Manager, Information Security Operations & Engineering
Albuquerque, New Mexico
Employer: PNM Resources
Industry:
Salary: $99778 - $134699 per year
Job type: Full-Time
POSTING DEADLINE
This position is posted until filled.
DEPARTMENT
Department: Information Security
JOB DESCRIPTION
Manager, Information Security Operations & Engineering
Salary Grade: G04
Minimum Midpoint Maximum
$99,778 - $134,699 - $169,622
This position is covered by NERC CIP cyber security standards. Prior to being hired, promoted, or transferred into the position, the candidate must successfully pass a Personnel Risk Assessment, which includes identity verification and a criminal background check. Prior to being granted unescorted access to cyber secure areas, the candidate must attend cyber security training. Annual cyber security training is also required.
SUMMARY:
Ensures technical and logical security mechanisms are in place to protect enterprise assets and information from unauthorized access. Provides technical expertise to implement and maintain security measures to protect confidentiality, integrity, and availability of enterprise electronic systems information.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
Recommends, implements, and maintains technical and procedural controls to provide security in the most reasonable and cost-effective manner; interprets standards, requirements, and their application to the enterprise environment
Performs implementation, testing, oversight, and administration for enterprise security applications, platforms, and solutions, including but not limited to: firewalls, intrusion detection and prevention, identity and access management, encryption solutions, Virtual Private Networks, security event monitoring, log management tools, anti-virus/malware prevention tools, and vulnerability assessment solutions
Acts as a subject matter expert to process and respond to potential and actual cyber security incidents, or alerts issued through the ES-ISAC, ICS-CERT, US-CERT as applicable to enterprise systems and operations
Participates in internal and external audits and reviews to ensure compliance with regulatory standards, internal security policy, and coordinates with internal audit staff, as appropriate
Acts as a liaison with other internal groups in the implementation of solutions utilized by the Mandatory Reliability Standard Compliance Program
Develops, implements, and coordinates change/configuration management and security testing for enterprise systems
Assists Information Security team members and internal clients in addressing highly complex security issues applicable to enterprise environment
COMPETENCIES:
In-depth management, negotiation, technical skills, and demonstrated leadership and customer service skills
Ability to utilize working knowledge of information security best practices such as: NIST 800 series, ISO 27000 series, ISA, or COBIT
Excellent skills in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology
Ability to understand enterprise business computing operations/requirements, and fundamental power generation operations
Knowledge of forensics, incident analysis, and incident response management
Demonstrated skills in personnel management, budget management, and conflict management
Ability to stand firm on issues yet be flexible and creative when working with customers to find effective solutions
Ability to organize, create, and deliver technical proposals and presentations to peers and management
Ability to understand and interpret laws and regulatory requirements related to information protection, and develop and implement appropriate processes to keep the Company in compliance and reduce legal liabilities
Project Management knowledge and experience a strong plus
QUALIFICATIONS
MINIMUM EDUCATION AND/OR EXPERIENCE:
Bachelor's degree from four-year college or university in Information Resource Management, Business Computer Systems, Computer Science or Computer Security with seven to nine years related experience, or equivalent combination of education and/or experience related to the discipline.
Master's degree preferred.
CERTIFICATES, LICENSES, REGISTRATIONS:
Certification in security or systems control related field: I.e., CISSP, CISA, or CISM.
SUPERVISORY RESPONSIBILITIES:
Hires, trains, evaluates, rewards, and terminates employees. Designs, organizes, prioritizes, schedules, and leads work assignments. Fosters good working relationships with various groups. Appraises performance, rewards and disciplines employees, addresses complaints, and resolves problems. Indirectly supervises and guides enterprise employees, contractors, and electronic system users for performance of job functions in accordance with enterprise security programs, policies, and procedures.
COMMUNICATION SKILLS:
Ability to respond effectively to highly sensitive inquiries or complaints
Ability to effectively give persuasive speeches and presentations on controversial or complex topics to various audiences
Ability to read and interpret complex documents such as safety rules, operating and maintenance instructions, and procedure manuals
Ability to write complex reports, regulatory documents, policies and correspondence
Ability to speak effectively before groups of customers or employees of organization
MATHEMATICAL SKILLS:
Ability to calculate figures and amounts such as discounts, interest, commissions, proportions, percentages, area, circumference, and volume
Ability to apply concepts of basic algebra and geometry
COMPUTER SKILLS:
In-depth knowledge and experience with mainframe and client/server applications and information security issues
Strong working knowledge of current marketed security tools and technologies
Strong working knowledge of industry regulations (NERC CIP, Sarbanes Oxley, PCI) and industry security standards (NIST, ISO)
ANALYSIS AND PROBLEM-SOLVING ABILITY:
Ability to strategically approach issues. Ability to be proactive, adept at working with cross-functional teams and stakeholder groups. Ability to synthesize complex information. Ability to apply creativity to problem solving and utilize analytic skills and modeling capabilities to provide ongoing insight into the business and to make recommendations and decisions. Ability to identify and develop remediation or mitigation plans as necessary. Ability to coordinate with, and lead, cross-functional team of technical experts.
