Flexible Work Arrangement: Hybrid

Cybersecurity is essential to ensure the security, resilience, and compliance of the systems and data used to manage the power grid. The (Sr.) Manager, Enterprise Information Security plays a critical role in ensuring this security and compliance by leading a team responsible for executing critical functions and programs designed to keep PJM's systems and data secure and in compliance with NERC CIP and other requirements. These functions include the cyber risk management program, configuration management, vulnerability and patch management, and supply chain security as well as information protection, cybersecurity assessments, red teaming, and phishing training are additional critical elements of this position.

Essential Functions:

Develop, maintain, and execute a risk management program that includes cybersecurity, IT compliance, and information system resilience risks. Regularly assess changes to risk ratings and mitigations
Oversee the execution of an annual risk assessment, including action plans to mitigate risks
Make decisions that effectively balance security risk with operational and business risk
Oversee the supply chain cybersecurity risk program in compliance with NERC CIP-013 and vendor review policies
Oversee a robust vulnerability management program, including system scanning, results analysis, and remediation follow-up
Support application security assessments by ensuring that staff are effectively assigned to projects, are assessing security against well-defined requirements, and are validating controls. Ensure that penetration tests are performed, as needed.
Define and oversee objectives for red teaming to test the effectiveness of PJM's security controls
Oversee the development and execution of an annual simulated spear phishing training program
Oversee the execution of an annual information protection program that includes controls for classifying, protecting, and monitoring PJM's security controls for sensitive information, including BCSI, PII, and other types of sensitive information in compliance with NERC CIP-011 requirements
Manage systems security by implementing and maintaining policies and procedures for management of ports and services and security patch management in compliance with NERC CIP-007 requirements, including annual vulnerability assessments
Oversee configuration change management processes, including developing baseline configurations and monitoring for unauthorized changes in compliance with NERC CIP-010 requirements
Provide leadership and management to department and matrixed staff in the execution of departmental responsibilities, providing appropriate opportunities for development, ensuring department staff are trained in necessary skills and competencies, and staff performance is managed to accomplish departmental goals
Define, maintain, operate and improve department functions and programs, including its documentation, processes, and supporting technology; provide reporting of program operations through routine reports, presentations and other deliverables as needed
Staff department programs with qualified employees, contractors and matrixed support from across the division, as needed
Establish a sense of urgency to complete tasks in an efficient and cost-effective manner while creating, establishing and enhancing relationships (both internal and external to the organization)
Participate in NERC CIP audit readiness activities including gathering and presentation of evidence to demonstrate compliance with requirements
Other duties, as assigned

Characteristics & Qualifications:

Required:

Bachelor's Degree in Computer Science, Engineering or 10+ years of leadership experience in a managerial/supervisory role
2+ years of leadership experience in a managerial/supervisory role
At least 5 years of work experience in Cyber Security, Information Security and Risk Management

Preferred:

Master's Degree in Business Administration
5-10 years of leadership experience in a managerial/supervisory role.
At least 5 years of experience in cybersecurity, compliance, or IT-related leadership experience
Ability and desire to build relationships and interact with a wide range of stakeholders and staff to maintain and enhance PJM's customer service reputation
Experience with PJM operations, markets, and planning functions
Certified Ethical Hacker (CEH)
Certified Information Systems Security Professional (CISSP)
Certified Information Systems Auditor (CISA)

Apply Here

*Flexible Work Arrangement: Hybrid*

Develop, maintain, and execute a risk management program that includes cybersecurity, IT compliance, and information system resilience risks. Regularly assess changes to risk ratings and mitigations

Oversee the execution of an annual risk assessment, including action plans to mitigate risks

Make decisions that effectively balance security risk with operational and business risk

Oversee the supply chain cybersecurity risk program in compliance with NERC CIP-013 and vendor review policies

Oversee a robust vulnerability management program, including system scanning, results analysis, and remediation follow-up

Support application security assessments by ensuring that staff are effectively assigned to projects, are assessing security against well-defined requirements, and are validating controls. Ensure that penetration tests are performed, as needed.

Define and oversee objectives for red teaming to test the effectiveness of PJM's security controls

Oversee the development and execution of an annual simulated spear phishing training program

Oversee the execution of an annual information protection program that includes controls for classifying, protecting, and monitoring PJM's security controls for sensitive information, including BCSI, PII, and other types of sensitive information in compliance with NERC CIP-011 requirements

Manage systems security by implementing and maintaining policies and procedures for management of ports and services and security patch management in compliance with NERC CIP-007 requirements, including annual vulnerability assessments

Oversee configuration change management processes, including developing baseline configurations and monitoring for unauthorized changes in compliance with NERC CIP-010 requirements

Define, maintain, operate and improve department functions and programs, including its documentation, processes, and supporting technology; provide reporting of program operations through routine reports, presentations and other deliverables as needed

Staff department programs with qualified employees, contractors and matrixed support from across the division, as needed

Establish a sense of urgency to complete tasks in an efficient and cost-effective manner while creating, establishing and enhancing relationships (both internal and external to the organization)

Participate in NERC CIP audit readiness activities including gathering and presentation of evidence to demonstrate compliance with requirements

Other duties, as assigned

Characteristics & Qualifications:

Required:

Bachelor's Degree in Computer Science, Engineering or 10+ years of leadership experience in a managerial/supervisory role

2+ years of leadership experience in a managerial/supervisory role

At least 5 years of work experience in Cyber Security, Information Security and Risk Management

Preferred:

Master's Degree in Business Administration

5-10 years of leadership experience in a managerial/supervisory role.

At least 5 years of experience in cybersecurity, compliance, or IT-related leadership experience

Ability and desire to build relationships and interact with a wide range of stakeholders and staff to maintain and enhance PJM's customer service reputation

Experience with PJM operations, markets, and planning functions

Certified Ethical Hacker (CEH)

Certified Information Systems Security Professional (CISSP)

Certified Information Systems Auditor (CISA)

Flexible Work Arrangement: Hybrid