Leads the Information Security efforts for New Horizon Electric Cooperative, its members, and participating South Carolina electric cooperatives. Serves as New Horizon Electric Cooperative’s Information Security Officer, with overall responsibility for implementing adequate safeguards to ensure the confidentiality, integrity and availability of mission critical data and to prevent the accidental or intentional destruction, disclosure, modification or interruption of information that might cause substantial system failure, financial harm, legal harm and/or information loss. Provides leadership and oversight in the strategic planning and assessment of all company information security strategies, policies, procedures and guiding practices. Partners with the Electric Cooperatives of South Carolina to develop cybersecurity training framework and protocols. Acts as a partner with Information Technology leaders to ensure security is integrated into technology systems, programs, and governance, and utilizes skills to audit information technology practices.
Essential Duties and Responsibilities:
Establish Governance and Build Knowledge
Facilitates an information security governance structure through the implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board.
Ensures that the Information Security Program has the proper governance and controls in place to security framework compliance.
Provides regular reporting on the current status of the information security program to member committees, senior business leaders and the board of directors as part of a strategic enterprise risk management program, thus supporting business outcomes.
Works with the various business units to help ensure that information security requirements are included in equipment and contracts by liaising with vendor management and procurement organizations.
Works with the Electric Cooperatives of SC (statewide) to help create and manage a targeted information security awareness training program for different levels of cooperative employees, trustees, contractors and approved system users, and establish metrics to measure the effectiveness of this security training program for the different audiences.
Lead the Organization
Leads the information security function across the company to ensure consistent and high-quality information security management in support of the business goals.
Manages the budget for the information security function, monitoring and reporting discrepancies.
Serves as NHEC’s Security Officer.
Advises internal stakeholders, business units and external members on key issues related to how information security funds should be invested to ensure consistent security measures associated with business unit risks.
Set the Strategy
Develops an information security vision and strategy that is aligned to organizational priorities and enables and facilitates the organization's business objectives, and ensures senior stakeholder buy-in and mandate.
Develops, implements and monitors a strategic, comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy and recovery of information assets owned, controlled or/and processed by the organization.
Collaborates with Information Technology department on technology strategies to ensure that current and future technology services satisfy the security requirements of the organization and its members.
Build Partnerships and Communicate the Vision
Promotes awareness of security policies and related security topics.
Creates the necessary internal networks among the information technology team and line-of-business executives, legal and HR management teams to ensure alignment as required.
Builds and nurtures external networks consisting of industry peers, ecosystem partners, vendors and other relevant parties to address common trends, findings, incidents and cybersecurity risks.
Liaises with external agencies, such as law enforcement and other advisory bodies, as necessary, to ensure that the organization maintains a strong security posture and is kept well-abreast of the relevant threats identified by these agencies.
Operate the Function
Manages and contains information security incidents and events to protect corporate IT assets, intellectual property, regulated data and the company's reputation
Develop, implement and monitor a strategic, comprehensive enterprise information security and cyber risk management program
Work directly with the business units to facilitate risk assessment and risk management processes
Develop and enhance an information security management framework
Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services
Provide leadership to the statewide Cybersecurity Taskforce
Partner with business stakeholders across the company to raise awareness of risk management concerns
Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems
Bachelor’s Degree in cybersecurity or a related field.
Professional security management certification or relative experience
Minimum of eight to twelve years of experience in a combination of risk management, information security and IT jobs
Knowledge of common information security management frameworks, such as NIST Cybersecurity Framework, NIST 800-53, ISO, COBIT and NERC CIP.
Experience with NERC CIP or other federal audits
Excellent written and verbal communication skills and high level of personal integrity
Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams
Experience with contract and vendor negotiations and management including managed services.
Experience with Cloud computing/Elastic computing across virtualized environments.
About New Horizon Electric Cooperative Inc
New Horizon Electric Cooperative, Inc. is a member-owned, nonprofit cooperative with five electric membership cooperatives in the upstate of South Carolina.
BACK TO TOP
ISACA Career Centre is Just One of the Benefits.
Discover what else ISACA has to offer!
The job you are trying to reach from was originally posted at ISACA Career Centre.