DECISION MAKING:
Ability to conduct and guide enterprise Information Security project and operations activities and practices within the bounds of approved security programs and policies, and in accordance generally accepted security standards.
SCOPE AND IMPACT:
Electronically protects all enterprise computing platforms for the purpose of providing and preserving confidentiality, integrity, and availability of all corporate systems, applications and data. Electronic protection of systems within the scope of this position is intended to minimize potential costs directly related to operational, legal, regulatory, and reputation risk from loss of enterprise system operation or confidential or proprietary information.. Failure to protect systems from unauthorized electronic access exposes Company to heightened regulatory oversight, monetary sanctions, and increases vulnerability to malicious cyber-attack against Company cyber assets essential to enterprise operations.
PHYSICAL DEMANDS:
While performing the duties of this job, the employee is frequently required to stand, sit, and/or walk up to 2/3 of the time. The employee must occasionally lift and/or move up to 25 pounds.
WORK ENVIRONMENT:
Office environment.
Travel required.
EQUAL OPPORTUNITY STATEMENT
Safety Statement:
Safety is a core value at (TXNM Energy/PNM/TNMP) and our vision, "everyone goes home safe", reflects our commitment to promoting an environment conducive to learning, improving and building safety practices. Our safety value is built upon the belief that every employee deserves to work in an environment free from harm.
Americans with Disabilities Act (ADA) Statement:
TXNM Energy is committed to providing reasonable accommodations for qualified individuals with disabilities in compliance with the ADA. If you require assistance with the job application process due to a disability, please contact HR ADA Analyst, at 505-241-4627.
DEI Statement:
At TXNM Energy, we value the diversity of our workforce and actively seek opportunities for incorporating Diversity, Equity, and Inclusion (DEI) within our family of companies. We believe a diverse workforce enriches our environment and helps us better meet the needs of our employees, customers, and shareholders. We remain committed to attracting and sustaining a diverse workforce and retaining high-performing employees who work collaboratively to carry out the Company's purpose.
TXNM Energy and affiliates are Equal Opportunity/Affirmative Action employers. Women, minorities, disabled individuals and veterans are encouraged to apply.
#PNMR
This position is posted until filled.
DEPARTMENT
Department: Information Security
JOB DESCRIPTION
Manager, Information Security Operations & Engineering
Salary Grade: G04
Minimum Midpoint Maximum
$99,778 - $134,699 - $169,622
This position is covered by NERC CIP cyber security standards. Prior to being hired, promoted, or transferred into the position, the candidate must successfully pass a Personnel Risk Assessment, which includes identity verification and a criminal background check. Prior to being granted unescorted access to cyber secure areas, the candidate must attend cyber security training. Annual cyber security training is also required.
SUMMARY:
Ensures technical and logical security mechanisms are in place to protect enterprise assets and information from unauthorized access. Provides technical expertise to implement and maintain security measures to protect confidentiality, integrity, and availability of enterprise electronic systems information.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
Recommends, implements, and maintains technical and procedural controls to provide security in the most reasonable and cost-effective manner; interprets standards, requirements, and their application to the enterprise environment
Performs implementation, testing, oversight, and administration for enterprise security applications, platforms, and solutions, including but not limited to: firewalls, intrusion detection and prevention, identity and access management, encryption solutions, Virtual Private Networks, security event monitoring, log management tools, anti-virus/malware prevention tools, and vulnerability assessment solutions
Acts as a subject matter expert to process and respond to potential and actual cyber security incidents, or alerts issued through the ES-ISAC, ICS-CERT, US-CERT as applicable to enterprise systems and operations
Participates in internal and external audits and reviews to ensure compliance with regulatory standards, internal security policy, and coordinates with internal audit staff, as appropriate
Acts as a liaison with other internal groups in the implementation of solutions utilized by the Mandatory Reliability Standard Compliance Program
Develops, implements, and coordinates change/configuration management and security testing for enterprise systems
Assists Information Security team members and internal clients in addressing highly complex security issues applicable to enterprise environment
COMPETENCIES:
In-depth management, negotiation, technical skills, and demonstrated leadership and customer service skills
Ability to utilize working knowledge of information security best practices such as: NIST 800 series, ISO 27000 series, ISA, or COBIT
Excellent skills in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology
Ability to understand enterprise business computing operations/requirements, and fundamental power generation operations
Knowledge of forensics, incident analysis, and incident response management
Demonstrated skills in personnel management, budget management, and conflict management
Ability to stand firm on issues yet be flexible and creative when working with customers to find effective solutions
Ability to organize, create, and deliver technical proposals and presentations to peers and management
Ability to understand and interpret laws and regulatory requirements related to information protection, and develop and implement appropriate processes to keep the Company in compliance and reduce legal liabilities
Project Management knowledge and experience a strong plus
QUALIFICATIONS
MINIMUM EDUCATION AND/OR EXPERIENCE:
Bachelor's degree from four-year college or university in Information Resource Management, Business Computer Systems, Computer Science or Computer Security with seven to nine years related experience, or equivalent combination of education and/or experience related to the discipline.
Master's degree preferred.
