IT Risk Management Manager

As an S&C Electric team member, you’ll work on projects that have real-world impact. You’ll help transform the grid for resilient and reliable power worldwide. S&C has more than a 100-year history of innovation and has been 100% employee-owned since 2012. We continue this legacy as a trusted, forward-thinking leader in the electrical industry. You will advance a safer, more reliable, and more resilient electrical grid. Our products help the grid adapt to severe weather and transition to clean energy. We’re big enough to be a respected industry leader but small enough for you to impact our company directly. Our commitment gives you opportunities to impact on and off the job positively.

Join S&C to make an impact on tomorrow’s energy challenges and become an employee-owner!

Hours

8:00 am – 5:00 pm (Mon-Fri) Remote

Compensation

At S&C, we are dedicated to providing competitive and equitable compensation for all our team members, and we are committed to transparency in our pay practices. The estimated annual base salary range for this position in the United States is $125,000 - $165,572. Individual pay within this salary range is determined by several compensable factors, including performance, knowledge, job-related skills and experience, and relevant education or training. This role is also eligible for S&C’s annual incentive plan (AIP), subject to eligibility criteria.

Join Our Team as Manager-IT Risk Management!

The Information Technology team is responsible for designing, implementing, and maintaining a robust technology infrastructure to support the organization’s operations. Through improving cybersecurity and troubleshooting technical issues to driving innovation through cutting-edge solutions, the IT team ensures seamless connectivity, data security, and optimal functionality, empowering the company with a reliable and efficient digital ecosystem aligned with strategic goals. 

The Manager-IT Risk Management manages a team of cybersecurity professionals and operationalizes the Cyber Security Operations Center (CSOC) Model of key CSOC functions and tiers. The manager is responsible for proactive and reactive risk mitigation through threat intelligence, technical and procedural controls, and incident preparation, management, and remediation. Responsibilities also include configuration and monitoring of security technologies for security posture management. While directly executing day-to-day CSOC activities, this role involves cross-functional collaboration and problem solving to communicate with other teams and stakeholders. Using a risk-based, proactive approach, the Manager works closely with the Director-IT Risk Management to maintain resilient security controls and processes and foster a culture of awareness within the organization. 

Key Responsibilities

• CSOC Program Development: Plan and execute operational plans with a 1-2 year focus to establish and mature comprehensive programs for Incident Management (IM) and applicable areas of Security Posture Management (SPM). Communicate with and influence key stakeholders within and outside of the CSOC to ensure effective establishment and execution of program policies, practices, and procedures. Manage SOC resources and service providers. Ensure continuous monitoring of the threat landscape and modify security technologies and procedures as appropriate to continually mature and improve CSOC programs. 
• IM: Lead and exercise the full implementation of the IT Cybersecurity Incident Response Team (IT CSIRT) and its processes, and integration of the IT CSIRT with the Corporate Critical Incident Response Team (CCIRT). Ensure all needed security log information is received and rules are configured to capture relevant information and generating useful alerts that are actioned to best address risks. 
• SPM: Implement, administer, and monitor technology and processes to detect and analyze weaknesses in the enterprise environment and ensure the prioritized adjudication of findings. This includes establishing and driving the implementation of security configuration baselines for endpoints and information assets.    
• Leadership & People Management: Lead, inspire, and develop a high-performing team of experienced professionals. Foster appropriate and professional workplace behaviors, address/mediate conflicts to restore harmony, and support a positive, healthy, and inclusive workplace culture by S&C’s mission, vision, values, and guiding principles. Consulting the Director, manage administrative team member processes, including but not limited to recruitment, hiring, induction, vacation management, performance reviews, performance improvement plans, firing, promotion, and workforce/succession planning. Proactively establish, monitor, and hold team members accountable to clear responsibilities and accountabilities; provide ongoing performance feedback, both positive and developmental; address performance gaps promptly; recognize and reward achievements; and initiate decisions for corrective actions and terminations where required. Foster a culture that supports the growth and development of team members and proactively train, mentor, and coach team members. 
• KPI/KRI Tracking: Develop critical Key Performance Indicators (KPIs)  and Key Risk Indicators (KRIs) that identify crucial measurements of success in improving CSOC operations and managing risk. Provide insights and use data to illustrate a succinct narrative for both technical and non-technical decision-makers. Establish useful KPIs and other metrics, measuring CSOC process and team member effectiveness, to then fine-tune operational plans. Provide regular, operational communications and status reports to direct leader and key stakeholders. 
• Strategy Support: Provide recommendations for key results, initiatives, and individual goals based on CSOC processes, procedures and control implementation gaps in accordance with ISO 27001 controls, CIS benchmarks and identified risks. Regularly assess and report the effectiveness and impact of cybersecurity initiatives, applying a continuous improvement  and risk-based mindset to manage the overall security posture. 
• Information Security Culture: Collaborate with leadership, other IT teams, and S&C’s functional areas to identify, develop, implement, and maintain processes and controls to reduce information technology risks. Recommend objectives and ensure that business functions are aware of the importance and impacts of information and cyber security risk management on their specific function. Encourages others to champion information risk management. 
• Training & Awareness: Build cybersecurity knowledge, skills resilience at all levels of the CSOC team. Design training & awareness activities and measure of success through metrics that demonstrate training program effectiveness. 
• Documentation: Maintain thorough, organized, current, and accurate records and documentation. Develop and present regular reports on CSOC performance, metrics, and project status to senior management.  
• Budget Management: Program expenditures for the CSOC technology stack in accordance with the strategic roadmap and inform the team’s strategic spend. Monitor and manage the day-to-day of CSOC impacts to the IT budget and ensure expenses adhere to planned spend and cost efficiency  whilst supporting the achievement of departmental strategies and objectives. 
• Compliance: Understand and comply with all applicable Company policies and rules. 

