(Sr.) Manager, Enterprise Information Security

ity, IT compliance, and information system resilience risks. Regularly assess changes to risk ratings and mitigations**

• Oversee the execution of an annual risk assessment, including action plans to mitigate risks

• Make decisions that effectively balance security risk with operational and business risk

• Oversee the supply chain cybersecurity risk program in compliance with NERC CIP-013 and vendor review policies

• Oversee a robust vulnerability management program, including system scanning, results analysis, and remediation follow-up

• Support application security assessments by ensuring that staff are effectively assigned to projects, are assessing security against well-defined requirements, and are validating controls. Ensure that penetration tests are performed, as needed.

• Define and oversee objectives for red teaming to test the effectiveness of PJM's security controls

• Oversee the development and execution of an annual simulated spear phishing training program

• Oversee the execution of an annual information protection program that includes controls for classifying, protecting, and monitoring PJM's security controls for sensitive information, including BCSI, PII, and other types of sensitive information in compliance with NERC CIP-011 requirements

• Manage systems security by implementing and maintaining policies and procedures for management of ports and services and security patch management in compliance with NERC CIP-007 requirements, including annual vulnerability assessments

• Oversee configuration change management processes, including developing baseline configurations and monitoring for unauthorized changes in compliance with NERC CIP-010 requirements

• Provide leadership and management to department and matrixed staff in the execution of departmental responsibilities, providing appropriate opportunities for development, ensuring department staff are trained in necessary skills and competencies, and staff performance is managed to accomplish departmental goals

• Define, maintain, operate and improve department functions and programs, including its documentation, processes, and supporting technology; provide reporting of program operations through routine reports, presentations and other deliverables as needed

• Staff department programs with qualified employees, contractors and matrixed support from across the division, as needed

• Establish a sense of urgency to complete tasks in an efficient and cost-effective manner while creating, establishing and enhancing relationships (both internal and external to the organization)

• Participate in NERC CIP audit readiness activities including gathering and presentation of evidence to demonstrate compliance with requirements

• Other duties, as assigned

Characteristics & Qualifications:

Required:

• Bachelor's Degree in Computer Science, Engineering or 10+ years of leadership experience in a managerial/supervisory role

• 2+ years of leadership experience in a managerial/supervisory role

• At least 5 years of work experience in Cyber Security, Information Security and Risk Management

Preferred:

• Master's Degree in Business Administration
• 5-10 years of leadership experience in a managerial/supervisory role.
• At least 5 years of experience in cybersecurity, compliance, or IT-related leadership experience
• Ability and desire to build relationships and interact with a wide range of stakeholders and staff to maintain and enhance PJM's customer service reputation
• Experience with PJM operations, markets, and planning functions
• Certified Ethical Hacker (CEH)
• Certified Information Systems Security Professional (CISSP)
• Certified Information Systems Auditor (CISA)