NextEra Energy Cyber Security Risk Management Program Manager in Juno Beach, Florida
Cyber Security Risk Management Program Manager
Date:Jan 12, 2019
Primary Location:Juno Beach, FL, US, 33408
Company:NextEra Energy Requisition ID: 28223
Our reliability is one of the best in the nation, and we’re working to make it even better. We live here too. That’s why we’re committed to making Florida a better place. Join our team today
Position Specific Description PRIMARY FUNCTION:
Lead initiative directed toward the development and optimization of an enterprise wide cyber risk management program. Organize the processes, technologies, and capabilities that enable the analysis, measurement, management and communication of enterprise wide cyber risks. Role is accountable to deliver the specific outcomes defined by the program.
- Works closely with the cyber security team members, stakeholders, and Information Technology staff to create strategy, approach, sequencing, and timeline for the overall cyber risk management program, focusing on metrics driven outcomes.
- Provides guidance and coordination for cyber risk management efforts including identification, assessment, tracking and resolution of risk management activities across all levels of the organization.
- Processes vulnerability and threat data from a variety of internal and external sources to provide actionable risk management tactics to internal consumers in order to reduce overall enterprise cyber risk.
- Engages leaders from all business areas to understand and prioritize cybersecurity risks through formal risk assessments and maintains a risk register.
- Builds and institutes a cyber risk management program to focus cybersecurity investments with guidance from executive cyber security steering committees or champions.
- Ensures multiple projects that comprise the program are linked in an effective manner to deliver the expected program outcomes and benefit, in an integrated fashion.
- Serves as lead and point of contact for all cyber security risk management related activities.
- Creates or implements tools for regular reporting of risk management activities and progress across all areas of cyber security.
- Builds processes and tools to provide the business visibility of cybersecurity risks and drive accountability.
- Assists in development and maintenance of policies, standards, processes, and procedures to assess, monitor, report, escalate and remediate cyber risk.
- Educates and advises technology and business executives as needed on cyber and technology risk as well as appropriate mitigation strategies and approaches related to security and risk management. Ensure communications are consistent and coordinated at the enterprise level.
- Gathers and maintains knowledge and spread awareness of trends in the threat landscape.
- Serve as the primary point of contact for cyber risk assessment reviews performed by outside entities.
- Performs assigned work safely adhering to established departmental safety rules and practices. Reports to supervisor, in a timely manner, any unsafe activities, conditions, hazards or safety violations that may cause injury to oneself, other employees, patients and visitors.
- Performs other related duties as required
KNOWLEDGE, SKILL, AND ABILITY REQUIREMENTS:
- Ability to lead, influence and collaborate with remote team members, proven delivery, remediation and cyber risk management background.
- Ability to work with and translate complex scenarios into a simplistic manner for non-technical resources (legal, business leaders, Privacy Committee, etc.)
- Understanding of security operations concepts, vulnerability management and incident remediation within a complex organization
- Understanding of security threat environment relative to computer network architectures, designs, topologies, applications, databases, email systems, remote access, and operating system platforms
- Understanding of firewalls, routers, switches, messaging systems, various commonly used operating systems (Windows, Linux, UNIX), common attack tools, and vulnerability detection/management tools
- Demonstrated experience in project planning and execution, change planning and management.
- Experience with leading the development, implementation, and management of cyber risk management activities
- Experienced in, and able to formulate, the cost effectiveness benefit of security initiatives in the context of overall business risk mitigation and the company's operational objectives
- Demonstrated knowledge of recognized security industry standards and leading practices (e.g., NIST, ES-C2M2, ISO)
- Demonstrated understanding of technological trends and developments in the areas of cyber security, risk management, web architectures and cloud computing.
- Skill in presenting to groups of all technical, managerial and executive levels
- Skill in developing requests for information and request for proposals for hardware and software
- Ability to identify key elements of an assignment, anticipate potential problems and take steps to avoid them
- Ability to handle multiple tasks simultaneously, and remain effective in high pressure situations
- Ability to assume responsibility and to work flexible hours with minimal supervision, supporting on-call situations, as needed
CISSP, CEH, CISM, CISA or other industry-relevant cyber-security certifications
Job Overview This position establishes strategy, develops business plans, and oversees and leads in the design, development and implementation of technology solutions to meet business needs. Leaders in this role provide leadership and oversight to manage performance and results in one or more Information Technology (IT) disciplines. Individuals will be accountable for the reliability, performance, security, and continuity of IT systems and supported business processes.
Job Duties & Responsibilities
- Provides leadership, influence, vision, and direction to the organization to contribute to achieving the company's goals
- Works with IT leaders to develop overall IT strategy in alignment with business strategy
- Oversees value stream by focusing on cost and risks of technology portfolio to meet business needs
- Supports and fosters innovative technologies to deliver new ideas that enable business transformation
- Ensures high levels of ongoing system and application performance in production environments
- Oversees development of processes and tools to automate code releases from development to operations (DevOps)
- Attracts, develops and retains a high-performing and diverse team
- Establishes and drives technology roadmaps that align with current and future business needs
- Manages third party technical and outsourcing relationships to deliver project and operational support objectives
- Ensures technology processes are conducted in line with applicable standards and company policies
Performs other job-related duties as assigned Required Qualifications
High School Grad / GED
- Bachelor's or Equivalent Experience
Experience: 7+ years Preferred Qualifications
Bachelor's - Information Systems
- Supervisor/Management Experience: 2+ years
Employee Group: Exempt Employee Type: Full Time Job Category: Information Technology Organization: Florida Power & Light Company Location: Juno Beach, Florida Other Work Locations: Florida Relocation Provided: Yes, if applicable
NextEra Energy is an Equal Opportunity Employer. Qualified applicants are considered for employment without regard to race, color, age, national origin, religion, marital status, sex, sexual orientation, gender identity, gender expression, genetics, disability, protected veteran status or any other basis prohibited by law. We are committed to a diverse and inclusive workplace.
If you require special support or accommodation while seeking employment with NextEra Energy, please send an e-mail to, providing your name, telephone number and the best time for us to reach you. Alternatively, you may call 1-844-694-4748 (Option 1, Press 6) between 8 a.m. and 5 p.m. EST Monday-Friday. Please do not use this line to inquire about your application status.
NextEra Energy will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information.
NextEra Energydoes notaccept any unsolicited resumes or referrals fromany third-party recruiting firms or agencies. Please see ourfor more information.
Nearest Major Market:Palm Beach Nearest Secondary Market:Miami