Manager of OT Cyber Vulnerability Detection & Mgmt

| Washington DC
Sorry, this job was removed at 10:22 p.m. (CST) on Friday, May 20, 2022
Find out who's hiring in Washington DC.
See all Cybersecurity + IT jobs in Washington DC
Apply
By clicking Apply Now you agree to share your profile information with the hiring company.

Description

At Exelon, we've got a place for you!

Join the nation's leading competitive energy provider, with one of the largest electricity generation portfolios and retail customer bases in the country. You will be part of a family of companies that strives for the highest standards of power generation, competitive energy sales, and energy delivery. Our team of outstanding professionals is focused on performance, thought leadership, innovation, and the power of ideas that come from a diverse and inclusive workforce.

Exelon will provide you the tools and resources you need to design, build and enhance a successful career. We are also dedicated to motivating the success of our employees through competitive base salary, incentives, and health and retirement benefits.

Join Exelon and share your passion at a forward-thinking Fortune 100 company. Establish yourself in a place where you can truly shine and create a brighter, more sustainable tomorrow. Energize your career at Exelon!

Position may be required to work extended hours, including 24 x 7 coverage during storms or other energy delivery emergencies.

PRIMARY PURPOSE OF POSITION

The OT Cyber Security Vulnerability Detection and Management Manager is responsible for supporting the architecture, implementation, and ongoing maintenance of the OT Cyber Security Vulnerability Detection and Management program, ensuring the confidentiality, integrity, and availability of all OT assets. This role is responsible for the design and operation of OT specific cyber security vulnerability solutions to ensure these solutions are implemented in accordance with industry standards, best practices, and Exelon Management Model governance. This role is required to participate in the creation of and/or maintenance of policies, standards, baselines, guidelines, and procedures, as well as conduct risk and vulnerability assessments on a large array of Real-Time and OT systems. This position requires active communication with development teams, infrastructure teams, and business areas supporting assessment requirements for core business functions and will manage a geographically diverse team. This position also leads, coordinates, communicates, integrates, and is accountable for the overall success of the OT Cyber Vulnerability Detection and Management program.

PRIMARY DUTIES AND ACCOUNTABILITIES

  • Lead a geographically diverse team providing direction, management oversight, performance appraisals, and mentoring, career development; promote diversity and teamwork with other Security groups. Perform vendor management of associated OT Cyber Vulnerability platforms and solutions. May require travel up to 10%. (20%)
  • Develop and maintain annual vulnerability assessment schedule through interaction with business units, project management, emergent assessments and inclusion of business-critical applications requiring predefined assessment requirements. Support and maintain a remediation tracking solution, enforcing accountability through final resolution. Ensure plans of actions and milestones or remediation plans are in place for vulnerabilities identified during vulnerability assessments. Management of Security Patch Management and Vulnerability Management processes and enforcement. Measure the effectiveness of the enterprise's cybersecurity safeguards to ensure they provide the intended level of protection. (40%)
  • Manage Vulnerability Threat and Industrial Control Systems notifications of emergent vulnerabilities ensuring remediation tracking. (10%)
  • Oversee supporting security related functions, processes, and engagement to include CSIRT activity. Maintain monthly reporting to senior Security management and Business Units for all Vulnerability Management responsibilities. (10%)
  • Lead and manage NERC CIP vulnerability assessment program and requirements that include active or paper based assessments, project management, adherence to reporting standards, enforcement of security compliance standards and remediation tracking. (10%)
  • Establish, maintain, and enhance relationships with business and IT partners. Communicate status to Key stakeholders on a regular basis. (10%)


JOB SCOPE

The Cyber Security Vulnerability Detection and Management Manager role provides direction and oversight to enterprise infrastructure and assets applying security best standards for remediation of known vulnerabilities. Deliverables for this role will be focused on identification, communication, and remediation of identified cyber security vulnerabilities. The Cyber Security Vulnerability Detection and Management Manager will provide project management, resources, and support of annual NERC CIP compliance requirements and manage the annual NERC CIP assessments. This role requires collaboration across the entire enterprise/business units to support remediation efforts. Support of the firewall risk based assessments is a key component of this role providing guidance on minimizing risk. This role requires close integration with other internal security teams.

Qualifications

MINIMUM QUALIFICATIONS

  • Bachelor's Degree in Computer Science, Information Technology (IT), Security Management or a related discipline, and typically 8 or more years of experience in cyber security, vulnerability management or equivalent combination of education and work experience.
  • Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins
  • Knowledge of system life cycle management principles, including software security and usability
  • Knowledge of new and emerging information technology (IT) and cybersecurity technologies
  • Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth)
  • Knowledge of host/network access control mechanisms (e.g., access control list)
  • Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services
  • Knowledge of penetration testing principles, tools, and techniques
  • Knowledge of system and application security threats and vulnerabilities
  • Knowledge of resource management principles and techniques
  • Knowledge of information security program management and project management principles and techniques
  • Knowledge of cyber threats and vulnerabilities.
  • Experience managing budget development and forecasting
  • Enforcement of change management techniques associated with Cyber Security Vulnerability Management enhancements
  • Managing approvals of changes affecting NERC CIP infrastructure
  • Demonstrated leadership ability
  • Excellent oral/written communication skills and the proven ability to work effectively with all levels of IT and business management


PREFERRED QUALIFICATIONS

  • Graduate degree in cyber security or related area of expertise.
  • Relevant security certifications (CISSP, CISM or CISA; CEH or GIAC)
  • Demonstrated experienced in Vulnerability Management processes including remediation tracking and resolution
  • Demonstrated experience managing vulnerability assessment schedules that span across all business units, functions, and platforms
  • Demonstrated experience with standard security tools that include, but are not limited to, Nessus, Rapid7, Qualys, Metasploit, and Nipper
  • Demonstrated experience managing Security Patch Management engagements with support teams, developing risk evaluation, remediation planning, and validation
  • Demonstrated experience managing recurring vulnerability identification processes through scanning, notification, assisting with remediation requirements and validation
  • Experience managing firewall risk evaluation, providing support and describing alternatives to reduce risk exposure
  • Demonstrated experience managing Vulnerability Threat notification and analysis process, including daily reviews of emergent vulnerability threats that have an impact on the Exelon environment
  • Demonstrated experience supporting emergent threat intelligence through the use of security scanning tools, determining applicability and impact on the infrastructure
  • Experience managing Data Loss Prevention (DLP) policies, DLP incident resolution, providing support for Legal investigatory requests, providing monthly metrics reporting


Exelon is proud to be an equal opportunity employer and employees or applicants will receive consideration for employment without regard to: age, color, disability, gender, national origin, race, religion, sexual orientation, gender identity, protected veteran status, or any other classification protected by federal, state, or local law.

VEVRAA Federal Contractor

More Information on Exelon
Exelon operates in the Energy industry. The company is located in Chicago, IL, Baltimore, MD, Kennett Square, PA, Chicago, IL, Baltimore, MD and Philadelphia, PA. Exelon was founded in 2000. It has 10001 total employees. It offers perks and benefits such as Flexible Spending Account (FSA), Disability insurance, Dental insurance, Vision insurance, Health insurance and Life insurance. To see all 30 open jobs at Exelon, click here.
Read Full Job Description
Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.

Similar Jobs

Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.
Learn more about ExelonFind similar jobs