As the Security Operations Manager you will be working with key stakeholders, including various Business, IT and Enterprise Security teams, you will lead and strengthen the Cyber Security Operations Team to fulfill the mission to protect against cyber threats and monitor, detect and respond to cyber security threats to Black Hills Energy. Your team will work alongside the established Enterprise Security Management Team and IT Operations to strengthen an already robust Cyber Security program.
You will lead the daily operations of the Cyber Security Operations team which includes: Vulnerability Management, Endpoint protection, Incident Monitoring and Response, Web filtering, Firewall, Threat Intelligence gathering, Threat hunting and Internal Red Team / Blue Team efforts. Also included are various IT related aspects of SOX and NERC CIP compliance. In addition, this includes reviewing and recommending various security vendors and technologies and managing the financial/budget aspects of the security team.
SALARY RANGE: $102,500 - $169,200 (Determined by the knowledge, skills and abilities of the applicant.)
REPORTING RELATIONSHIP: Chief Security Officer
LOCATION: Our Corporate Headquarters in Rapid City, South Dakota.
- You’ll find this is the ideal community to live, work and do business in. With hiking trails, the Black Hills, Mount Rushmore and Badlands National Park in your backyard, there are endless opportunities to enjoy nature. To learn more about our locations, please visit the locations page on our career website.
- A Comprehensive Relocation Plan is offered for this position! Our benefits include but are not limited to home finding trip, transportation of household goods, temporary housing expenses, destination apartment search assistance, paid time off to move, transition and spousal career support, home finder and purchase assistance, relocation adjustment allowance, destination new purchase closing costs. Depending on individual circumstances, our benefit may also include trips home during temporary housing, renter’s lease cancellation assistance, or home marketing and sale closing cost assistance and/or purchase closing cost assistance. Contents of our relocation program are subject to change and may vary based on position.
ESSENTIAL JOB FUNCTIONS:
- Directly manage a highly skilled IT Cyber Security Operations team comprised of 10-12 security analysts conducting various operational activities including: Vulnerability Management, Endpoint protection, Web filtering, Firewall, Incident Response, Threat Intelligence gathering, Threat Hunting, Internal Red Team / Blue Team; IT Regulatory Compliance.
- Be recognized across the organization for cyber security expertise. Contribute to overall strategic vision of the organization and integrate a broad range of ideas regarding IT systems, security, and architecture. Serve as a stakeholder regarding cyber security aspects, standards and design for technology projects.
- Contribute Cyber Security subject matter expertise in the creation, implementation and maintenance of appropriate enterprise programs, policies, and procedures to be compliant with applicable security related regulations including NERC CIP, TSA and SOX.
- Understand, Interpret, and incorporate applicable standards, requirements, and their application to the enterprise environment in cooperation with operational area SMEs.
- Provide leadership for team by recruiting, selecting, orienting, and training employees; maintaining a safe and secure, work environment; and developing personal growth opportunities.
- Improve team performance results by communicating job expectations; planning, monitoring, and appraising job results; coaching, counseling, and disciplining employees; developing, coordinating, and enforcing systems, policies, procedures, and productivity standards.
- Prepare and present vulnerability and incident reports and identify ways to minimize reoccurrence. Oversee the coordination of staff during an emergency situation.
- Participate in internal and external audits and regulatory reviews to ensure compliance with applicable regulatory standards and internal security policies and controls.
- Accomplish financial objectives by forecasting financial requirements, participate in the preparation of an annual budget including forward looking O&M and Capital budgets for all cyber security investments.
- Manage various security related vendors and/or contractors.
- Be actively engaged in industry forums and venues related to applicable threats or vulnerabilities; analyze information on emerging cyber and physical security threats; make recommendations to management at all levels to ensure that appropriate levels of security and compliance are maintained.
- Maintain professional and technical knowledge by attending educational workshops; reviewing professional publications; establishing personal networks; benchmarking state-of-the-art practices; participating in professional societies.
- Establish and maintain effective relationships with direct and indirect reports within the Enterprise Security Department.
- Must be able to effectively communicate with varied stakeholders at various levels of the company utilizing excellent verbal and written communication skills.
- Must establish and maintain effective working relationships, including but not limited to: Business Management and Senior Leadership, Information Technology, Internal and External Auditors, External consultants and vendors.
