Note: The job is a remote job and is open to candidates in USA. Westinghouse is a leader in providing clean energy solutions and is seeking a Senior Manager for Cybersecurity and IT Systems. In this role, you will oversee the execution of Information Systems and Cybersecurity programs, ensuring compliance and managing risks while leading the IT and Security teams through critical assessments and certifications.
Responsibilities
- Establish overall systems architecture vision and ensure that specific components are designed, procured, installed and used
- Responsible for company level compliance and architectural standards, guidelines, policies, frameworks, and reference models
- Oversee all company-level IT architecture components (e.g., data architecture, application/software architecture, technical architecture)
- Establish a compliant protected information system (CUI) environment and develop a sustainable model for IT and Cybersecurity future function including company structure and relations with an external service provider
- Oversee incident remediation activities to ensure compliance with WGS policies and security and nuclear industry best practices
- Lead the IT and Security teams through the Cybersecurity Maturation Model Certification and C3PAO assessment including writing and reviewing WGS procedures and verifying and validating that the WGS process is within compliance
- Oversee the Managed Service Provider (MSP) to ensure all company IT and cybersecurity requirements are met
- Develop a framework for performing and overseeing the performance of IT risk assessments observing established company risk management policies for projects and of suppliers / vendors and within compliance requirements
- Identify, recruit, develop Cybersecurity and IT staff and meet daily IT requests including installing for the WGS IT end-users
- Oversee the development framework for performing technical vulnerability and penetration assessments
- Maintain Main Risk Indicators, including metrics to ensure measurement of risk and threats
- Conduct or oversee self-inspections and audits on WGS protected systems at least annually; document, track, and resolve corrective actions
- Establish and oversee the process for capturing, assessing, decisioning, and reporting risks across the IT organization, both internally and coordinating with the overarching Westinghouse protocols
- Oversee the development of the Security Controls Traceability Matrix (SCTM) to document implementation of applicable NIST 800-53 and 800-171 controls
- Collaborate with the Security Team, Program Management, and MSP to address incidents, reportable events, and non-compliance findings, ensuring reporting to appropriate authorities and leadership
Skills
- Bachelor's degree or equivalent experience. Degree in Information Systems, related technical discipline
- 10+ Years of information technology or systems, security, governance, risk and compliance, IT Audit, or related work experience
- Experience leading cybersecurity projects, including assessing options and subsequent procurement/roll-out
- Experience establishing main IT architecture standards, tools, best practices, and methodologies to meet our target state and help its architecture evolution and agreement across the organization
- Experience in more than one technical information systems discipline (e.g. Networking, Cloud Technology, Applications Development)
- Experience designing solution roadmaps, and system and software architecture according to business strategies and solution architecture standards/processes
- Experience leading a team towards CMMC certification or experience leading a team through cybersecurity compliance assessments and audits
- Knowledge of cloud architecture, platform and software as a service architecture and products
- Knowledge of security and control frameworks, such as ISO 27000, CobiT, NIST, COSO, NIST 800-171 and ITIL
- The company requires US Citizenship and the ability to qualify for federal security clearance
- 20% Travel expected
- Master's Degree preferred
- We prefer CISA, CSAM, CISM CGEIT, CRISC, CISSP, or other applicable information security credentials
Benefits
- Comprehensive Medical benefits which could include medical, dental, vision, prescription coverage and Health Savings Account (HSA) with employer contributions options
- Wellness Programs designed to support employees in maintaining their health and well-being including Employee Assistance Program providing support for our employees and their household members
- 401(k) with Company Match Contributions to support employees' retirement
- Paid Vacations and Company Holidays
- Opportunities for Flexible Work Arrangements to promote work-life balance
- Educational Reimbursement and Comprehensive Career Programs to help employees grow in their careers
- Global Recognition and Service Programs to celebrate employee accomplishments and service
- Employee Referral Program
Company Overview