Job Description

Position Description

Directly works with key business leaders to develop and maintain an on-going definition of the enterprise cyber security strategies and systems needed by the corporation. Manages the design, testing, implementation, maintenance, and administration of the enterprise cyber security principles, practices and systems to ensure the protection of information assets processed, stored or transmitted by the company. Provides support for current technologies and processes in place as well as project management, technical expertise, and strategic direction for new initiatives. Works with the Supervisor, Enterprise Cyber Security Engineering and Supervisor, Identity and Access Management to assist the Manager, Enterprise Cyber Security in the initiation, support and monitoring of cyber security programs and services in order to attain successful completion of company and departmental goals and strategies.

Position-Related Responsibilities

• Monitor the internal control systems to ensure that appropriate system access levels are maintained.
• Ensure appropriate cyber security team involvement in all technology projects that may impact the security of customer, employee or business information. Review all system-related security plans throughout the organization's network, acting as a liaison to other areas of Information Services.
• Serve as an internal information security consultant to the organization. Advise the organization with current information about information security technologies and related regulatory issues.
• Manage, recommend, and support cyber security technologies for UNS.
• Provide or ensure effective project leadership for assignments and initiatives Enterprise Cyber Security Operations is involved in.
• Manage access control including user provisioning and de-provisioning.
• Coordinate the development and maintenance of cyber security process and procedure documentation.
• Coordinate the performance of cyber vulnerability assessments and the ongoing mitigation of findings.
• Coordinate the administration and support of applications used by Enterprise Cyber Security Operations.
• Coordinate incident response and forensic investigations. Act as the CIRT Team Lead.
• Facilitate the development of, training of and mentoring of the Cyber Incident Response Team (CIRT).
• Work with Human Resources or Legal to provide sensitive investigative or litigation hold support.
• Manage chain of custody for UNS assets that leave company premises.
• Promote departmental standards for ongoing system operations, processes, practices and tools across the Enterprise Cyber Security Operations team.
• Manage the ongoing relationship between business clients and Enterprise Cyber Security Operations in order to understand requirements, achieve effective and mutually beneficial outcomes, and manage client expectations (supply vs. demand) with respect to service requests and project delivery commitments.
• Research and keep abreast of new Information Technologies and assist in evaluating for appropriate application within the company.
• Direct, supervise and mentor the Enterprise Cyber Security Operations staff, including outside consultants as needed.
• Assist the Manager, Enterprise Cyber Security with the definition of relevant cyber security strategies, the development and management of budgets which support the cost-effective implementation of cyber security strategies, tactics and operating plans.
• This position may provide services to affiliates of the Company subject to the UNS Energy Code of Conduct and the related Policies and Procedures.

Management Responsibilities

• Ensure that the Company’s management principles, policies and programs are consistently practiced and continually support the Affirmative Action Plan.
• Comply with and administer the terms and conditions of the Collective Bargaining Agreement.
• Assume fiduciary responsibility for operating the business and provides recommendations on cost improvement measures.
• Ensure that the Performance Management program is administered uniformly and effectively.
• Mentors staff and peers to enhance their understanding of cyber security processes and technologies.

Knowledge, Skills & Abilities
(Equivalent combination of education and experience will be considered.)

Minimum Qualifications:

• High school diploma or GED.
• Bachelor’s degree in Management Information Systems, Computer Science, or related discipline.
• Minimum three years’ experience in an Information Technology leadership capacity.
• Six or more years working as an IT Security Analyst or Engineer involving various IT security technologies including: firewalls and host-based firewalls, intrusion detection systems, intrusion prevention systems, anti-virus or malware systems, zero-day vulnerability analysis tools, vulnerability assessment software, authentication and single sign-on, access control/provisioning, secure file transport, encryption, remote access, logging and monitoring, network monitoring, file integrity, internet directory services, forensic and investigation tools. Experience at companies with more than 500 end-users is required.
• A high degree of human relation skills are required to deal with personnel situations and maintain positive relations with other areas of the company.
• Broad-based business knowledge, including budgeting, financial analysis and project management, including the ability to prioritize and meet deadlines, with emphasis on accuracy and attention to detail.
• A demonstrated ability to communicate effectively at all levels, including public speaking and business writing.

Preferred Qualifications:

• Master’s degree in Business Administration, Management Information Systems, or related discipline is preferred.
• One or more certifications in an IT Security discipline, such as Certified Information Systems Security Professional (CISSP), CISM, CEH, CHFI, ECSA, CISM, CCSA, ISSAP, ISSEP, CCFE, CASS, GSEC, GCIH, GCIA, GCFA, GPEN, GCFW, GWAPT, GCWN, GCFE, Security +
• Minimum three years experience with and knowledge of IT audit principles and regulations, including: NERC CIP, ISO, COBIT, ITIL, NIST, Sarbanes-Oxley, PCI and HIPAA is preferred.
• A broad utility business experience is preferred with emphasis on real-time utility operations, such as Energy Management Systems, transmission & distribution engineering, and generation engineering.