Director of Information Security
Sentient Energy (www.sentient-energy.com), a subsidiary of Koch Engineered Solutions (KES), has established itself as an electric utility industry leader with its uniquely capable “Grid Analytics System”, consisting of several intelligent sensor product lines and software packages, that expand the visibility into critical operating conditions on the electric power grid. Global utilities already spend billions annually on distribution automation products, with strong growth expected over the next 5 years as the industry prepares for a rapid increase in solar, electric vehicle and other renewables penetration. Sentient Energy is positioned to capitalize on this trend and be a leader in the most rapidly growing sector of the Smart Grid, while making the delivery of power more reliable, safer, lower cost, and much “greener”.
Sentient Energy is looking for a Director of Information Security to join our team! This position will provide leadership and accountability for Sentient Energy’s security program. Responsible for both security operations and information security compliance with a focus on Sentient Energy’s product security architecture and SaaS security operations.
In this role, you will work with Koch cyber security peers as well as Sentient Energy Engineering and product owners to provide technical insight and industry perspective in the creation, delivery, and integration of effective security solutions. Overall, the incumbent will leverage industry best practices to improve cyber security maturity.
What You Will Do In Your Role
Management and Leadership
- Leadership and strategic direction in the development, implementation and administration of the security programs and policies to meet the needs of the business and the various regulatory and governmental organizations. cyber security programs include: investigations, facility assessments, security awareness, background screening, security systems, technology risk management, information security management and related disaster recovery requirements.
- Represent cyber security in sales activities developing cyber security as a strength and enabler for the advanced technology solutions presented by Sentient to the utility industry. Stakeholder with Legal for cyber security related due diligence, assessments, and contract terms.
- Coordinate and lead efforts to build a culture of compliance around information security and compliance. Manage training and education efforts. Act as the liaison with KES and relevant government agencies for information security and compliance matters.
- Develop strong working relationships with technology and business partners across multiple locations in support of security, compliance, and audits for the organization. Provide strong positive and collaborative leadership to executive teams, other departments such as engineering, product management, legal, support, and IT.
- Take initiative to identify gaps and changes required to address security threats and compliance with products.
- Develop and align cyber security risk management plans, budgets and progress to cyber security governance council, Sentient leadership and KES CISO.
- Lead the Sentient cyber security team including matrixed functions. Hire, develop and mentor team members aligned to Koch’s MBM (Market-Based Management principles to foster a health growing team.
- Direct and manage computing and information security plans, policies, programs, and controls. Plan and manage the operational and performance targets of the organization in conjunction KES targets to meet expected results. Partner with Managed Services, KES and Koch IT to ensure that the technical and security needs of internal systems and services are met.
- Align cyber security strategy, framework, metrics, policies, and processes across KES (Koch Engineered Solutions) and Koch IT. Develop, manage, and measure controls against the cyber security framework. Ensure alignment to corporate and compliance needs and risk levels. Leverage best practices to continually improve information risk management and governance.
- Lead the implementation and operation of security services such as vulnerability assessment, threat monitoring and incident response. Conduct accurate and timely threat assessments across all areas of responsibility. Coordinate responsive actions for disaster recovery, business continuity, and incident response plans. Develop and coordinate response plans across Sentient and with KES to assure timely response to information risk related incidents.
- Oversee administration of security services, including antivirus, IDS/IPS, data loss prevention, and security monitoring.
- First line incident response and support for cyber security related remediation.
- Provide Identity and Access Management to ensure appropriate access to sensitive data.
- Monitor the SDLC and ensure that coding is done with secure best practices (OWASP framework or equivalent) including modern deployment methods such as CI/CD pipelines.
- Ensure the secure development, design and implementation of new applications and changes to Sentient Energy products and applications. Oversee product assessments (design reviews and pen tests) and promote implementation of associated application security technologies.
- Responsible for the review, certification, and test of all back up and disaster recovery plans.
- Implement organization-wide security awareness initiatives and provide timely information to employees and leadership regarding new and emerging threats.
- Collaborate with all teams to communicate and enforce security controls.
Legal and Governance
- Ensure compliance activities and reports associated with regulatory requirements are maintained and accurate. Ensure reports and data utilized in regulatory reporting are completed in the required timelines and reports are prepared and submitted to appropriate agencies and internal areas.
- Develop and maintain processes, policies, and technical controls in support of certifications programs and continual compliance with ISO/IEC 27001/2, SOC 2, and applicable privacy regulations.
- Oversee customer Information Security audits.
The Experience You Will Bring
- Bachelor’s degree
- 7+ years of experience in Enterprise Information and Cyber security
- 5+ years of experience in a leadership or management role
- Knowledge of regulatory and standards based compliance related to cloud and mobile applications, and data confidentiality (e.g., GDPR, PCI, SOC 2, and ISO 27001, etc.)
- Experience with the application of risk identification and evaluation techniques
- Experience effectively working in a matrix organization
What Will Put You Ahead
- Experience working in the financial sector or utilities industries
- Experience with Software-as-a-Service (Saas) companies
- Experience with securing cloud architectures (Azure/AWS)
- Experience leading red/blue security teams and working with engineering teams to remediate findings
Salary and Benefits Commensurate with Experience.
Equal Opportunity Employer.
Except where prohibited by state law, all offers of employment are conditioned upon successfully passing a drug test.
This employer uses E-Verify. Please visit the following website for additional information: www.kochcareers.com/doc/Everify.pdf