Job Description
FirstEnergy
FirstEnergy at a Glance
We are a forward-thinking electric utility powered by a diverse team of employees committed to making customers' lives brighter, the environment better and our communities stronger.
FirstEnergy (NYSE: FE) is dedicated to integrity, safety, reliability and operational excellence. Headquartered in Akron, Ohio, FirstEnergy includes one of the nation's largest investor-owned electric systems, more than 24,000 miles of transmission lines that connect the Midwest and Mid-Atlantic regions, and a regulated generating fleet with a total capacity of more than 3,500 megawatts.
About the Opportunity
This is an open position with FirstEnergy Service Co., a subsidiary of FirstEnergy Corp. [SC00]
The position is within the Cyber Security group and reports to the VP, Cyber Security. It is located in OH, with travel as needed.
The Cyber Security Governance Director is responsible for providing strategic direction and operational oversight for the Cyber Security Policy, Cyber Security Compliance, and Cyber Incident Response Teams. These groups include approximately 24 people, reporting to 3 Managers. The 3 Managers will report directly to this Director position.
The Cyber Security Policy Team is responsible for creating and maintaining corporate cyber security policy, processes, and procedures. This includes publishing documentation, communicating new or updated policies to the organization, creating, and delivering cyber security training materials, aiding all business units, and generating metrics and reports for executive management.
The Cyber Security Compliance Team assists all business units with interpretation of and complying with FirstEnergy cyber security policies, cyber-related NERC regulations, and state regulatory rules. They are also responsible for creating and maintaining a corporate cyber security compliance outreach program, compliance testing, assisting business units with control design, and generating reports for executive management.
The Cyber Incident Response team directs and co-ordinates the cyber security Incident Response program for all business units at the company. This includes serving as the champions for preparation, practice exercises, responses to actual cyber security incidents, and coordinating required legal and regulatory reporting.
Responsibilities Include:
Managing a team of approximately 24 employees through 3 managers
Oversees a corporate-wide cyber security program of corporate policies to identify business risks and cyber security threats, protect company systems and data, detect malicious activity, respond to potential and actual cyber security incidents, and recover from incidents
Oversees a corporate-wide cyber security compliance program, including all applicable legal and regulatory requirements
Oversees a corporate-wide cyber incident response program, making certain it is current, effective, well documented, rehearsed and communicated, and followed during actual incidents
Maintains a high-level of technical knowledge of cyber security supported by attending webinars, conferences, and workshops; reviewing professional publications and research
Creates cyber security development strategies, policies, and procedures by identifying problems/needs; evaluating trends and anticipating requirements
Develops key relationships with vendors providing products in the cyber security space
Liaison to upper management, other functional areas, and internal business organizations
Liaison to external peer organizations for knowledge exchange
Maintains quality service by responding to both planned and unplanned customer needs
Effectively manage required staffing, software, hardware, and support budgets
Mentor and motivate a diverse team that scales and evolves with business and policy needs
Responsible for managing staff performance by setting objectives, tracking performance, and providing feedback
Assists in the personal growth of staff through individual development plans, mentoring, coaching and stretch job assignments
Accomplish annual Cyber Security Governance and company performance objectives
Champions FE's Core Values & Behaviors, through coaching and by personal example
Qualifications include:
Bachelor's degree in a relevant field, such as Computer Science, MIS, IT, Cybersecurity, or a related degree, with 10 years of related experience. Master's degree preferred
Related experience includes but is not limited to having a Manager role in a cybersecurity organization; designing/implementing cybersecurity programs and controls, resulting in reduced business risk; effectively managing procedures to protect key company systems and data; and developing and working with diverse teams to build an inclusive work environment
Minimum of ten years relevant work experience in a cybersecurity related field at progressively increasing levels of leadership responsibility is required.
Willingness to travel throughout organization and service territory and work extended hours, as required.
Ability to review work and evaluate performance of others, and to develop individuals' competencies.
Highest standards of business conduct and ethical behavior
Role models and reinforces the FirstEnergy Values & Behaviors
Ability to work through problems with integrity and focus on communication
Ability to drive change across business units
Exemplary leadership skills
Exemplary communication skills
Strong interpersonal, presentation and training skills
Strong knowledge of project management concepts and tools
Strong knowledge of process improvement techniques
Strong knowledge of the NERC Critical Infrastructure Protection (CIP) standards
Strong knowledge of NIST Cyber Security Framework (CSF)
Preferred qualifications:
Experience within the utilities or electricity sectors
Experience with overseeing outsourced cybersecurity penetration tests and maturity assessments
Experience or knowledge of Information Technology system administration, network, and identity and access management best practices
Experience or knowledge of firewall, end point protection, intrusion detection, VPN, multifactor authentication, data loss prevention, and cloud access service broker solutions
Strong knowledge of managing risk with outsourced application providers and cloud technologies
Experience in leading, participating in, and reporting on cybersecurity incident response activities; including tabletop exercises, drills, and actual incidents
Professional cybersecurity certifications, such as ISC2's Certified Information Systems Security Professional (CISSP), is considered a plus
Benefits, Compensation & Workforce Diversity
At FirstEnergy, employees are key to our success. We depend on their talents to meet the challenges of our changing business environment. We are committed to rewarding individual and team efforts through our total rewards philosophy which includes competitive pay plus incentive compensation, a company-sponsored pension plan, 401(k) savings plan with matching employer contribution, a choice of medical, prescription drug, dental, vision, and life insurance programs, as well as skills development training with tuition reimbursement. Please visit our website at to learn more about all of our employee rewards programs. FirstEnergy proudly supports workforce diversity. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, sexual orientation, gender identity, age, status as a protected veteran, or status as a qualified individual with a disability. No recruiters or agencies without a previously signed contract. Unable to sponsor or transfer H-1B visas at this time.
Safety
Safety is a core value for FirstEnergy and is essential to all of our business activities. We ensure employees have the tools, information, and processes to perform their duties in a manner that assures safety for themselves, their co-workers, our customers and the public. Our goals are to provide a safe work environment, to maintain an accident-free, injury-free workplace, and to promote and maintain public safety. To meet these goals, we dedicate ourselves to achieving world-class safety standards.
FirstEnergy Human Resources Team
FirstEnergy proudly supports workforce diversity. All qualified applicants will receive consideration for employment without
regard to race, religion, color, national origin, sex, age, status as a protected veteran, or status as a qualified individual with a
disability. No recruiters or agencies without a previously signed contract. Unable to sponsor or transfer H-1B visas at this time.