What you’ll Need To Succeed

• Bachelor's degree in Information Systems, Computer Science, Business, or equivalent experience. 
• 7+ years of experience in Information Security or a related role. 
• Demonstrated experience managing an IT team focused on risk management and/or security-related projects. 
• Strong knowledge of information and cyber security principles, technology and best practices. 
• Experience in using and administering document management systems, Microsoft cybersecurity technology, including Sentinel and Purview or similar platforms. 
• Practical knowledge of ISO 27001:2022 and CIS critical controls and safeguards and the ability to understand and apply evolving standards and requirements. 
• Ability to collaborate effectively with cross-functional teams and external stakeholders. 
• Possess a collaborative and risk-based mindset and great communication skills. 
• Strong leadership skills with an ability to lead, guide, motivate, and delegate to deliver results, embrace change, drive decisions and outcomes, embrace culture and inclusion, and exhibit integrity. 
• Excellent organizational, planning, and project management skills, creatively problem-solving issues and juggling a portfolio of initiatives. 
• Excellent communication skills (written, verbal, listening, and presentation); able to liaise effectively with internal and external stakeholders to drive decisions and achieve targeted results. 
• Strong interpersonal skills to establish meaningful relationships built on mutual trust and respect, navigate and resolve conflict, moderate behaviors, and foster collaborative working relationships amongst a diverse audience. 
• Ability to use business acumen and analytical skills to analyze data to drive informed decisions and problem-solve issues. 
• Foundational financial acumen with the ability to provide input to budgetary processes for fiscal effectiveness. 
• Ability to travel as required. 
• 7+ years of experience in Information or Cybersecurity roles including at least 3 years in Incident Management/Security Operations. 
• 2+ years experience managing a Security Operations team that handles Incident Response.

Preferred

• 4+ years leadership experience of Security Operations teams and processes including Incident Response.
• Demonstrated leadership experience with building cybersecurity capabilities and process improvement initiatives.
• Advanced degree or relevant certifications. 
• Relevant cybersecurity certifications (e.g., Security+, CISM, CISSP) 
• Demonstrated leadership experience within an IT function. 
• Leadership experience specific to Incident Management. 

S&C Electric is committed to equal-opportunity employment. All employees and applicants will be considered without regard to age, color, disability, gender, national origin, race, religion, sexual orientation, gender identity, protected veteran status, or any other classification protected by federal, state, or local law. If you are an individual with a disability and need an accommodation to complete the application, please email us at [email protected].

No fixed deadline

#LI-BB1