Requisition: 82810
PSEG Company: PSEG Services Corp.
Salary Range: $ 157,000 - $ 257,600
Work Location Category: Hybrid Flexible
We're one of the country's largest energy companies, with a vision of powering a future where people use less energy, and it's cleaner, safer and delivered more reliably than ever. We're also deeply connected to the communities we serve, with more than 13,000 employees working together to support our customers and make a difference every day.
Here, you'll have the stability and exciting opportunities that come with being a Fortune 500 company - along with a supportive, friendly work environment where your contributions are valued.
We know life isn't one-size-fits-all, and neither is work. That's why we offer flexible work options depending on the role.
In support of this model, roles have been categorized into one of three work location categories:
Onsite - roles where employees are expected to be onsite daily.
Hybrid fixed - roles that are a mix of remote work and onsite work fixed days each week
Hybrid flexible - roles that are a mix of remote work and onsite work, but the onsite requirements have greater flexibility. (i.e. 5-8 days a month vs. set days each week).
As an employee, if you are regularly scheduled to work 20 or more hours per week, you will have access to a wide range of comprehensive benefits from day one, designed to support your total well-being: medical, dental, vision, parental leave and family leave programs, behavioral health programs, 401(k) with company match, life insurance, tuition reimbursement, and generous paid time off.
More than 13,000 people already call PSEG their work home, taking pride in providing safe, reliable service to millions of customers. If you're looking for a place where you can build a meaningful career and help power and support our communities, we'd love to welcome you to the team.
PSEG is not offering visa sponsorship for this position.
Job Summary
The Director, Cybersecurity Operations leads the development, implementation, and ongoing coordination of enterprise-wide cybersecurity operations, including Threat Engineering, Threat Detection, Cybersecurity Industry Threats Coordination, Endpoint Security, Network Security, Email Security, the Security Operations Center (SOC), Threat Analysis and Incident Response, Cybersecurity Logging & Monitoring, Vulnerability Management, Application Security, Data Security, Insider Trust, Threat Intelligence, and Cyber Threat Hunting. (S)he coordinates across all business lines, service departments, and external risk organizations (e.g. Law Enforcement, cross-sector cyber industry trade organizations) and peer energy companies. As PSEG's senior leader responsible for cybersecurity operations, (s)he will also be responsible for defining and aligning cybersecurity policies, strategy, and standards, and for governing actual cybersecurity operations, including overseeing an internal SOC and managed service provider, and for maintaining an Incident Response program to ensure appropriate responses to cybersecurity incidents. During an incident, (s)he will be designed as lead cyber incident commander and will be responsible for the containment, eradication, and recovery, as applicable. (S)he will be responsible for multiple discrete projects/enhancements to build, maintain, and mature capabilities, including people, processes, and technologies. (S)he will engage across the entire IT, OT, and managed services landscapes, including leading a team across these environments.
(S)he will spend his/her time
*Stopping/mitigating complex attacks, including making emergency decisions in response to active attacks outside of routine technology processes.
*Executing on key operational decisions with potentially high impact affecting attacks and threats facing PSEG (e.g. spam/malware campaigns, criminal operations).
*Ensuring the planning, development, implementation, and maintenance of our SOC, including partnering directly with stakeholders as a multi-disciplined team to design/deploy strategies and solutions across a variety of vendor platforms.
*Acting as a SOC thought leader, consistently researching new ways to improve operations and strategy.
*Ensuring adherence to cybersecurity controls, policies and standards with a focus on automation and control.
*Assessing the current IT architecture, business needs, and future requirements as they relate to the SOC.
*Determining cybersecurity requirements by evaluating business strategies and requirements, researching standards, conducting system security and vulnerability analyses and risk assessments, studying architectures/platforms, identifying integration issues, and preparing cost estimates.
*Verifying that processes/systems comply with laws/regulatory requirements from local/national governments.
*Preparing for, and potentially presenting at, Cyber Council, Senior Executive Team, and Board of Directors meetings.
*Preparing senior-level technical reports for executive management.
*Engaging in ongoing communications with peers in IT and business (e.g. Legal, HR, Security) to ensure enterprise wide understanding of cybersecurity goals, to solicit feedback and to foster cooperation.
*Managing relationships with third party service providers, including contract language negotiations.
*Maintaining up-to-date cybersecurity knowledge, including awareness of innovative solutions/processes, emerging standards, and new threat vectors by reading professional publications, maintaining personal networks, and participating in professional organizations.
Job Responsibilities
Directs, coaches, and counsels internal/external cyber resources on Cybersecurity technologies, including Threat Engineering, Threat Detection, Cybersecurity Industry Threats Coordination, Endpoint Security, Network Security, Email Security, the Security Operations Center (SOC), Threat Analysis and Incident Response, Cybersecurity Logging & Monitoring, Vulnerability Management, Application Security, Data Security, Insider Trust, Threat Intelligence, and Cyber Threat Hunting for all lines of business and service departments for both IT and OT landscapes.
Ensure that Cybersecurity Operations service delivery aligns with the corporate IT strategy, including development of Cybersecurity operations standards, capacity planning, lifecycle management plans, solution selection, and partner management. Ensure scalability of Cybersecurity Operations capabilities, including hardware and software, to meet business needs and risk tolerances.
Develops and implements best practices for PSEG Cybersecurity Operations capabilities. Participate in external risk organizations (including with peer groups) to learn from other organizations and to benchmark our program. Partner with professional Cybersecurity Operations associations, service providers, and to identify and implement best practices.
Partners with and advises various IT teams. Operationalizes threat models to protect against existing and emerging threats.
