Job type: Permanent
Job reference: : SO_96815MMNY
Location: USA, New York
Sector: Technology, IT Strategy & Transformation, Utilities
Date posted: 02/11/2016
This vacancy has now expired.
The Information Security organization, operating within the central IT department, is comprised of cybersecurity analysts including senior cybersecurity Team Leaders and is responsible for all aspects of information security for the Company. Responsibilities include managing a cybersecurity and privacy compliance program. Working with the business and IT organization to implement and maintain a compliance program to meet regulatory cybersecurity and privacy requirements. Regularly report status of the compliance program to IT senior management. Interface with external regulators and industry stakeholders to mitigate the Company's regulatory privacy and cyber risks. This position is a Manager level requiring a senior technical person with experience in negotiation, policy creation, and advocacy. He or she will be responsible for planning, developing and maintaining the Con Edison Privacy and Cybersecurity Compliance Program. This is a highly visible position supporting Con Edison's business information and operations organizations. The Company is looking for a qualified candidate to be responsible for the compliance aspects of the privacy and cybersecurity program including policies, internal controls, and regulatory outreach.
Candidate must possess:
* Bachelor's Degree in Engineering, Computer Science or related field. Master's Degree preferred.
* Minimum of 8 years' experience, developing, managing, and operating an enterprise level compliance program.
* Proven experience with implementation of detective and preventative internal controls.
* Three years supervisory / managerial experience to include the ability to motivate, challenge and develop staff
* Must be able and flexible to work off-hours to support deployments, resolve production problems and respond to Corporate emergencies, as required.
* Excellent project management and negotiation skills.
* Excellent written and oral communication skills.
* Strong presentation skills.
* Proven experience leading and working in a team environment.
* Experience working with regulatory requirements, standards, or cybersecurity frameworks.
* Expert in Microsoft products.
* Experience with compliance related to PII and PHI
* Professional certification in cybersecurity and/or auditing is preferred
* Understanding of energy utility industry and cybersecurity/privacy regulatory issues is preferred
* Development and maintenance of the cybersecurity and privacy compliance program to mitigate the company's cybersecurity and regulatory compliance risks.
* Lead team role for industry and regulatory outreach.
* Designing, implementing, and on-going development and support of preventative and detective internal controls to support the cybersecurity and privacy programs.
* Identification, Investigation, and resolution of non-compliance incidents.
* Tracking and participating in general and industry specific cybersecurity standards development and compliance activities including travel as required.
* Tracking and participating in applicable privacy regulations development.
* Providing advice and counsel to other business and operations organizations in privacy and cybersecurity regulatory compliance requirements.
* Collaborating with external local, State, regional and Federal regulatory and energy related agencies, (such as the NY PSC, TSA, NERC, NPCC, FERC, and NJ BPU) in matters relating to privacy and cybersecurity.
* Providing written and verbal briefings to executive management on privacy and cybersecurity regulatory compliance.
The candidate must have a valid driver's license, be able and willing to travel within Company Service territory, as needed, be flexible with work hours, be on call as necessary, and respond and participate in Company emergency management processes and storm plans, as required.
Spencer Ogden is acting as an Employment Agency in relation to this vacancy.