Provides a strategic governance, awareness and outreach program relating to information security, physical security and industrial control systems security. Collaborate with stakeholders on defining problem statements, articulating a future state and steps to achieve program and business goals.
Creates and communicates a strategic security awareness and outreach program that prepares participants and stakeholders against emerging security challenges and threats. Develops approaches, policies, and processes that allow ERCOT to maximize its effectiveness and progressively achieve higher levels of security and protection. Expands ERCOT’s capabilities and innovation in control system security and information assurance technology to exert influence and leadership across the region to increase and enhance security, reliability and resiliency.
- Establishes a security awareness and outreach program focused on identifying the top risks to the organization. Develops and maintains the program to effectively change behaviors so that users and stakeholders act in a secure manner, reducing the most risk to the organization.
- Establishes security policies, requirements and procedures following industry best practices and regulatory requirements. Communicates the security policies and requirements so that users and stakeholders know and understand them.
- Utilizes strong technical skills to establish an interactive high-tech awareness curriculum that may include gamification, in-person exercises, online instruction and/or hands-on user experiences.
- Manages the security liaison committee and ensures frequent and consistent two-way communication between security and lines of business.
- Exercises strong communication skills when working with ERCOT management, staff, stakeholder groups, industry associations and external agencies.
- Anticipates changes to ERCOT’s risk profile and recommends changes to security controls to minimize risk.
- Retains awareness of evolving security threats, and threats to ERCOT’s control systems infrastructure
- Shares relevant information with industry peers to promote and maintain awareness of active threats and threat actors.
- Interfaces with public sector partners to identify and engage in opportunities for threat information sharing and cooperative protection.
- Maintains expert knowledge regarding control systems security and domain-specific knowledge about ERCOT’s control systems infrastructure and security controls.
- Ability to manage multiple strategic efforts.
- Performs other duties as assigned.
- Bachelor’s degree in Business Administration, Information Systems, Computer Science, Information Assurance, or field applicable to the requirements is required.
- Master’s degree preferred.
- Minimum of five (5) years (in excess of degree requirements stated above) of progressively responsible experience in information security
Certifications & Licenses
- Certifications such as Certified Information Systems Auditor (CISA), Certified Protection Professional (CPP), Certified Information Security Manager (CISM), or Certified Information Systems Security Professional (CISSP) strongly preferred.
- Must be able to obtain and maintain U.S. Government SECRET clearance