Details
Posted: 26-Sep-24
Location: Arlington, Virginia
Salary: Open
Internal Number: R2024-637
Job Description
Position Summary:
Develops and executes cybersecurity outreach programs targeted at NRECA member utilities, focusing on educating cooperative members about NRECA Research programs and public/private partnerships. Creates educational materials, conducts training and tabletop sessions and consults with members to support the cybersecurity needs of cooperative utilities and their associated Cyber Champions. Works closely with NRECA IT to coordinate data security needs, addressing concerns related to cloud services, APIs, and other technology needs from the Business and Technology Services. 50% travel.
Key Resposibilities:
- Leads outreach programs that educate cooperative utilities on practices to enhance and improve their cybersecurity skills and posture. Conducts workshops, webinars, and training sessions to raise awareness about cybersecurity threats and solutions. Speaks (both in person and virtually) at NRECA Research and external events to promote NRECA Research cybersecurity programs. Builds relationships with cooperative utilities, industry groups, and community organizations to promote cybersecurity initiatives.
- Develops, refines and consults on cybersecurity resources to cooperative utilities, enabling them to assess their security needs and recommending appropriate measures or services offered by other cooperatives, NRECA Research, or other partnerships NRECA Research develops. Advises cooperative utilities in understanding and implementing cybersecurity practices to protect their data and operations (both IT and OT). Guides and supports cooperative utilities as they develop and improve their cybersecurity strategies.
- Working with NRECA Research resources, creates and improves educational materials, including articles, guides, and videos, that explain cybersecurity concepts in an accessible manner.
- Advocates for the cybersecurity needs of cooperative utilities within the broader cybersecurity community and with policymakers and works cross-functionally with NRECA staff on cybersecurity initiatives. Stays informed about the latest cybersecurity trends, threats, and technologies, particularly in the realm of cloud security, and incorporates this knowledge into outreach efforts. Works with other NRECA departments to ensure consistent messaging regarding areas of concern for cooperative utilities.
- Tracks the effectiveness of outreach programs and initiatives through metrics and feedback, creating tools or recommending resources to enable effective reporting. Prepares reports and presentations for senior management on outreach activities, successes, and areas for improvement. Ensures data collected meets or exceeds defined risk requirements.
- Working with NRECA IT, develops and enforces security policies for the BTS group around cloud services and APIs. Ensures compliance with industry standards, such as NIST 800-171, and alerts management for areas of concern. Works closely with NRECA IT and BTS development teams to integrate security practices into the development lifecycle of software applications produced by BTS. Provides guidance on secure coding practices and API security. Develops training for BTS around policies and procedures associated with cloud security. Identifies, evaluates, and implements security tools and technologies to enhance data protection.
Direct Reports to this Position:
N/A
Qualifications
Formal Education Required:
Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field, or equivalent experience.
Required Qualifications and Skills:
- Eight or more years of experience in cybersecurity, with a focus on outreach, education, or small utilities support.
- Five or more years of experience with Operational Technology (Industrial Control Systems) in the energy sector.
- Three or more years of experience with AWS or similar cloud providers.
- Experience developing and delivering training and educational programs.
- Experience working with small utilities in a consulting or support role.
- Experience helping small utilities and making a positive impact in the community.
- Knowledge of cybersecurity principles, including clouds security best practices, as well as cybersecurity challenges faced by small utilities.
- Knowledge of cybersecurity standards and/or frameworks, such as NIST 800-171, NIST 800-53, NERC, CIP, NIST CSF.
- Ability to convey complex technical information to a non-technical audience
- Ability to effectively coordinate the efforts of large committees and their volunteers and bring them to consensus on complicated and controversial issues.
- Ability to be persuasive, negotiate, and collaborate with individuals at all levels throughout organization.
- Ability to lead and contribute to successful programs/projects/teams.
- Ability to manage competing deadlines and multiple projects at various stages of development using effective organization skills and attention to detail as demonstrated by prior work experience.
Preferred Qualifications:
- Relevant certifications such as CISSP, CISM, CCSP (or equivalent)
- Cloud focused certifications such as AWS Certified Solutions Architect (or equivalent.)
FLSA Status: Exempt
Essential Physical Requirements:
- The worker is required to have close visual acuity to perform an activity such as: preparing and analyzing data and figures; transcribing; viewing a computer terminal and extensive reading.
- Exerting up to 20 pounds of force occasionally, and/or up to 10 pounds of force frequently, and/or a negligible amount of force constantly to move objects. If the use of arm and/or leg controls requires exertion of forces greater than that for sedentary work and the worker sits most of the time, the job is rated for light work.
Disclaimer Statement: The preceding job description has been written to reflect management's assignment of essential functions. It does not prescribe or restrict the tasks that may be assigned.
Additional Requirement:
The preceding job description has been written to reflect management's assignment of essential functions. It does not prescribe or restrict the tasks that may be assigned. All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, or other legally protected status.
NRECA is committed to working with and providing reasonable accommodation to individuals with physical and mental disabilities. If you need special assistance or an accommodation while seeking employment, please e-mail humanresources@nreca.coop or call: 703-907-5992 - NRECA Arlington Human Resources. Please call 402-483-9275 - NRECA Lincoln Human Resources, for Lincoln, NE employment opportunities. We will make a determination on your request for reasonable accommodation on a case-by-case basis.
The U.S. Equal Employment Opportunity Commission (EEOC) recently released the 'Know Your Rights' poster, which updates and replaces the previous "EEO is the Law" poster and "EEO Is the Law Poster Supplement".
Pay Transparency Non-Discrimination. NRECA will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay. Please see the Pay Transparency Nondiscrimination Provision for more information.
E-Verify. As a Federal Contractor, NRECA is required to participate in the E-Verify Program to confirm eligibility to work in the United States. For information please click on the following link: E-Verify.
For more information about life at NRECA please visit www.Electric.coop.