VP Chief Information Security Officer (CISO)

　　Location:

　　White Plains, US

　　Summary

　　The VP Chief Information Security Officer is responsible for all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee and business information in compliance with the organization's information security policies. A key element of the CISO's role is working with executive management to determine acceptable levels of risk for the organization. This position is responsible for establishing and maintaining a corporate-wide information security management program to ensure that information assets (infrastructure/data) are adequately protected. The VP CISO is responsible for proactively communicating to NYPA's Executive Management Committee and Board of Trustees on the progress of the cyber security vision, strategy, roadmap, and key performance indicators.

　　Responsibilities

　　Advance NYPA's cyber security vision, update the strategy for achieving the vision, and maintain and update a multi-year cyber security roadmap.

　　Communicate and promote cyber security best practices and awareness of the risks to NYPA stakeholders and report overall performance effectiveness using KPIs, to the Board of Trustees and the EMC.

　　Direct and approve the design of security systems and strategies based on industry frameworks and standards (e.g. NERC CIP, NIST, ISO27001, COBIT, C2M2) for the IT and OT environments.

　　Deliver new security technology approaches and implement next generation solutions.

　　Partner with State and Federal agencies (DHS, DOE, FBI, Fusion Centers, ISACs, etc.) to share relevant actionable cyber threat information, cyber policies, and practices, and to coordinate response to incidents.

　　Manage staff, including performance management, salary administration, succession planning and workload balancing.

　　Manage the cyber security budgets (OPEX and CAPEX).

　　Ensure that disaster recovery and business continuity plans are in place and tested.

　　Review and approve security policies, controls and cyber incident response planning.

　　Review investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities.

　　Maintain an understanding of the cyber threat landscape for the industry.

　　Ensure compliance with the changing laws and applicable regulations.

　　Knowledge, Skills and Abilities

　　Digital leadership skills-capable of empowering and leading an cyber security team to meet business and cyber security goals.

　　Solid people management skills — providing direction, monitoring performance, motivating staff and building a positive working environment.

　　Ability to adapt to a fast-moving cyber security landscape and keep pace with latest thinking and new security technologies.

　　A passion for technology and security safeguarding with a desire to deliver.

　　Thrive on change, continually challenging the status quo to keep ahead of the risk landscape.

　　Analytical mind capable of managing numerous information sources and providing data analysis reports to senior management.

　　Strong customer focus — able to meet the demands of internal and external customers.

　　Excellent communication skills — providing verbal and written communication that is outstanding to both direct reports and senior management as well as other stakeholders.

　　Flexible and adaptable — capable of changing direction as required and showing flexibility to meet new demands.

　　Forms business partnerships (internally/externally) that help drive the cyber security strategy forward.

　　Make decisions that are well informed and timely.

　　Creative thinking — able to look at alternatives and consider new ways of thinking to problem solve.

　　Multi-tasking — can manage several concurrent projects and prioritize demands.

　　Strong business acumen with the ability to express cyber security risks in business terms and advocate for the right risk-benefit balance for NYPA.

　　Education, Experience and Certifications

　　Bachelor of Science Degree in Engineering Technology, Technology Risk Management, Computer Science, or equivalent.

　　Advanced degree in technology (computer science/engineering or related field) preferred.

　　Minimum 10 years of progressive leadership experience.

　　Minimum 8 years of experience in hybrid (cloud, on-premises) enterprise information technology environments in regulated industries preferred.

　　Formal industry certification in Information Security Management such as CISSP, CISM, CISA, CGEIT required.

　　Ability to obtain federal security clearance.

　　Cyber security experience in the energy industry preferred.

　　Demonstrated experience managing advanced, complex cyber security incidents across Information Technology (IT) and Operational Technology (OT) environments.

　　Familiarity with cyber security frameworks such as NIST CSF and MITRE ATT&CK

　　Physical Requirements

　　Approximately 10% travel within NY State, and to external states and localities based on business need.

　　The New York Power Authority is committed to providing fair, competitive, and market-informed compensation. The target salary range for this position is: GFE: $200,000 - $265,000. The salary offered will be determined based on the successful candidates’ relevant experience, knowledge, skills, and abilities.

　　The New York Power Authority and Canal Corporation believes that diversity, equity, and inclusion drive our success, and we encourage women, people of color, LGBTQIA+ individuals, people with disabilities, members of ethnic minorities, foreign-born residents and veterans to apply. As an equal opportunity employer, NYPA/Canals is committed to building inclusive, innovative work environments with employees who reflect communities across New York and enthusiastically serve them. We proudly celebrate diversity and do not discriminate based on race/color, creed/religion, national origin, citizenship or immigration status, age, disability, military status, gender/sex, sexual orientation, gender identity/expression, pregnancy and related conditions, familial/marital status, domestic violence victim status, predisposing genetic characteristics, arrest/criminal conviction record or any other category protected by law.

　　NYPA/Canals will also provide reasonable accommodations during the hiring process related to candidates’ disabilities, pregnancy-related conditions, religious observances/practices and/or domestic violence concerns. To request an accommodation, please email  [email protected] .

　　New York is Powered by You

　　We are a team of over 1,900 energy technologists, IT specialists, business experts, hydro engineers, and other professionals leading the energy revolution. With state-of-the-art technology, advanced R&D, and a modernized infrastructure, we provide New Yorkers with low-cost, clean, reliable power — and we are well on the way to becoming the first fully digital utility in the country. At NYPA, you will be empowered to think big, do good, and transform the energy industry.

　　NYPA on Forbes "Best of" - again!

　　NYPA is ranked by Forbes as one of America's best midsize employers for 2022 (https://www.forbes.com/companies/new-york-power-authority/?sh=1a1da5ad3160) for the fourth consecutive year! Browse today and apply.