Electric Cooperatives of Arkansas Director – Critical Infrastructure Security in Arkansas, Arkansas
Director – Critical Infrastructure Security
Little Rock, AR, USA
IT Security & Compliance / Full Time
Arkansas Electric Cooperative Corporation (AECC) is an organization with a rich history and a bright future.As a leader in the energy industry we look to our employees to help us grow, change, and provide power to over 500,000 members of our 17 electric distribution cooperatives.
A Director of Critical Infrastructure Security manages the security risk for both cyber and physical security for all Cooperative critical infrastructure, information assets and cyber systems in a manner sufficiently rigorous to protect critical systems and information, and to meet all applicable regulatory requirements. In this position, you will be given the opportunity to work alongside peers who are versatile, enthusiastic, and continuing to strive to push AECC and our mission forward.
Manages the selection and implementation of security controls to reduce cyber and physical security risks to the Cooperative. Conducts periodic cyber security risk assessments and coordinates with all affected Divisions to develop and implement mitigation strategies for protecting Cooperative cyber assets, regardless of physical location.
Develops and maintains the Cooperative’s Cyber and Physical Security policies, programs and procedures. Ensures that these policies and programs are rigorous enough to protect the Cooperative’s critical assets, information assets and cyber systems, and comply with all applicable regulations.
Drives thought leadership and security strategy horizontally across the organization. Works with other Divisions and Departments to tailor security approaches and implementations to specific environments.
Plans and oversees the Cooperative’s response to security incidents. Ensures that employees are adequately trained in the operation of the response plan(s). Ensures that all required incident reports are prepared and filed.
Leads a security operations center for AECC and its Member Cooperatives to identify and respond to security incidents, fulfill security service requests and monitor the reliability of a statewide deployment of next generation firewalls.
Oversees the physical security program for all AECC control centers, wholly-owned plants and AECC substations.
Oversees the implementation of NERC CIP compliance and leads the response to NERC Alerts and other security regulation. Works closely with Corporate Compliance Staff to ensure that operations related to CIP compliance are adequate to meet requirements.
Oversees a training program to ensure Cooperative employees remain informed about their personal security and their responsibility in securing Cooperative assets.
Oversees the conduct of vulnerability and risk assessments for the Cooperative’s critical assets, information assets and cyber systems, and implementation of risk mitigation plans.
Oversees the technology change management process as well as oversees the identity and access management program.
Oversees the IT disaster recovery plan. Works with other Departments within Information Technology in creation of restoration plans for key resources.
Oversees the information protection and data loss prevention program.
Participates in security-related industry groups as necessary to represent the Cooperative’s interests.
Reports to the Vice President/Chief Technology Officer on a regular basis regarding security risks to the Cooperative’s critical assets, systems and networks and provides a summary of all IT security incidents. Provides periodic updates to the Board of Directors on security-related incidents, trends and risks.
Carries out supervisory responsibilities in accordance with the organization's policies and applicable laws. Responsibilities may include but are not limited to interviewing, hiring and training employees; planning, assigning and directing work; appraising performance, rewarding and disciplining employees; addressing complaints and resolving problems.
Develops capital and operating budgets for the Department, as well as for the protection of critical assets Cooperative-wide.
Provides security-related assistance to the Member Cooperatives, as requested.
Participates in other special projects or assignments as directed by the Vice President/Chief Technology Officer.
Bachelors in Computer Science or related field,or equivalent combination of education and experience.
Ten (10) years total cyber security experience including five (5) years related management experience, or equivalent combination of education and experience.
Given the critical demand for reliability and availability of security related systems for core business resources and applications, this position will occasionally require work outside normal business hours.
Must be able to obtain a Secret-level U.S. government clearance
2 Retirement Plan Options
Health, Dental, and Vision Insurance
9 Paid holidays
Paid time off accrual
Free & Confidential Employee Assistance Program
Should you elect to apply for this position, AECC/AECI will review your qualifications. If after reviewing the qualifications and experience of all applicants, your skills and credentials meet our needs, someone from our organization may contact you. Please be advised that the time required to complete the applicant review process typically takes between 30 and 90 days, but could extend beyond that. Once the position has been filled, all applicants will be notified via email.
Arkansas Electric Cooperative Corporation and Arkansas Electric Cooperatives, Inc. are Equal Opportunity Workplace and an Affirmative Action Employers. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, age or any other protected category.
Job ID 2018-1510
# of Openings 1
Department IT Security & Compliance
Min Pay Rate USD $135,000.00/Yr.
Max Pay Rate USD $168,000.00/Yr.