Company DescriptionThe California Independent System Operator (ISO) manages the flow of electricity across the high-voltage, long-distance power lines that make up 80 percent of California's power grid. We safeguard the economy and well-being of 30 million Californians by operating the grid reliably 24/7.As the impartial grid operator, the California ISO opens access to the wholesale power market that is designed to diversify resources and lower prices. It also grants equal access to 25,865 circuit-miles of power lines and reduces barriers to diverse resources competing to bring power to customers.The California ISO's function is often compared to that of air traffic controllers. It would be grossly unfair for air traffic controllers to represent one airline and profit from allowing that company's planes to go through before others. In the same way, the California ISO operates independently-managing the electron traffic on a power grid we do not own-making sure electricity is safely delivered to utilities and consumers on time and reliably.The California ISO is committed to the health, safety, and work/life integration of its employees, and is proud to offer flexible work arrangements. This position would be eligible to participate in a hybrid work capacity,Relocation assistance is available.Job DescriptionUnder the general direction of the Director, manages the day-to-day operations and staff responsible for company-wide infrastructure operations and risk management related to information security operations. Manages activities aimed at safeguarding the organization's information assets and ensuring the alignment of security measures with overarching business objectives and regulatory standards. Ensures adherence to NERC Critical Infrastructure Protection (CIP), Statement on Standards for Attestation Engagements no. 18 (SSAE18), and related regulatory standards and frameworks. Responsible for maintaining the integrity, availability, and confidentiality of critical infrastructure and information systems. Oversees the planning and implementation of the enterprise IT systems, business operations and IT related facility defenses against security breaches and vulnerability issues and manages the administration of security policies, standards, and activities. Aligns strategies with operations-related business areas for the delivery and support of critical business solutions, balancing business needs and cost of ownership, while achieving customer satisfaction. Ensures business solution roadmaps and IT activities achieve short and long-term ISO security objectives. Delivers feasible business solution roadmaps and proactive system management, oversees strategic software vendor relationships related to security, and guides the implementation and continuous improvement of our security posture. Responsible for the overall success of Information Security Operations and related business solutions.What You Will Be Doing:
- Manages the day-to-day for the information security operations and staff. Responsible for providing broad direction and guidance, identifies training needs, coaches and gives feedback on employee performance, develops staff performance plans, makes recommendations with respect to the hiring, firing, advancement, promotion or any other change in the status of direct reports, and performs related activities as appropriate.
- Provides expert consultation on IT risks and compliance standards. Reviews existing security risks and challenges, implements and enforces risk management processes and common control frameworks, and executes incident management processes. Develops a proactive threat intelligence strategy and oversees the incident response process. Collaborates with cybersecurity organizations globally and conducts regular threat assessments. Participates in the development, maintenance and implementation of disaster recovery and business continuity plans, procedures, audits and ongoing enhancements. Acts a liaison with business partners to ensure interfaces between entities are secured and managed consistent with applicable laws, policies, standards, guidelines and best practices.
- Manages strategic customer relationships and collaborates on strategic planning of service level agreements. Identify opportunities for process improvement, innovations and technology solutions to advance business capabilities. Creates, implements, and ensures compliance with policies and frameworks for the overall monitoring and management of staff, processes, and system performance to meet department and CAISO objectives. Provides leadership and removes obstacles to achieve successful planning and delivery of quality, cost-effective business solutions and innovations. Fosters and oversees strategic relationships with internal and external partners, including government agencies, business vendors, and partner organizations, for the effective implementation of security and privacy policies.
- Develops and implements short and long-term strategies and objectives ensuring alignment with the objectives of the ISO in comprehensive cybersecurity operations and intelligence management. Leads strategic security planning, prioritizes defense initiatives, coordinates the management of current and future security technologies and communicates enterprise-level security strategies and plans across all levels of the organization.
- Responsible for implementing and maintaining a comprehensive Identity Management (IDM) framework, ensuring access is aligned with roles and responsibilities. Develops policies for identity verification, access granting, and monitoring. Oversees continuous monitoring for security breaches or anomalies using advanced SIEM tools and develops an Information Security Operations Center (ISOC) for 24/7 surveillance and response. Monitors and assesses security vulnerabilities and configurations of cyber assets and conducts in-depth security analyses, stays informed on cybersecurity trends, and prepares security reports for executive management. Maintains knowledge of Federal and State laws, regulations, and industry best practices in information security. Oversees and provides direction for proactive critical system management and monitoring to ensure secure, reliable, available, and high performing systems.
QualificationsLevel of Education and Discipline:A Bachelor's degree (BA, BS) or equivalent education, training or experience in Engineering, Computer Science or related field. Master's degree preferred.Amount of Experience:Equivalent years of education and training, plus ten (10) or more years related experience, including five (5) or more as a lead or equivalent.Certifications:ITIL technical certifications desired. CISA, CISM, CISSP or CIPP desired.Type of Experience:Management experience desired. Experience with one or more of the following: IT strategic planning and management, system management of real-time systems, system development, business management, customer relationship management, vendor management. Thorough knowledge of ISO operations and systems. Experience working within NERC / CIP, NIST CSF, ISO 27001 and related standards and frameworks as they apply to information security. Knowledge of U.S. Federal Laws and regulations. Experience in field of Information Assurance Information Security. Thorough knowledge of software development life cycle methodologies related to information security.Additional Skills and Abilities:Ability to think strategically and devise solutions to problems in keeping with multiple considerations. Excellent leadership and management abilities with experience coaching and developing others. Must demonstrate sound judgment and critical thinking when making decisions. Must be able to work effectively in a team environment as team leader, facilitator and team member. Strong analytical and quantitative skills required. Excellent interpersonal, communication and writing skills required, including the ability to effectively communicate complex materials and concepts. Must be able to handle a dynamic and changing work environment, and work well independently. Additional InformationThe pay range for the Manager, Information Security Operations is $146,100 - $243,500 annually.All your information will be kept confidential according to EEO guidelines.