Chattanooga, TN, United States
Jan 07, 2021
Organization: Information Technology
Department: Cybersecurity Risk Management
Location: Chattanooga, Tennessee or Knoxville, Tennessee
Posting Open: 1/6/2021
Posting Close: 1/19/2021 at 11:59PM EST
This position is responsible and accountable for overseeing Cybersecurity Strategy & Risk Management programs including cybersecurity supply chain risk management.
The Program Manager will be accountable and responsible for providing leadership, program management, technical expertise and analysis. They will serve as the subject matter expert in a broad range of Information Security disciplines and to educate and drive the implementation and standardization of the TVA enterprise security programs. This will involve contributing to the development, maintenance, and implementation of the enterprise security program, and helping to ensure the overall achievement and compliance with the security goals, regulatory requirements and company direction. This person will bring deep industry insight and information security understanding and implementation experiences to TVA and establish security approaches and deployment plans to initiate and drive the security function into the organization. This person will bring deep information security domain experience, exhibit excellent written and oral communication skills and have the ability to coordinate and partner with the various business units to educate and facilitate the security goals. Communicates directly and independently with external authorities, agency senior managers and executives on cybersecurity issues. Develops, implements and safeguards TVA cybersecurity practices.
Plans, designs, implements and manages agency level cybersecurity programs which safeguards TVA's operational and information technology systems from cybersecurity compromise and vulnerabilities to minimize risks to TVA, the employees, the public, customers, vendors and the larger society in the Tennessee Valley and the stability of the nation's electric grid .
Work with TVA business units to identify security requirements, plan and perform security assessments, develop security architecture, implement cybersecurity monitoring and incident response processes, and resources.
Lead enterprise wide cybersecurity initiatives, programs and projects to develop and define cyber risk management, cybersecurity monitoring, incident response and security assessment standards, workflows, and technical means.
Study, Design, Implement Cybersecurity Monitoring, Incident Response, Risk Management and Security Assessment capabilities across the enterprise.
Participate in project reviews, incident debriefs and evaluation (such as audit) reviews to understand Cybersecurity issues and gaps, contribute to continuous improvement and alter/enhance the security monitoring infrastructure.
Lead the development of security architecture and security policies, principles and standards
Develop security processes, procedures, and supporting service-level agreements (SLAs) or Inter-Group Agreements (IGAs) to ensure that security controls are defined, managed and maintained
Define security configuration and operations standards for security systems and applications, including policy assessment and compliance tools, network security appliances, and host-based security systems
Develops and validates baseline security configurations practices including processes and procedures for operating systems, software, applications, networking and telecommunications equipment, including, but not limited to, internal management of security monitoring infrastructure and enterprise standardization
Leads and trains team members in the use of security tools, administration of security monitoring infrastructure, tuning of security monitoring rulesets, preparation of security reports and resolution of security issues
Perform real-time monitoring, intelligence, security assessment, risk management and/or incident management activities as a skilled and experienced practitioner as needed to ensure TVA is protected at all times.
Ensure security reviews, penetration tests, security implementation services, policy and procedure development and input to the security architecture design are sufficient to enable appropriate intelligence gathering and monitoring functions.
Support internal/external security assessments, audits and remediation of findings.
Contribute to the response for incident investigations. Identify the key findings and associated mitigation and ensure they are implemented in a timely fashion. Take these findings and incorporate into long term remediation/prevention efforts.
Provide direction and operational support for proactive threat simulation modeling which simulate real world Cyber attacks in a controlled and observable fashion with intent to improve defensive capabilities and practices.
Provide end-to-end integration and implementation of new security tools that enhance security monitoring visibility and/or provide higher fidelity alerting for more rapid triage and incident response.
Ensure new security tools provide the expected level of performance, value and integration into existing security tool portfolio. Minimize tool overlap, maximize tool consolidation and contribution to effective, efficient workflow processes.
Communicates directly and independently with external authorities, agency senior managers and executives on cybersecurity issues.
. -Bachelor's Degree in computer science, engineering or a related field of study; or equivalent education, training & experience..
. - Eight or more years of cybersecurity operations experience protecting electronic and information based assets, with at least the last five years being current and hands-on. Audit/Investigations experience is highly desired. IT/OT experience is highly desired.
CISSP, CISM, CISA, CPP, or equivalent.
Demonstrated managerial competencies in leadership, delegation, analysis, teamwork, coaching/development, customer service, planning/organizing, flexibility, stress tolerance, communication. Demonstrated strategic and tactical IT planning. Broad knowledge of business functions and related EIT security needs. Must stay familiar with Federal laws, regulations, and industry best practices for EIT security strategies and technology. Knowledge of IT operational infrastructure including disaster recovery/backup, data management, and ability to develop/ensure security measures/processes are implemented. Excellent ability to research, evaluate and recommend technical solutions.
Ability to develop plans and execute complex efforts involving application of advanced technological knowledge.
Must demonstrate tact and effective judgment dealing with confidential/sensitive material. Ability to obtain and maintain Secret security clearance required. Candidate may be required to obtain and maintain a security clearance based on position / access requirements and essential job functions.
Read the full posting.
**MEMBERS ONLY**SIGN UP NOW***.
400 West Summit Hill Drive
Tennessee United States