Job Description

The Security Manager is responsible for the strategic roadmap and oversight of the IT Enterprise Security program including Vulnerability Management, End Point Detection and Response, Email Filtering and Archiving, Security Event and Incident Management, Incident Response, Security Forensics, Investigations, eDiscovery, Risk Assessments and Mitigation Management, and partnership with the SCADA Operational Technology groups.

General Duties and Responsibilities

Conduct research to analyze security products and techniques to develop and maintain the IT Security Strategic Roadmap.
Management and continuous security posture development of the various Security systems such as the End Point Detection and Response, Email Filtering and Archiving, Security Event and Incident Management, Privileged Access Management, and Web Content Management.
Responsible for legal discovery, internal investigations and Cyber discovery and reporting.
Oversee third party network vulnerability assessments and penetration testing including applicable remediation.
Perform internal vulnerability assessments and define patch management mitigation execution plans.
Management of the IT Risk Assessment program including remediation and mitigation plan development.
Based upon the Incident Response Plan, initiate immediate proper protection and corrective measures when an incident or vulnerability is discovered.
Create security incident reports and ensure remediation actions are complete, accurate, and provided in a timely manner. 
Monitor system recovery processes to ensure security features and procedures are properly restored. 
Partner with the SCADA Operational Technology groups to define security regulatory and industry standard practices.
Ensure system security requirements are addressed during all phases of the information system life cycle. 
Regular attendance at the worksite is required. 

Position Qualifications:  Knowledge, Skills and Abilities

Experience with the National Institute of Standards and Technology (NIST)
System Engineer or other relevant technical background
Experience in advanced technical and troubleshooting skills based upon extensive knowledge of Microsoft and LINUX server operating systems, TCP/IP, server-class hardware, and network applications. 
Requires familiarity with Microsoft Exchange, Microsoft Active Directory, enterprise-level antivirus, audit functions/logging and disaster recovery/business continuity.
Multi-task orientation to handle a number of projects at once while remaining flexible to changing requirements and priorities.
Ability to meet deadlines in a timely manner and collaborate effectively in teams within all levels of the organization.
Technical writing ability to aid in the documentation of reports, policies and procedures. 
Excellent customer service, interpersonal, and communication skills.
Highly self-motivated and directed.
Keen attention to detail.
Proven analytical and problem-solving abilities.
Ability to effectively prioritize and execute tasks in a high-pressure environment.
Must be dependable with a stable work history.
Ability to maintain stability under pressure and be flexible and willing to modify plans and behavior when necessary.
Ability to work a flexible schedule, including evenings, weekends and/or holidays.
Ability to be a positive representative of the Company both internally and externally.
Ability to work with respect and cooperation at all times with fellow employees and customers.
Must be committed to working safely at all times.

Experience/Education/Certifications:

Bachelors degree in Computer Science or related field or equivalent experience is required.
Minimum of 10 years of equivalent work experience is required.
CEH – Certified Ethical Hacker preferred.
CISSP – Certified Information Systems Security Professional preferred.
CISM – Certified Information Security Manager preferred.
Experience working in a team-oriented, collaborative environment is required.

Travel:

Up to 10% travel required.  Requires the ability to travel to locations where environment may vary significantly. 

Physical Requirements: 

The physical demands described are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

The employee must occasionally position, transport and/or move up to 50 or more pounds (e.g., computer and peripherals).

While performing the duties of this Job, the employee is regularly required to:

Be stationary for long periods of time;
Work in confined or restrictive working spaces;
Use hands to finger, handle, or feel;
Reach with hands and arms above the head and to ground level;
Push and pull material and equipment from one place to another;
Communicate with and exchange information verbally and in writing;
Move about in an office environment;
Work using repetitive motion.

Specific vision abilities required by this job include close vision, distance vision, peripheral vision, depth perception and ability to adjust focus.
Work requires physical efforts associated with using the computer and phones to access information.

Working Environment: 

The work environment characteristics described are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

While performing the duties of this Job, the employee is:

Regularly in an office environment.
Occasionally exposed to work in high, precarious places.
Occasionally exposed to work near moving mechanical parts; fumes or airborne particles; toxic or caustic chemicals.
Occasionally exposed to outdoor weather conditions; extreme cold; extreme heat.
Occasionally exposed to moving mechanical parts, hand tools and small to medium-sized power tool use.
Occasionally exposed to risk of electrical shock.
The noise level in the work environment is usually quiet to moderate.