Tri-State Generation and Transmission Association, Inc.
Senior Manager Cyber Security and CISO
Tri-State Generation and Transmission Association, Inc., Westminster, Colorado, United States, 80031
Join to apply for the
Senior Manager Cyber Security and CISO
role at
Tri-State Generation and Transmission Association, Inc. The role is accountable for the creation, implementation and oversight of strategies and programs designed to reduce and mitigate information security risk across the Association, leading an enterprise-wide information security and assurance function and framework, ensuring that confidentiality, integrity and availability requirements of information systems and assets are identified and managed appropriately. This leadership position reports to and works with the Chief Information & Technology Officer (CITO) and other department leaders, including business services, technical services, and the technology office to design and execute the company’s technology roadmap. This forward-looking technology leader participates in the execution of a 24/7 cybersecurity support strategy. As a member of the Information & Technology leadership team, the CISO plays an influential role in making investment and priority trade-off decisions, negotiating, and managing vendor contracts, and recruiting, retaining, and developing high-performing teams. Tri-State recognizes the value of a highly-engaged and committed workforce and provides an excellent benefits program that includes Medical Insurance, Dental Insurance, Vision Insurance, Health Savings Account (HSA), Flexible Spending Accounts (FSA), Tuition Reimbursement, Flexible Work Schedules including compressed work week and telecommuting opportunities to work remotely up to 40%, Life Insurance, 401K, Long Term Disability (LTD), Short Term Disability (STD), Employee Assistance Program (EAP) and Paid Leave Benefits. Senior Manager Grid Cyber Security and CISO Hiring Salary Range: $141,000-$218,000. Actual compensation offer to candidate may vary outside of the posted hiring salary range based upon work experience, education, and/or skill level. Responsibilities
Cyber Security: Provide vision, leadership, and management of the assessment, planning, and execution of the company’s information security strategies, policies, and procedures in conjunction with functional groups across the organization including Energy Markets, Transmission Operations, Reliability Compliance, Physical Security, Generating Stations, and Geographic Information Systems. Act as the focal point for information security, confidentiality, classification, and associated incident response arrangements. Establish and build sound business relationships across the enterprise to enable a strong understanding and close alignment with business needs, direction, and risk tolerance. Provide clear and timely business advice to executive management and the Board of Directors on key information security and assurance issues. Ensure ongoing analysis of information security threats, vulnerabilities, assessing impacts and driving responses. Determine potential impact on the organization’s risk posture. Develop and implement processes to ensure staff are appropriately skilled in monitoring and responding to security incidents. Direct detailed analysis and continuing management of cyber security functions, interoperability of current and proposed cyber systems, infrastructure security requirements, and security related software, hardware, and services. Create, manage, and deliver effective information security awareness training to all employees. Collaborate and recommend provisioning of technical expertise for all information security compliance requirements including North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) requirements and support related audits. Provide strategic information security and risk guidance to third-party suppliers in accordance with internal frameworks and ensure compliance with required controls. Conduct information security risk assessments across the enterprise at suitable intervals. Ensure that key risk issues are understood, communicated, and tracked. Regularly verify that required information security and risk controls are in place, raising findings as non-compliance if found, and driving improvement. Develop and report on key performance indicators and metrics to measure the effectiveness of cybersecurity initiatives. Stay abreast of emerging threats, technologies, and regulatory changes, and proactively adapt the security strategy. Leadership Accountabilities: Enterprise Focus and Leadership; Member System Focus; Champion of cooperative principles; Positive and supportive environment for employees. Qualifications
Education and Training : Bachelor of Science degree in Computer Science, engineering, or related area of study, or equivalent experience gained through progressively greater responsibilities. Professional certification such as CISSP, CISM, CISA, CRISC or other information security credentials is preferred. Knowledge, Skills, And Ability : Deep understanding of information security architecture including firewalls, anti-virus, IDS/IPS, VPNs, remote access, network zoning, monitoring, and application scanning. Knowledge of frameworks such as NIST CSF, CIS Controls, and C2M2 is preferred. Consultative approach to driving change and deploying controls; strong facilitation and stakeholder relationship skills. Strategic long-term planning, effective communication, and ability to articulate complex ideas to non-technical stakeholders. Ability to rapidly grasp new technologies and apply them to cybersecurity and business goals. Strong problem-solving skills and a track record of delivering high performance and customer satisfaction in teams. Other
Willingness and ability to travel as required for training and meetings throughout service territory. Must be able to perform all essential functions of the job. About Us
Tri-State is a wholesale power supply cooperative, operating on a not-for-profit basis, with 43 members, including 40 utility electric distribution cooperative and public power district members in four states: Colorado, Nebraska, New Mexico and Wyoming. Together with its members, Tri-State delivers reliable, affordable and responsible power and energy services to more than a million electricity consumers across nearly 200,000 square miles of the West. Tri-State was founded in 1952 by its member systems to provide a reliable, cost-based supply of electricity. Headquartered in Westminster, Colo., approximately 1,200 people are employed by Tri-State across five states. Tri-State's electricity is generated from coal, natural gas and hydropower, with a rapidly increasing supply generated from wind and solar. Tri-State delivers power to its members through a transmission system that includes substation facilities, telecommunications sites and over 5,700 miles of high voltage transmission lines. Tri-State's transformative Responsible Energy Plan is reducing emissions, increasing renewable resources, developing new energy services and delivering more flexibility for its members.
