The Security Operations and Engineering team is responsible for ensuring that Duquesne Light Company’s (DLC) systems and networks are secure. Managing DLC’s Security Operations entails the design, build, operation and ongoing growth of all facets of the security capability of the organization. DLC aligns its cybersecurity program with the National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity.
This role serves as a senior member of the Chief Information Security Officer (CISO) organization and reports directly to the CISO. This position manages a diverse set of analysts, specialists and engineers tasked with securing DLC’s corporate and industrial control systems. The successful candidate will manage several key cybersecurity disciplines including but not limited to the protection of company assets, detection of security incidents, response to incidents and recovery from incidents. The position will also manage the strategic vendor partnerships DLC has put in place to augment security capability.
This role will support the secure design, development, and implementation of organization wide information security platforms. Additional responsibilities include security architecture for ensuring that security designs are addressed in a manner which minimizes risk while allowing for necessary business functionality.
Lead a diverse team of analysts, specialists, engineers, and vendor partners responsible for planning, design, implementation, and ongoing support of security systems of high complexity to fulfill the business needs.
Build and efficiently manage security monitoring and incident response.
Facilitate incident response activities.
Work with Project Management Office to facilitate projects, develop timelines and drive deliverables for on time and on budget delivery.
Facilitate a forward looking view of threats, perform risk analysis and the develop appropriate security solutions and responses.
Manage staff, including selection, goal setting, annual reviews, and career development.
Track and ensure adequate and timely resolution to identified security issues.
Review and approve implementation of emerging security technologies and latest regulatory and compliance requirements for security policies, operational standards, and security control framework to enhance security services.
Maintain management reports, metrics associated with information security risk, compliance and other functional areas as defined by management.
Increase team efficiency and effectiveness through Security Orchestration Automation and Response
Typically manages a more narrow area (multiple business units) or critical function or function managed requires a broad area of expertise. Or/ Managers managing a single business unit with a greater risk exposure. Or/ is the third level manager in a production based on transactional environment.
Roles at this level require a university/college degree. Higher level education such as a master’s degree, PhD, or certification is normally desired. Relevant experience to be successful in the given role is typically 10+ years. At least 3+ years of prior management experience is required. Hold a known industry security certification such as those from ISC2 or ISACA.
Experience managing the deployment and operations of Security tools and products.
Broad knowledge of security architecture, engineering and security controls in various infrastructure platforms.
Results oriented and an ability to balance multiple priorities or activities.
Ability to conduct vulnerability assessments or review and devise steps to remediate audit feedback.
Knowledge of cloud computing security concepts and platforms (for example Azure or AWS).
Experience orchestrating incident response recovery steps and formulating tabletop exercises.
Knowledge of various security regulations.
Primary focus is on day to day team management and operational execution. Develops and exercises business plans, policies, and procedures. Contributes to proactive planning exercises of management team as requested. Trains and develops staff. Plans appropriate work flow. Looks for areas of process improvement and directs available resources to accomplish this. Leads changes and implementations for direct team as pushed down through the organization. Increased risk or scope to the organization.
Resolves problems of a great complexity. Improves existing processes & systems using conceptualizing, reasoning, and interpretation skills. Solutions require thorough understanding of business strategies and issues. Defines broad based solutions that would require consideration of wider implications on organization results and resources.