Cyber Security Program Lead ()

New York Power Authority
White Plains
Aug 13, 2017
Aug 20, 2017
Employer Type
Direct Employer
Employment Type
Full Time
Cyber Security Program Lead is a member of the Security team and works closely with the other members of the business and technology teams to design, review and oversee a comprehensive information security program. This includes a primary focus on ensuring cyber security controls and protections are implemented throughout the business and implementation processes. By having an organizational view of cyber security the cyber security leads are a first line of defense and risk reduction. The incumbent will be required to connect dots where they may not have existed before and correlate business needs and cyber risk in order to understand and improve any weaknesses within our infrastructure (software, hardware, networks, etc.) to find creative ways to protect it. This position will be responsible for high level functions of a cyber security program including understanding and design of all monitoring, response and user security. This position will coordinate with Enterprise Architecture to ensure cyber designs and controls recommendations. Supporting incident response and help support advanced troubleshooting of security events.

The person in this role is responsible for high level cross domain focused security tasks. An ideal candidate has a passion for information security, problem solving, documentation, communication, organization, collaboration, and attention to detail. This individual will be empowered to help guide our security operations program. The analyst utilizes established processes and tools to focus on incident response, threat identification, analysis, and remediation.

* Review access methods and procedure to improve and processes and overall security posture

* Design and support change management processes and review approval design and documentation

* Perform regular reviews of systems, alerts and incidents

* Oversee and design application security, access control and corporate data safeguards

* Oversee and review vulnerability and network scanning processes and standardize KRI's / KPI's

* Design and communicate security requirements for our networks

* Organize and ensure documentation of lessons learned in after action reports post event

* Document evidence collection methods for legal requests or internal investigations

* Oversee and review regular security audits to understand and adjust risk mitigations and testing processes

* Liaison with other cyber threat analysis entities and managed services

* Support team as needed around security-related operational support and incidents, on and off hours

* Develop automation and process improvements throughout policies and standards

* Support and lead Investigation of incidents and incident response

* Define and monitor metrics for the cyber program

* Ensure vulnerability testing, risk analyses and security assessments occur as expected and as scheduled

* Design and document implementation, procedures and processes of networks, IDS, IPS, etc.

* Design and review authentication, authorization and encryption solutions

* Evaluate new technologies and processes and recommend enhancements to security capabilities

* Support triage and document response to security alerts and oversee root cause analysis

* Design and review corporate security policies, standards and procedures

* Oversee and develop security awareness program by performing regular assessments and reporting of awareness effectiveness

* Keep abreast of emerging technologies, software and methodologies and provide recommendations for business solutions

* Stay proficient in forensic, response and reverse engineering skills

* Oversee cyber security program execution and review security gaps and provide recommendations

* Oversee and recommend process improvements to all processes and procedures

* Respond to information security issues during each stage of a project's lifecycle

* Partner with business and operational teams to support integration and design of security architecture.

* Acquire a complete understanding of a company's technology and information systems

* Plan, research and design robust security architectures for any IT project

* Research security standards, security systems and authentication protocols

* Recommend and design security measures and controls

* Prepare cost estimates and identify integration issues for IT project manager

* Perform all assigned work to meet expected delivery and schedules and perform other duties as assigned

Required Skills

Security Domain Skills and Knowledge Required

* Access Control Systems and Access Methods

* Applications and Systems Development Security

* BCP and Disaster Recovery

* IS Audit Procedures / Processes

* Information Security Program Management Information Security Governance

* IT Governance

* IT Service and Delivery

* Law Investigation and Ethics

* Operations Security

* Response Management

* Risk Management

* Security Architecture and Models

* Security Management Practices

Security Domain Skills and Knowledge Desired

* Cryptography / Encryption

* Physical Security

* Operational Security protection of assets

* Systems and Infrastructure Lifecycle management

* Telecommunications and Network

Required Experience


Bachelor's Degree in a Computer Science, Information Assurance, engineering or related technical or business discipline.

* Minimum 8 years quality experience (or a minimum of 5 years directly related experience for non-degree holders) including at least 5 years in cyber security.

* CISSP: Certified Information Systems Security Professional or

* CISM: Certified Information Security Manager or

* CRISC: Certified in Risk and Information Systems Control or

* CCSA: Certified Cyber Security Architect


* Minimum 10+ years quality experience (or a minimum of 8 years directly related experience for non-degree holders) including at least 5 years in cyber security.

* CSSA: Certified SCADA Security Architect

* GCIH: GIAC Certified Incident HandlerPosted by StartWire