#J-18808-Ljbffr
Senior Manager Cyber Security and CISO
role at
Tri-State Generation and Transmission Association, Inc. The role is accountable for the creation, implementation and oversight of strategies and programs designed to reduce and mitigate information security risk across the Association, leading an enterprise-wide information security and assurance function and framework, ensuring that confidentiality, integrity and availability requirements of information systems and assets are identified and managed appropriately. This leadership position reports to and works with the Chief Information & Technology Officer (CITO) and other department leaders, including business services, technical services, and the technology office to design and execute the company’s technology roadmap. This forward-looking technology leader participates in the execution of a 24/7 cybersecurity support strategy. As a member of the Information & Technology leadership team, the CISO plays an influential role in making investment and priority trade-off decisions, negotiating, and managing vendor contracts, and recruiting, retaining, and developing high-performing teams. Tri-State recognizes the value of a highly-engaged and committed workforce and provides an excellent benefits program that includes Medical Insurance, Dental Insurance, Vision Insurance, Health Savings Account (HSA), Flexible Spending Accounts (FSA), Tuition Reimbursement, Flexible Work Schedules including compressed work week and telecommuting opportunities to work remotely up to 40%, Life Insurance, 401K, Long Term Disability (LTD), Short Term Disability (STD), Employee Assistance Program (EAP) and Paid Leave Benefits. Senior Manager Grid Cyber Security and CISO Hiring Salary Range: $141,000-$218,000. Actual compensation offer to candidate may vary outside of the posted hiring salary range based upon work experience, education, and/or skill level. Responsibilities
Cyber Security: Provide vision, leadership, and management of the assessment, planning, and execution of the company’s information security strategies, policies, and procedures in conjunction with functional groups across the organization including Energy Markets, Transmission Operations, Reliability Compliance, Physical Security, Generating Stations, and Geographic Information Systems. Act as the focal point for information security, confidentiality, classification, and associated incident response arrangements. Establish and build sound business relationships across the enterprise to enable a strong understanding and close alignment with business needs, direction, and risk tolerance. Provide clear and timely business advice to executive management and the Board of Directors on key information security and assurance issues. Ensure ongoing analysis of information security threats, vulnerabilities, assessing impacts and driving responses. Determine potential impact on the organization’s risk posture. Develop and implement processes to ensure staff are appropriately skilled in monitoring and responding to security incidents. Direct detailed analysis and continuing management of cyber security functions, interoperability of current and proposed cyber systems, infrastructure security requirements, and security related software, hardware, and services. Create, manage, and deliver effective information security awareness training to all employees. Collaborate and recommend provisioning of technical expertise for all information security compliance requirements including North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) requirements and support related audits. Provide strategic information security and risk guidance to third-party suppliers in accordance with internal frameworks and ensure compliance with required controls. Conduct information security risk assessments across the enterprise at suitable intervals. Ensure that key risk issues are understood, communicated, and tracked. Regularly verify that required information security and risk controls are in place, raising findings as non-compliance if found, and driving improvement. Develop and report on key performance indicators and metrics to measure the effectiveness of cybersecurity initiatives. Stay abreast of emerging threats, technologies, and regulatory changes, and proactively adapt the security strategy. Leadership Accountabilities: Enterprise Focus and Leadership; Member System Focus; Champion of cooperative principles; Positive and supportive environment for employees. Qualifications
Education and Training : Bachelor of Science degree in Computer Science, engineering, or related area of study, or equivalent experience gained through progressively greater responsibilities. Professional certification such as CISSP, CISM, CISA, CRISC or other information security credentials is preferred. Knowledge, Skills, And Ability : Deep understanding of information security architecture including firewalls, anti-virus, IDS/IPS, VPNs, remote access, network zoning, monitoring, and application scanning. Knowledge of frameworks such as NIST CSF, CIS Controls, and C2M2 is preferred. Consultative approach to driving change and deploying controls; strong facilitation and stakeholder relationship skills. Strategic long-term planning, effective communication, and ability to articulate complex ideas to non-technical stakeholders. Ability to rapidly grasp new technologies and apply them to cybersecurity and business goals. Strong problem-solving skills and a track record of delivering high performance and customer satisfaction in teams. Other
Willingness and ability to travel as required for training and meetings throughout service territory. Must be able to perform all essential functions of the job. About Us
Tri-State is a wholesale power supply cooperative, operating on a not-for-profit basis, with 43 members, including 40 utility electric distribution cooperative and public power district members in four states: Colorado, Nebraska, New Mexico and Wyoming. Together with its members, Tri-State delivers reliable, affordable and responsible power and energy services to more than a million electricity consumers across nearly 200,000 square miles of the West. Tri-State was founded in 1952 by its member systems to provide a reliable, cost-based supply of electricity. Headquartered in Westminster, Colo., approximately 1,200 people are employed by Tri-State across five states. Tri-State's electricity is generated from coal, natural gas and hydropower, with a rapidly increasing supply generated from wind and solar. Tri-State delivers power to its members through a transmission system that includes substation facilities, telecommunications sites and over 5,700 miles of high voltage transmission lines. Tri-State's transformative Responsible Energy Plan is reducing emissions, increasing renewable resources, developing new energy services and delivering more flexibility for its members.
#J-18808-Ljbffr