POSITION SUMMARY: The Information Security Manager is responsible for all aspects of the IT Information Security program at NuScale. This includes protecting company intellectual property, and other sensitive data, from unauthorized disclosure as well as reducing risk to the company from threats that may compromise the availability or integrity of information processing systems. The Information Security Manager is responsible for leading security strategy, actively participating in its implementation & operation, and assessing overall effectiveness within the company.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
- Work with the IT Director to develop, implement, and maintain the strategic vision and plan for the information security program.
- Responsible for the implementation, operation, and continual improvement of the information security program.
- Collaborate across the organization to ensure the needs of relevant stakeholders are addressed.
- Hire, contract, and/or manage personnel to ensure services are delivered in an effective and timely manner.
- Establish and maintain regular security audits of infrastructure, personnel behavior, and contracted services.
- Investigate security incidents and provide regular reports to upper management.
- Serve as the internal and external primary point of contact on information security issues.
- Maintain current in-depth knowledge of issues related to information security.
- Mentor and train staff to foster a security culture at NuScale.
- Ensure information security and infrastructure operations teams work closely to maintain core services for the business.
- Ensure there is adequate emergency coverage for information security issues, as required.
- Performs other duties as assigned.
CORE COMPETENCIES: To perform the job successfully, the individual should demonstrate competencies in performing the essential functions of this position by performing satisfactorily in each of these competencies.
- Business Acumen: A strategic thinker with good business perspective and an understanding of the company’s business. Able to function comfortably in political interactions. Capable of developing strong interpersonal networks within the organization.
- Problem solving: Decisive with good judgment. Identifies and resolves problems in an efficient and effective manner. Gathers and reviews information appropriately. Uses own judgment and acts independently; seeks input from other team members as appropriate for complex or sensitive situations.
- Oral/written communication: Strong communication skills, externally and internally. Listens carefully and speaks clearly and professionally in all situations. Edits work for accuracy and clarity, Is able to create, read and interpret complex written information.
- Planning/organizing: Capable leader; able to establish a vision and align an organization around the vision. Prioritizes and plans work activities, organizes personal and project timelines and deadlines, tracks project timelines and deadlines, and uses time efficiently.
- Integrity: Is trusted by peers and subordinates.
- Adaptability: Adapts to changes in the work environment, manages competing demands and is able to deal with frequent interruptions, changes, delays, or unexpected events.
- Dependability: Consistently on time and at work, responds to management expectations.
- Team Building: Capable of developing strong interpersonal networks and trust within the organization, setting expectations and requirements and achieving accountability of supervised personnel. Leads consensus by involving all stakeholders, facilitating their understanding of differences, agreeing on requirements and constraints, and developing the best solution.
- Safety Culture: Adheres to the NuScale Safety culture and is expected to model safe behavior and influence peers to meet high standards.
MINIMUM SKILLS, QUALIFICATIONS AND ABILITIES:
- Education: A minimum of a B.S. degree in Computer Science or IT Security from a four year accredited college or university with 5 years of relevant experience or a degree in a technical or business field and 10 years relevant experience.
- Experience: A minimum of 10 years’ experience in complex IT environments. This includes direct experience working on enterprise-wide security strategy and policy. A successful candidate will have a CISSP, SANS GSE, or other equivalent certification.
- Required experience and skills in the following areas:
- Strong understanding of formalized programs and regulatory frameworks (e.g. : ISO 27001, NIST 800, PCI, SOX)
- Strong understanding of data loss prevention and IDS/IPS systems
- Experience with physical security issues related to staff, facilities, and equipment
- Experience communicating complex issues to upper management
- Leading incident response teams throughout the entire incident lifecycle.
- Experience in conducting investigations related to sensitive issues.
- Strong understanding of advanced security threats, detection techniques, mitigation strategies, and cleanup methods for commodity malware, targeted APTs, insider threats, blended attacks, espionage, etc.
- Strong knowledge of and experience using a variety of security tools & processes (penetration testing tools, forensic tools, risk assessment, etc.) for securing both the core network and end-points.
- Preferred/desired skills and experience
- Familiarity with nuclear cyber security concerns and regulations from design to operation
- Strong understanding of export control regulations (e.g.: 10 CFR 810, ITAR, etc.)
- Experience operating and supporting least-privilege enterprise infrastructure and applications at scale (SharePoint, Exchange, Active Directory, MS System Center, MS SQL, Linux, etc.)
- Experience working in complex heterogeneous multi-site networks
- Encryption (at-rest, in-transit, & application containerization) and public key infrastructure
- Familiarity with network devices, end-point authentication, and fingerprinting
- Scripting and programming (PowerShell, Bash, CMD, VB Script, C#, ASP.Net,)
- Industry Requirements: Eligible to work under Department of Energy 10 CFR Part 810.
- Management: Proven track record of managing staff from multiple disciplines and coordinating design interfaces to provide design solutions in a timely manner.
- Quality Assurance: Demonstrated understanding and implementation of quality assurance regulations, standards and guidelines of 10 CFR 50 Appendix B, 10 CFR 21, and NQA-1 preferred.
PHYSICAL DEMANDS: The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- Ability to understand and communicate clearly using a phone, personal interaction, and computers.
- Ability to learn new job functions and comprehend and understand new concepts quickly and apply them accurately in a rapidly evolving environment.
- The employee frequently is required; to sit and stand; walk; bend, use hands to operate office equipment; and reach with hands and arms.
- Ability to travel nationally and locally using common forms of transportation.
Disclaimer: Employee(s) must perform the essential duties and responsibilities with or without reasonable accommodation efficiently and accurately without causing significant safety threat to self or others. The above statements are intended to describe the general nature and level of work being performed by employee(s) assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and/or skills required of all employees in this classification.
Job Type: Full-time
Job Type: Full-time
- Cyber Security: 10 years (Required)
- Paid time off
- Parental leave
- Health insurance
- Dental insurance
- Healthcare spending or reimbursement accounts such as HSAs or FSAs
- Other types of insurance
- Retirement benefits or accounts
- Gym memberships or discounts
- Employee discounts
- Flexible schedules
- Workplace perks such as food/coffee and flexible work schedules