CERTIFICATES, LICENSES, REGISTRATIONS:
Certification in security or systems control related field: I.e., CISSP, CISA, or CISM.
SUPERVISORY RESPONSIBILITIES:
Hires, trains, evaluates, rewards, and terminates employees. Designs, organizes, prioritizes, schedules, and leads work assignments. Fosters good working relationships with various groups. Appraises performance, rewards and disciplines employees, addresses complaints, and resolves problems. Indirectly supervises and guides enterprise employees, contractors, and electronic system users for performance of job functions in accordance with enterprise security programs, policies, and procedures.
COMMUNICATION SKILLS:
Ability to respond effectively to highly sensitive inquiries or complaints
Ability to effectively give persuasive speeches and presentations on controversial or complex topics to various audiences
Ability to read and interpret complex documents such as safety rules, operating and maintenance instructions, and procedure manuals
Ability to write complex reports, regulatory documents, policies and correspondence
Ability to speak effectively before groups of customers or employees of organization
MATHEMATICAL SKILLS:
Ability to calculate figures and amounts such as discounts, interest, commissions, proportions, percentages, area, circumference, and volume
Ability to apply concepts of basic algebra and geometry
COMPUTER SKILLS:
In-depth knowledge and experience with mainframe and client/server applications and information security issues
Strong working knowledge of current marketed security tools and technologies
Strong working knowledge of industry regulations (NERC CIP, Sarbanes Oxley, PCI) and industry security standards (NIST, ISO)
ANALYSIS AND PROBLEM-SOLVING ABILITY:
Ability to strategically approach issues. Ability to be proactive, adept at working with cross-functional teams and stakeholder groups. Ability to synthesize complex information. Ability to apply creativity to problem solving and utilize analytic skills and modeling capabilities to provide ongoing insight into the business and to make recommendations and decisions. Ability to identify and develop remediation or mitigation plans as necessary. Ability to coordinate with, and lead, cross-functional team of technical experts.
DECISION MAKING:
Ability to conduct and guide enterprise Information Security project and operations activities and practices within the bounds of approved security programs and policies, and in accordance generally accepted security standards.
SCOPE AND IMPACT:
Electronically protects all enterprise computing platforms for the purpose of providing and preserving confidentiality, integrity, and availability of all corporate systems, applications and data. Electronic protection of systems within the scope of this position is intended to minimize potential costs directly related to operational, legal, regulatory, and reputation risk from loss of enterprise system operation or confidential or proprietary information.. Failure to protect systems from unauthorized electronic access exposes Company to heightened regulatory oversight, monetary sanctions, and increases vulnerability to malicious cyber-attack against Company cyber assets essential to enterprise operations.
PHYSICAL DEMANDS:
While performing the duties of this job, the employee is frequently required to stand, sit, and/or walk up to 2/3 of the time. The employee must occasionally lift and/or move up to 25 pounds.
WORK ENVIRONMENT:
Office environment.
Travel required.
EQUAL OPPORTUNITY STATEMENT
Safety Statement:
Safety is a core value at (TXNM Energy/PNM/TNMP) and our vision, "everyone goes home safe", reflects our commitment to promoting an environment conducive to learning, improving and building safety practices. Our safety value is built upon the belief that every employee deserves to work in an environment free from harm.
Americans with Disabilities Act (ADA) Statement:
TXNM Energy is committed to providing reasonable accommodations for qualified individuals with disabilities in compliance with the ADA. If you require assistance with the job application process due to a disability, please contact HR ADA Analyst, at 505-241-4627.
DEI Statement:
At TXNM Energy, we value the diversity of our workforce and actively seek opportunities for incorporating Diversity, Equity, and Inclusion (DEI) within our family of companies. We believe a diverse workforce enriches our environment and helps us better meet the needs of our employees, customers, and shareholders. We remain committed to attracting and sustaining a diverse workforce and retaining high-performing employees who work collaboratively to carry out the Company's purpose.
TXNM Energy and affiliates are Equal Opportunity/Affirmative Action employers. Women, minorities, disabled individuals and veterans are encouraged to apply.
#PNMR
Created: 2024-09-11
Reference: 6088696
Country: United States
State: New Mexico
City: Albuquerque
ZIP: 87121
Similar jobs:
-
OPERATIONS ENGINEER - TELEMETRY - TRANSPORTABLE TELEMETRY SYSTEMS (TTS) - 4 POSITIONS
Southwest Range Services in WHITE SANDS MISSILE RANGE, New Mexico -
Engineer, Operations (Carlsbad, NM)
Enterprise Products in Carlsbad, New Mexico -
SUPV PRINCIPAL GENERAL ENGINEER/ PHYSICAL SCIENTIST/ OPERATIONS RESEARCH ANALYST -DIRECT HIRE AUTH
Department of the Air Force - Agency Wide in Kirtland AFB, New Mexico -
Distinguished Facilities Operations & Engineering Lead - Onsite
Sandia in Albuquerque, New Mexico -
Accelerator Operations Engineered Systems Tec (Engineered Systems Tec 4/5)
Accelerator Operations - AOT-OPS in Los Alamos, New Mexico💸 $69500 - $110300 per year