OT AND NETWORK SECURITY MANAGER

PNM Resources - Albuquerque, NM

Full-time
  • Job Type:
  • Job Category: Information Technology
  • Location: Albuquerque, New Mexico, United States
  • Education Level:
  • Apply URL: https://jobs.pnmresources.com/psc/pnmjobs/EMPLOYEE/HRMS/c/HRS_HRAM.HRS_APP_SCHJOB.GBL?Page=HRS_APP_JBPST&Action=U&SiteId=10&FOCUS=Employee&JobOpeningId=6086581&PostingSeq=1
Job Description:
PNM Resources

Job ID: 6086581
Date: 09/18/2019
Location: PNM Resources, Albuquerque, NM

POSTING DEADLINE
Applications must be submitted by: October 6, 2019

DEPARTMENT: Operations Technology
JOB DESCRIPTION
This position is covered by NERC CIP cyber security standards. Prior to being hired, promoted, or transferred into the position, the candidate must successfully pass a Personnel Risk Assessment, which includes identity verification and a criminal background check.

Prior to being granted unescorted access to cyber secure areas, the candidate must attend cyber security training. Annual cyber security training is also required.

SUMMARY:
Directs and manages a team that designs and implements security and compliance solutions to support utility operations and corporate systems for both PNM and TNMP. Partners across the enterprise and with external stakeholders to formalize application plans and oversee the successful delivery of related projects including activities for support of security compliance and best practices including NERC CIP standards

ESSENTIAL DUTIES AND RESPONSIBILITIES:
Ensures that technology and security for the operations areas and corporate environment is planned and implemented with a full understanding of how it will benefit/impact the company's overall vision, mission, and operation; directs and oversees the development and delivery of technical training on new and emerging technologies as part of implementation or as requested

Facilitates development, testing and installation of cyber and physical security technology solutions, including but not limited to: firewalls, network switches and routers, security event monitoring, log management tools, anti-virus/malware prevention tools, and vulnerability assessment solutions

Leads and directs development and implementation of NERC CIP solutions and ensures practices adhere to applicable compliance requirements, guidelines, procedures and policies

Negotiates, updates, manages, and reports on, service level agreements and addendums in support of security solutions utilized by operations and corporate personnel

Manages the annual departmental budget, which supports the implementation of approved plans and projects across multiple areas of the PNM Resources enterprise as it relates to security technology
Supports and facilitates performance monitoring against established plan to stay within budget, ensures client satisfaction and establishes a quality assurance process to ensure delivery of quality services, and expected availability of systems

Develops metrics to ensure process success or areas of improvement and follows up with issues including developing solutions. Supports monitoring of daily performance of all roles to ensure proper results are being delivered and establish and manage key performance metrics and indicators for technology solutions and the team

Participates as key member of senior technology management team to develop, coordinate, and execute overall Information Technology and IS Business Plans

Supports Security, technology groups and other departments with continuity planning including incident event management, incident response, and disaster recovery

Assists with development of control system and information system strategy and design for network security and system architecture

Provides specialized engineering and field expertise and project support in areas of security and technology deployment. Aligns security and compliance solutions with Company vision and strategy, consistent with the technology roadmap that marries existing infrastructure and applications with implementation of new/advanced technologies

Leads technology-related compliance activities, including development of documentation required for self-certifications, on-site audits, and the preparation of self-reports and mitigation plans for regulatory violations.

Acts as a subject matter expert to process and respond to physical and cyber security alerts issued through the ES-ISAC, ICS-CERT, US-CERT as applicable.

Participates in internal and external spot checks and reviews to ensure compliance with regulatory standards, internal security policy, and coordinates with PNMR internal audit staff, as appropriate

COMPETENCIES
Demonstrated ability to effectively direct and manage geographically distributed people through developing, empowering, motivating, and appropriate decision making, while maintaining successful working relationships

In-depth understanding of technology, compliance and security directions, trends and strategic business impacts of key business and technology initiatives

Excellent interpersonal skills and the ability to work effectively across the organization as well as outside stakeholders, including, but not limited to, national and international organizations, governmental agencies/entities, universities, national laboratories, and vendors

Ability to actively participate in industry strategy, policy setting, planning, operating and/or commercial practices committees such as the WICF, EEI, WECC, & NERC

Knowledge of electric distribution, transmission, and generation systems

Proven ability as a high energy, results-oriented leader who can work collaboratively with colleagues and teams that are geographically dispersed

Ability as an analytical and critical thinker with attention to detail who regularly seeks innovative solutions to complex business and technology issues

Ability to generate trust, build alliances and establish immediate credibility within the company, and with external organizations and vendors

Ability to operate in a transforming environment and culture, and to create change, advance ideas and be comfortable with ambiguity

Knowledge of the company's budget process, preparation, and interrelationships with other department budget

MINIMUM EDUCATION AND/OR EXPERIENCE
Bachelor's degree in Computer Science, Engineering, Information Systems, Information Security or relevant degree with seven to nine years of related experience, to include two years of management experience, or equivalent combination of education and/or experience related to the discipline

Master's degree is preferred

CERTIFICATIONS:
Certification in security or systems control related field: CISSP, CISA, CISM, or generally accepted equivalent is required.

SUPERVISORY RESPONSIBILITIES
Hires, develops, trains, evaluates, and supervises geographically dispersed staff, including managers. Directs, organizes, prioritizes, and schedules work assignments. Responsible for employee development mentoring and performance management skills.
COMPUTER SKILLS
Ability to operate standard company administrative programs
Working knowledge of spreadsheet and word processing software
Ability to load, operate, and understand engineering and financial based programs

Ability to understand cyber security approaches and systems.

Strong working knowledge of current marketed security tools and technologies

Strong working knowledge of industry regulations (NERC CIP, Sarbanes Oxley, PCI) and industry security standards (NIST, ISO)

ANALYSIS AND PROBLEM-SOLVING ABILITY
Ability to identify and define problems and process breakdowns. Ability to collect data, establish facts, and draw valid and concrete conclusions that can be acted upon. Ability to apply creativity to problem solving and utilize analytic skills and modeling capabilities to provide ongoing insight into the business and to make high level strategy recommendations and decisions.

DECISION MAKING
Ability to conduct and guide enterprise Information Security project and operations activities and practices within the bounds of approved security programs and policies, and in accordance generally accepted security principles and standards.

SCOPE AND IMPACT:
Electronically protects all enterprise computing platforms for the purpose of providing and preserving confidentiality, integrity, and availability of all corporate systems, applications and data. Electronic protection of systems within the scope of this position is intended to minimize potential costs directly related to operational, legal, regulatory, and reputation risk from loss of enterprise system operation or confidential or proprietary information.
SALARY RANGE
Salary Grade: G04
Minimum Midpoint Maximum
$84,773 - $114,443 - $144,114

EQUAL OPPORTUNITY STATEMENT
PNM Resources and affiliates are Equal Opportunity/Affirmative Action employers. Women, minorities, disabled individuals and veterans are encouraged to apply.
PI113801584