Builds relationships across PSEG business and technology teams. Interacts routinely with vendors, service providers, consultants/advisors, law enforcement agencies, and cross-sector cyber industry trade organizations. Ensures that cyber operations requirements are identified, well defined, properly documented, and approved by appropriate stakeholders.
Develops, manages, and pre-prioritizes Cybersecurity CAPEX and OPEX budgets based on business needs and cyber threats. Lead the identification of optimal OPEX and CAPEX allocations, including opportunities to reduce expenditures while transforming PSEG Cybersecurity Operations. Lead and advise on business case development.
Leads team, including performance evaluations, career development guidance, and other aspects to grow the talent pipeline and to mature our program.
Job Specific Qualifications
Bachelors degree and 10 years of relevant cybersecurity experience, including leadership experience
Demonstrated strong leadership and influence skills
Demonstrated strong presentation skills with the ability to present to all levels of management and executive leadership
Experience leading a 24x7x365 SOC/Cyber Fusion Center
Experience managing incident response processes for incidents of all sizes and impacts
Experience with Red Teams and with Table Top Exercises
Experience with Vulnerability Management
Strong knowledge of Application Security tools and concepts, including Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), Software Composition Analysis (SCA), and Penetration Testing
Proven working experience in Security Analysis, Threat Intelligence, Email Security, and/or Endpoint Security
Experience with Penetration Testing, including scoping, executing, reporting, and evaluating remediations
Executive teamwork, facilitation, relationship building, and negotiation skills
Ability to maintain positive working relationships both as a leader and as a team member
Effective time management and multitasking skills
Ability to communicate effectively with both technical and non-technical individuals
Strong interpersonal communication skills, analytical abilities, detail focused, quality focused, and problem-solving skills, as well as broad knowledge of business functions, information technologies, and cybersecurity and compliance practice on a global level
A demonstrated ability to integrate various cybersecurity, network and data protection technologies and controls into a cohesive solution that sufficiently mitigates risk
Demonstrated experience in enterprise solutions and implementation of technology and process solutions to reduce the potential risk of data compromise and network viability
Significant experience in cybersecurity, including hands on experience in SIEM, Email Security, and Endpoint Security tools, Threat Intelligence platforms, and potentially additional experience in forensics, offensive/defensive technologies, intelligence gathering, and/or reverse engineering
Demonstrated experience in delivering comprehensive solutions to complex cybersecurity issues on a global scale
Confidence in leading diverse matrix teams independently, making decisions daily as it relates to the successful delivery of the program
Ability and insight to know when critical decisions must be raised to senior level and/or business unit management quickly to ensure that the program remains on track
Strong knowledge of Threat Intelligence frameworks (e.g. MITRE ATT&CK)
Department of Energy's regulation 10 CFR 810 is required
Desired
Industry Cybersecurity certifications (e.g. CISSP, CEH, etc....)
Masters in Information Security, Computer Science, Business, Engineering, or related fields
Experience in Electric or Gas Utility or Power Generation industry, and/or experience in manufacturing
Broad knowledge of IT and related control environments
Some positions at PSEG require access to information covered by the Department of Energy's regulation 10 CFR 810 (Part 810). If applicable, the successful applicant must prove they are: (1) a citizen or national of the USA; OR (2) a lawful permanent resident of the United States (Non-Conditional Permanent I-551 / Green Card / Permanent Resident Card holder); OR (3) a citizen, national, or permanent resident of a "Generally Authorized" destination on the attached list (https://corporate.pseg.com/-/media/PSEG/Corporate/Careers/Careers At PSEG/AppendixAtoPart810_ Title10) not also a citizen, national, permanent resident of any country not listed; OR (4) a "Protected Individual" under the Immigration and Naturalization Act (8 U.S.C 1324b(a)(3)).
As an employee of PSEG, you should be aware that during storm restoration efforts, you may be required to perform functions outside of your routine duties and on a schedule that may be different from normal operations.
For all roles, PSEG's drug and alcohol testing program includes pre-employment testing, testing for cause, and post-incident/accident testing.
Employees who are hired or transfer into a federally regulated role (including positions covered by USDOT, PHMSA, or NRC regulations) are subject to random drug and alcohol testing, inclusive of marijuana. Although numerous states throughout the country have legalized marijuana/cannabis products recreationally and medically, the use of these products are prohibited for employees in federally regulated roles. Please note that the use of CBD products may result in a positive drug test for THC/Marijuana and such use is not a legitimate medical explanation for a positive result.
If you are a current PSEG Long Island (PSEGLI) employee and offered an opportunity with PSEG or any of its subsidiaries other than PSEGLI, you will be treated as a new hire. Please note that as a new hire to PSEG, your benefits will change and generally will be consistent with other similarly situated PSEG new hires. Similarly, for PSEG employees who accept job opportunities with PSEGLI, your benefits will change and generally be consistent with other similarly situated new hires of PSEGLI.
PSEG is an equal opportunity employer, dedicated to a policy of non-discrimination in employment, including the hiring process, based on any legally protected characteristic. Legally protected characteristics include race, color, religion, national origin, sex, age, marital status, sexual orientation, disability or veteran status or any other characteristic protected by federal, state, or local law in locations where PSEG employs individuals.
PSEG is committed to providing reasonable accommodations to individuals with disabilities. If you have a disability and need assistance applying for a position, please call 973-430-3845 or email accommodations@pseg.com.
If you need to request a reasonable accommodation to perform the essential functions of the job, email accommodations@pseg.com. Any information provided regarding a disability will be kept strictly confidential and will not be shared with anyone involved in making a hiring decision.
ADDITIONAL EEO INFORMATION (Click link below)
Know your Rights: Workplace Discrimination is Illegal