- Minimum of 7 years’ experience working in IT, Cyber Security, or IT Audit function required, with at least 3 years of direct Cyber Security Team, Cyber Security Program or IT Infrastructure management experience required, with at least 3 years of direct Cyber Security Team, Cyber Security Programs or IT Infrastructure management experience required.
- Practical experience managing or conducting one or more of the following operational security areas: Incident Monitoring and Response, Threat Intelligence gathering, Endpoint protection, Vulnerability Management, Threat Hunting and Internal Red Team / Blue Team; IT Regulatory Compliance is required.
- Bachelor’s Degree in a closely related technical field or equivalent combination of education and experience is required.
- Knowledge and understanding of security operations.
- Broad knowledge and understanding of Cyber Security concepts, as it applies to both a general business and Industrial Control Systems environments.
- Knowledge of new and trending technologies as they may impact the cyber security program.
- Understanding of applicable federal regulations.
- Excellent leadership, interpersonal, organizational and time management skills.
- Excellent verbal and written communication skills, including the ability to communicate technical information to non-technical personnel.
- Ability to lead and manage a diverse security team in a rapidly changing environment.
- Ability to understand and interpret laws and regulatory requirement related to information protection/cyber security and develop and implement appropriate processes to keep the Company in compliance.
- Excellent customer service and interpersonal skills.
- Proven ability to effectively manage competing priorities while meeting deadlines.
- Excellent interpersonal skills.
- Superior skills in problem recognition, isolation, troubleshooting, performance tuning, and resolving issues.
- Ability to think and act independently and develop creative solutions to resolve complex problems.
- Ability to lead and/or manage large technical projects from inception to completion.
- Accountable for managing Security O&M and capital budgets.
- After hours response may be required for critical issues requiring management attention.
MENTAL/PHYSICAL REQUIREMENTS AND WORKING CONDITIONS:
The mental and physical descriptions are representative of the activities an employee in an office job performs. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Mental Description: Understand, remember, apply oral and/or written instructions or other information, and communicate routine factual information. Ability to understand complex problems and to collaborate and explore alternative solutions. Make decisions which have significant impact on the immediate department.
While performing the duties of this job, the employee continuously accesses, inputs, and retrieves electronic information and communicates regarding the information. Employee frequently moves about the office space. Employee may occasionally: push, pull and reach. Employee must be able to operate routine office equipment including computers and similar equipment.
Must be able to routinely perform this work for an average of 6-8 hours per day and occasional extended hours as necessary. Must be capable of regular, reliable, and timely attendance.
Specific lifting abilities required by this job include: Sedentary work. Exerting up to 10 pounds of force occasionally and/or negligible amount of force frequently or continuously to lift, carry, push, pull or sitting most of the time. Jobs are sedentary if moving about is only occasionally and all other sedentary criteria are met.
Work environment: Routinely perform work indoors in climate-controlled shared work area with moderate noise level. Willing to travel up to 10% (e.g. 2 days/month) by automobile (as driver and passenger), commercial airlines, rental vehicles and public transportation and be able to lodge in public facilities. Travel will be necessary to conduct the duties of this job, and the employee must have proper licensing to operate a motor vehicle.
This description is not intended to be an all-inclusive list of responsibilities, duties, and requirements for employees in this position. Job descriptions may and do change periodically. Where positions are covered by a collective bargaining unit agreement, the terms and conditions of the collective bargaining unit agreement will apply.
About our Company: We are a customer focused, growth-oriented utility company that is devoted to our communities. We have a mission to improve life with energy and a vision to be the energy partner of choice. Our diverse culture sparks unique perspectives, opening doors to new ideas and possibilities. Based in Rapid City, South Dakota, we have over 2900 employees and serve 1.2 million natural gas and electric utility customers across eight states (South Dakota, Montana, Wyoming, Colorado, Nebraska, Iowa, Kansas, and Arkansas).
Enjoy our Comprehensive Benefits Package: annual incentive program (based on percentage of eligible earnings), 401(k) (6% company match and up to 9% company retirement contribution), tuition reimbursement, paid time off, additional Veteran PTO, military leave differential pay, paid holidays and annual floating holidays, company paid short term and long term disability, paid maternity and paternity benefits, health and wellness program, and competitive medical, dental and vision insurance.
Candidates must successfully pass a pre-employment drug screen and background check.
Black Hills Corporation does not sponsor applicants for work visas. All applicants must be legally authorized to work in the US.
Black Hills Corporation is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, age, or status as a protected veteran.
Wage: 102500 to 169200