Summary

The Cyber Security Manager position oversees Chugach Electric’s cyber security program and team. The Cyber Security Manager will also be responsible for maintaining and updating cybersecurity policies and standards, developing and reviewing cybersecurity compliance procedures and evidence, reviewing and providing cybersecurity training, resource planning, budgets, status reports, and staying up to date on emerging cybersecurity technology.

Essential Functions

Serve as the leader of cyber security team. This includes working closely with all IS staff and vendors to ensure cybersecurity practices and procedures are maintained and followed, roles are well defined, work is executed in a timely manner and communication remains open and effective. Oversee workforce planning and development by fostering and maintaining relationships with management personnel.

Develops and maintains cybersecurity standards, policies, and procedures.

Develops and maintains cybersecurity training practices.

Manages cybersecurity regulated compliance programs (AKCIP, PCI) and documentation.

Manages cybersecurity projects and initiatives.

Coordinates and directs network scans to detect any vulnerability in the systems and networks.

Oversee third party vendor vulnerability assessments and mitigation plans.

Supervises the monitoring and analyzing SIEM events and third-party monitoring services; Ensure proper teams are aware of any ongoing issues.

Ensuring the security technology provided by the organization is performing to optimal standards.

Maintain awareness of cybersecurity practices and threat landscape.

Lead or participate in local and national cybersecurity groups.

Develops and monitors cybersecurity KPI’s.

Manages and documents security events.

Maintain cybersecurity vendor and government relationships.

Prepare and performs presentations to board of directors and executive management

Responsible for the overall Cybersecurity program budget preparation with management team to identify yearly objectives, action plans and special projects affecting budgetary needs.

Responsible for identifying annual budget projections for team to include line items including but not limited to personnel, training, travel, equipment, and technology costs.

Identified team’s action plans and individual work plans in accordance and alliance with department and Association objectives, directs work and evaluates employee’s performance as per department’s performance objectives and expectations.

Manages employee scheduled by effectively allocating resources, approving leave and absences, delegating work and special project assignments, etc.

Performs other duties as assigned.

Competencies

Must have extensive knowledge and understanding of cybersecurity standards, preferable NERC CIP, and cybersecurity best practices

Must have knowledge of cybersecurity auditing practices, threat hunting, and vulnerability assessments.

Must have extensive knowledge with anti-virus software, SIEM solutions, intrusion detection, firewalls, and content filtering.

Must have knowledge of network operating systems, network software, network hardware, and firewalls.

Experience planning, researching, and developing security policies, standards, and procedures.

Experience writing, updating, and interpreting networking diagrams

Ability to communicate network security issues to peers and management.

Ability to read and use the results of mobile code, malicious code, and security software.

Excellent organizational skills.

Excellent logical reasoning and critical thinking skills teamed with effective and creative problem- solving skills.

Excellent verbal and written communication skills.

Strong focus and attention to detail.

Demonstrated ability to manage customer and vendor relationships.

Supervisory Responsibility

This position may supervise the work of dedicated cybersecurity staff.

 Work Environment

Work is performed in a standard office environment, with occasional weekend and evening work. Some travel to alternate sites may be required, including sites accessible by fixed wing aircraft.

Minimum Qualifications and Experience

Education

Bachelor's degree or equivalent is required in Cybersecurity, Computer Science, Management Information Systems, or related field. Cybersecurity certifications such as GSEC (Global Security Essentials Certification) or CISSP (Certified Information Systems Security Professional) or willingness and ability to obtain within two (2) years, preferred.

Experience

Seven (7) years of network or cybersecurity experience including five (5) years of experience in a cybersecurity role with job duties like detection of security events, threat hunting, cyber program management, and incident response. Three (3) years supervisory experience is preferred.