NRECA
Essential Duties And Responsibilities
- Leads Cybersecurity Program Operational Governance, Compliance Program, and Third-Party Supplier Security.
- Works collaboratively with Enterprise Risk Management to assess, plan, design and implement an overall information security risk-management and compliance process.
- Develops policies for information security compliance in accordance with regulations such as HIPAA, PCI and industry best practices.
- Implements a NIST based security program including policies, procedures, and guidelines for safeguarding of NRECA data and assets.
- Performs Compliance assessments to ensure that compliance risks are identified, assessed, and managed across all applicable Business Areas by performing risk assessments
- Assesses the maturity of Cybersecurity capabilities, defining a strategy for risk mitigation, and monitors IT risk remediation activities.
- Leads business continuity assessment to ensure that under emergency conditions that Cybersecurity Program requirements are met by coordinating information security aspects of business continuity management including IT security in Business Continuity Planning and understanding the impact of risks on business resilience and continuity.
- Coordinates Third Party Supplier Security Oversight Program for sourcing needs and vendor relationships by performing security assessments of vendor and partners, reviewing contracts for security requirements, and inserting risk management practices within existing processes. Understands the impact of the service provider on business risk, resilience, and continuity.
- Supports Cybersecurity Communications, Awareness and Training Programs by developing Communications, Awareness and Training Program content, deployment, and compliance to promote awareness of staff members roles and responsibilities.
- Collaborates and communicates effectively across the organization to further the goals of the Cybersecurity department, including presenting to senior leadership when called upon.
Direct Reports to this Position
None
Qualifications
Formal Education Required
Bachelor’s Degree in Computer Science, Information Systems, Systems and Technology, Business Administration, or related field. Master’s degree preferred. Technical certification such as: Certified Information Systems Security Professional (CISSP) or Certified Information Security Auditor (CISA), and Project Management Professional (PMP) Certification.
Experience Required
- 15+ year’s experience in IT Governance, Risk and Compliance, IT Operations, project management and Business analysis.
- 5+ years experience in contract management and successfully managing third-party contractors, suppliers, and vendors
- Experience in evaluating the design and effectiveness of the information security control environment, both operational and technical, with Information Security domains and protocols for IT Governance, Risk management/Compliance/Auditing, user training and awareness and strategy development and execution is required.
- Knowledge of information security related regulations/requirements such HIPAA, SEC/FINA, PCI etc. as demonstrated by prior work experience.
- Knowledge of Information Security and Risk Management Frameworks such as NIST 800-53 & CSF, ISO 27001/2 & 27005, NIST 800-30 & 800-171, Cobit, and Center for Internet Security (CIS) 20 Critical Security Controls as demonstrated by prior work experience.
- Ability to lead people and foster collaborative skills and consensus building while operating in a fast-moving environment as demonstrated by prior work experience.
ADA Requirements
- The worker is required to have close visual acuity to perform an activity such as: preparing and analyzing data and figures; transcribing; viewing a computer terminal; extensive reading.
- Exerting up to 20 pounds of force occasionally, and/or up to 10 pounds of force frequently, and/or a negligible amount of force constantly to move objects. If the use of arm and/or leg controls requires exertion of forces greater than that for sedentary work and the worker sits most of the time, the job is rated for light work.
Additional Requirement
The preceding job description has been written to reflect management’s assignment of essential functions. It does not prescribe or restrict the tasks that may be assigned. All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, or other legally protected status.
NRECA is committed to working with and providing reasonable accommodation to individuals with physical and mental disabilities. If you need special assistance or an accommodation while seeking employment, please e-mail [email protected] or call: 703-907-5992 – NRECA Arlington Human Resources. Please call 402-483-9275 – NRECA Lincoln Human Resources, for Lincoln, NE employment opportunities. We will make a determination on your request for reasonable accommodation on a case-by-case basis.
EEO is the Law. The law requires NRECA to post a notice describing the Federal laws prohibiting job discrimination. For information regarding your legal rights and protections, please click on the following link: EEO is the Law and EEO is the Law Supplement .
Pay Transparency Non-Discrimination. NRECA will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay. Please see the Pay Transparency Nondiscrimination Provision for more information.
E-Verify. As a Federal Contractor, NRECA is required to participate in the E-Verify Program to confirm eligibility to work in the United States. For information please click on the following link: E-Verify .
To apply for this job please visit nreca.wd1.myworkdayjobs.com.