Cybersecurity Manager

Position Summary

Leads and executes the cybersecurity program at NBU. Supervises, coordinates, directs, and manages the daily activities of cybersecurity personnel and ensures the protection of NBU's digital assets, information systems, operational technology, and critical infrastructure. Leads and executes responses to cybersecurity incidents, conducts threat assessments, and implements security measures to safeguard against potential attacks. Manages the deployment and maintenance of cybersecurity tools, resources, and work processes. Oversees the development and enforcement of security policies and procedures to protect systems and ensure the resilience of NBU.

Essential Duties & Responsibilities
• Develops and leads comprehensive cybersecurity programs, policies, and procedures based on the NIST Cybersecurity Framework and tailored for the specific needs of NBU.
• Engages in strategic planning and sets departmental goals, objectives, and budgets aligned with industry-specific regulatory requirements and standards.
• Leads the cybersecurity team with a focus on critical infrastructure protection. Hires, trains, and manages cybersecurity personnel, ensuring compliance with HR policies while fostering a culture of cyber awareness and security excellence.
• Maintains a continuous awareness of current and emerging cyber threats specific to the utility industry. Ensures proactive measures are in place to mitigate risks and responds promptly to cybersecurity incidents and vulnerabilities.
• Selects, implements, operates and maintains cybersecurity technologies such as SIEM systems, endpoint protection, network segmentation, and access control systems tailored for complex utility organizations.
• Directs day-to-day cybersecurity operations, including monitoring of networks and systems, to detect, analyze, and respond to cybersecurity incidents.
• Ensures clear, timely, and effective communication within the cybersecurity team and across other departments.
• Manages personnel issues, performance improvements, and ensures compliance with NBU’s cybersecurity protocols.
• Designs and administers cybersecurity training programs, particularly emphasizing the unique security requirements of OT and IT convergence in utility operations. Ensures team members are proficient in cybersecurity best practices relevant to the utility sector.
• Manages departmental expenses strategically using risk-based decision making.
• Manages and coordinates a high level of incident response and threat intelligence sharing with relevant stakeholders for heightened security of critical infrastructure.
• Collaborates with local and federal law enforcement and other critical stakeholders to enhance cyber-physical security measures and incident response capabilities.
• Keeps abreast of national and international cybersecurity legislation, industry-specific security standards (e.g., NERC CIP, NIST Cybersecurity Framework, etc.).
• Implements best practices to maintain regulatory compliance and operational resilience.
• Encourages ongoing professional development and knowledge acquisition in cybersecurity, focusing on trends and innovations that affect the utility sector.
• Ensures all cybersecurity staff understand the operational and regulatory importance of their roles and adhere strictly to both internal and external policy requirements.
• Coordinates with emergency management and OT/IT disaster recovery teams to enhance response strategies and minimize downtime in the event of cyber incidents.
• Promptly reports and escalates cybersecurity issues to higher management and regulatory bodies as required.
• Leads thorough cybersecurity investigations and root cause analyses to prevent future incidents.
• Executes special security projects and initiatives that align with NBU’s strategic vision for safeguarding critical infrastructure from cyber threats.

This general overview only includes essential functions of the job and does not imply that these are the only duties to be performed by the employee occupying this position. Employees will be required to follow any other job-related instruction and to perform any other job-related duties requested by supervisor or management.

Minimum Qualifications:
• Ten or more years of experience in cybersecurity, Information Technology (IT), Operational Technology (OT) or a related field, including significant exposure to and participation in cybersecurity initiatives and programs.
• Five or more years of experience in a supervisory or management position.
• Familiarity with the NIST Cybersecurity Framework and cybersecurity best practices.
• Ability to obtain and maintain certifications and security clearances as required by current and future organizational needs.
• Demonstrated skill in communications with a wide variety of stakeholders, including both business and technical staff.
• Demonstrated ability to independently lead complex, cross-functional initiatives.
• Requires successful completion of a background check.

Knowledge, Skills and Abilities:
• Knowledge of cybersecurity threats, standards, methodologies, frameworks, best practices, policies, and procedures
• Knowledge of conflict resolution techniques within technical teams
• Skill in providing leadership, direction, and supervision to cybersecurity staff
• Skill in planning, scheduling, prioritizing, and coordinating cybersecurity tasks within the assigned area
• Skill in reading, interpreting, and understanding technical documentation
• Ability to attain proficiency in cybersecurity tools and software
• Knowledge of cybersecurity defensive measures and tactics
• Skill in training staff and communicating complex cybersecurity concepts to less experienced personnel
• Skill in influencing technical and business stakeholders
• Knowledge of cybersecurity incident reporting processes and documentation
• Proficiency in office productivity applications (such as email, word processing, spreadsheets, etc.)
• Ability to remain vigilant and attentive to cybersecurity alerts and updates
• Ability to administer immediate response actions under high-stress conditions
• Ability to manage multiple high-priority tasks and critical incidents effectively
• Ability to work independently with minimal supervision; demonstrate reliability and courage in decision-making; refrain from misusing authority and maintain a leadership presence in crisis situations to deploy appropriate response strategies
• Ability to think logically; apply discretion in handling confidential information; keen observation and interpretation skills; effective evaluation of technical situations and potential security threats; apply sound judgment
• Ability to maintain composure, stay objective, handle criticism, and function under cyber threats or high-stress situations
• Ability to demonstrate work ethic and character traits that promote the mission, values, and goals of the technology and cybersecurity departments.

Work Environment:
• Some work hours are spent in a facility, field or office environment
• Work may involve weekends, holidays and non-standard hours
• Work may involve providing 24/7/365 on-call support in special circumstances
• Work may involve call-out
• Work may involve exposure to noise
• Work may require use of protective equipment
• Work requires passing criminal background check

Physical Demands:
• Work primarily involves prolonged sitting while monitoring multiple computer screens
• Work involves extensive finger/hand manipulation in using a keyboard and mouse
• Work may involve occasional reaching and bending to access server hardware or network components, though this is generally infrequent and occupies less than 20 percent of the work time.
• Lifting requirements are minimal, generally not exceeding 20 pounds, and are mostly related to handling and installing hardware components.

GENERAL RESPONSIBILITIES
• Maintain regular attendance; leave schedule should be managed so as to not interfere with the ability to accomplish tasks, including special projects and assignments with deadlines.
• Adhere to NBU safety & security guidelines and practices at all times and in all situations
• Maintain a clean and safe work area, office, field site, and vehicle as applicable.
• Develop & maintain effective customer service skills for communications with co-workers, customers, and the public.
• Maintain strict confidentiality of business, employee, and customer information in written and oral communications and safeguard sensitive documents.
• Adhere to NBU policies and procedures.
• Exemplifies NBU Core Values of Safety, Integrity, Team, Culture, and Stewardship.
• Participate in and support initiatives to reach annual NBU Performance Measures.

Formal Education and Work Experience Requirements

Degree/Diploma Obtained: Bachelors

Work Experience Time Frame: Nine Years or More

Field of Study: Computer Science

Certification and Licensures Requirements

Preferred:

- Certified Information Systems Security Professional (CISSP)

- Certified Information Systems Manager (CISM)

- Certified Information Systems Auditor (CISA)

- Comp TIA Security +

Other Minimum Qualifications

- Availability to work hours other than regular schedule, including nights, weekends and holidays.

---