Sr. Manager, Cyber Security Operations

Primary Role

Manage and lead the Cyber Security operations team. Create and manage key metrics for cyber security operations and management reporting. Create and manage proactive technology roadmap for defensive cybersecurity technologies. Deploy and manage security infrastructure. Should be up to date with utility industry trends, current security issues, security best practices, and new security technologies. Recommend, monitor, test and report on the state of security controls and infrastructure. Develop, document and implement security policies based on industry best practices. Create, manage and maintain compliance activities related to information security policies, standards and procedures

Key Accountabilities

• Develop a documented, next-generation security architecture for protecting systems, applications, data and users
• Validate security design for new systems and support business in implementing and deploying them
• Develop and maintain effective and appropriate policies, procedures and supporting documentation to stand ready to demonstrate compliance
• Further develop integrated compliance strategies across American Water to optimize new data use and innovations for customer benefit
• Engage with data protection authorities and policymakers to maintain sustainable scalable, global approaches to complex data protection needs cyber security needs.
• Collaborate with the information and content functional areas, technology leadership, and division senior management to align strategic initiatives and technology implementations with data protection and privacy practices
• Manage and oversee a team (internal and outsourced resources) of security professionals and engineers to achieve optimal use of staff and resources towards planning, development, implementation and maintenance of all Technology and Content Security technologies related to the secure operation of American Water systems and services
• Communicate risk decisions, project status, recommended strategy updates to leadership
• Leverage artificial intelligence and machine learning strategies to automate and tune security controls
• Cultivate relationships with security related vendors to establish mutually accepted contracts and service-level agreements
• Maintain relationships with local, state and federal law enforcement and other related government agencies
• Work with internal and external audit teams to deliver timely responses and data collection requests

Knowledge/Skills

• Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST
• Understanding of the evolving cyber threat landscape and how it now drives the disciplines of integrity, availability, and recoverability, including specific cyber response experience
• Knowledge in both Problem and Incident management, timeline and its related activities and milestones
• Familiarity and background of various operational risk management asset types including technology, data, people, product, business
• function, process, and facility operations
• Knowledge of Enterprise Security Incident and Event Management (SIEM) and SIEM integrations
• Knowledge of threat intelligence and integrating threat intelligence into SIEM
  

Experience/Education

• Bachelor’s degree in Computer Science, Engineering or related discipline preferred

• 12 + years overall experience in digital and cyber security with at least 3 years in a leadership position
• 2+ years of experience writing and interpreting information security policies and standards
• Experience in managing to Service Level Objectives (SLO)
• Experience with enterprise cyber security technologies including but not limited to SIEM, IDS, Firewalls, MultiFactor Authentication (MFA), EDR, EndPoint protection.
• Experience with managing cloud security technologies.
  

Travel Requirements

• As necessary, up to 10%

Certifications & Licenses

• CISSP (Preferred)

Competencies