various interactions with other groups to identify key corporate security initiatives and standards.
- Develops and maintains an Enterprise security threat / risk model which identifies protection goals and mitigation strategies that are or must be implemented to lower the security and compliance risk.
- Works with ERCOT management to prioritize security initiatives and spending based on appropriate risk management and/or financial methodology.
- Manages the development and implementation of corporate security policy, standards, guidelines and procedures to ensure ongoing maintenance of security.
- Leads the implementation of strategic and tactical initiatives for mitigation of risks, measure departmental compliance and provides feedback on a periodic basis for process improvement.
- Promotes security best practices through enterprise wide security awareness programs, specialized security training for high risk areas on a periodic schedule and lead multi-departmental security initiatives that implement identified mitigation strategies.
- Maintains knowledge of NERC Critical Infrastructure Protection Standards and ensures comprehensive implementation of compliance controls.
- Maintain awareness of security and IT industry changes and future technologies.
- Provides periodic management reports on Security group activities to the Executive team, the Board of Directors, the Texas Public Utility Commission and industry regulatory agencies (NERC and FERC) as required.
- Maintains a record of, and leads the response to all security incidents within the company.
- Maintains a working relationship with local, state and federal government agencies that provide law enforcement and security incidence response.
- Assists with defining goals and identifying risk areas for internal and external agency security audits and leading the management response for the audit security-related findings.
- Assists in preparation of the organization’s emergency management and contingency plans and the Security department’s annual budget.
- Knowledgeable of security for Supervisory Control and Data Acquisition (SCADA) and Energy Management Systems (EMS) and domain-specific knowledge about ERCOT’s control systems infrastructure and security controls.
- Maintains a solid understanding of information technology and information security
- Bachelor’s degree in Business, Computer Science, Criminal Justice or related field or six years applicable experience is required.
- Master’s degree in Business Administration, Criminal Justice or related field is preferred
Certifications & Licenses
- Certifications such as Certified Information Systems Manager (CISM), Certified Information Systems Security Professional (CISSP) or GIAC strongly preferred.
- Minimum of eight (8) years (in excess of degree requirements stated above) of progressively responsible experience in information security.
- Minimum of five (5) years of experience in a managerial role.
Electric Reliability Council of Texas
Company Type: Non Profit
Company Size: 501-1000