PNM Resources

Job ID: 6087982
Date: 02/02/2023
Location: PNM, Albuquerque, NM
Full/Part Time: Full-Time
Regular/Temporary Regular

Posting Deadline

This position is posted until filled.

Department:: Information Security

JOB DESCRIPTION

Manager, Information Security Operations & Engineering

Salary Grade: G04
Minimum Midpoint Maximum
$99,778 - $134,699 - $169,622

This position is covered by NERC CIP cyber security standards. Prior to being hired, promoted, or transferred into the position, the candidate must successfully pass a Personnel Risk Assessment, which includes identity verification and a criminal background check. Prior to being granted unescorted access to cyber secure areas, the candidate must attend cyber security training. Annual cyber security training is also required.

SUMMARY:

Ensures technical and logical security mechanisms are in place to protect enterprise assets and information from unauthorized access. Provides technical expertise to implement and maintain security measures to protect confidentiality, integrity, and availability of enterprise electronic systems information.

ESSENTIAL DUTIES AND RESPONSIBILITIES:

• Recommends, implements, and maintains technical and procedural controls to provide security in the most reasonable and cost-effective manner; interprets standards, requirements, and their application to the enterprise environment
• Performs implementation, testing, oversight, and administration for enterprise security applications, platforms, and solutions, including but not limited to: firewalls, intrusion detection and prevention, identity and access management, encryption solutions, Virtual Private Networks, security event monitoring, log management tools, anti-virus/malware prevention tools, and vulnerability assessment solutions
• Acts as a subject matter expert to process and respond to potential and actual cyber security incidents, or alerts issued through the ES-ISAC, ICS-CERT, US-CERT as applicable to enterprise systems and operations
• Participates in internal and external audits and reviews to ensure compliance with regulatory standards, internal security policy, and coordinates with internal audit staff, as appropriate
• Acts as a liaison with other internal groups in the implementation of solutions utilized by the Mandatory Reliability Standard Compliance Program
• Develops, implements, and coordinates change/configuration management and security testing for enterprise systems
• Assists Information Security team members and internal clients in addressing highly complex security issues applicable to enterprise environment

COMPETENCIES:

• In-depth management, negotiation, technical skills, and demonstrated leadership and customer service skills
• Ability to utilize working knowledge of information security best practices such as: NIST 800 series, ISO 27000 series, ISA, or COBIT
• Excellent skills in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology
• Ability to understand enterprise business computing operations/requirements, and fundamental power generation operations
• Knowledge of forensics, incident analysis, and incident response management
• Demonstrated skills in personnel management, budget management, and conflict management
• Ability to stand firm on issues yet be flexible and creative when working with customers to find effective solutions
• Ability to organize, create, and deliver technical proposals and presentations to peers and management
• Ability to understand and interpret laws and regulatory requirements related to information protection, and develop and implement appropriate processes to keep the Company in compliance and reduce legal liabilities
• Project Management knowledge and experience a strong plus

QUALIFICATIONS

MINIMUM EDUCATION AND/OR EXPERIENCE:

• Bachelor's degree from four-year college or university in Information Resource Management, Business Computer Systems, Computer Science or Computer Security with seven to nine years related experience, or equivalent combination of education and/or experience related to the discipline.
• Master's degree preferred.

CERTIFICATES, LICENSES, REGISTRATIONS:

• Certification in security or systems control related field: I.e., CISSP, CISA, or CISM.

SUPERVISORY RESPONSIBILITIES:

• Hires, trains, evaluates, rewards, and terminates employees
• Designs, organizes, prioritizes, schedules, and leads work assignments
• Fosters good working relationships with various groups
• Appraises performance, rewards and disciplines employees, addresses complaints, and resolves problems
• Indirectly supervises and guides enterprise employees, contractors, and electronic system users for performance of job functions in accordance with enterprise security programs, policies, and procedures.

COMMUNICATION SKILLS:

• Ability to respond effectively to highly sensitive inquiries or complaints
• Ability to effectively give persuasive speeches and presentations on controversial or complex topics to various audiences
• Ability to read and interpret complex documents such as safety rules, operating and maintenance instructions, and procedure manuals
• Ability to write complex reports, regulatory documents, policies and correspondence
• Ability to speak effectively before groups of customers or employees of organization

MATHEMATICAL SKILLS:

• Ability to calculate figures and amounts such as discounts, interest, commissions, proportions, percentages, area, circumference, and volume
• Ability to apply concepts of basic algebra and geometry

COMPUTER SKILLS:

• In-depth knowledge and experience with mainframe and client/server applications and information security issues
• Strong working knowledge of current marketed security tools and technologies
• Strong working knowledge of industry regulations (NERC CIP, Sarbanes Oxley, PCI) and industry security standards (NIST, ISO)

ANALYSIS AND PROBLEM-SOLVING ABILITY:

• Ability to strategically approach issues
• Ability to be proactive, adept at working with cross-functional teams and stakeholder groups
• Ability to synthesize complex information
• Ability to apply creativity to problem solving and utilize analytic skills and modeling capabilities to provide ongoing insight into the business and to make recommendations and decisions
• Ability to identify and develop remediation or mitigation plans as necessary
• Ability to coordinate with, and lead, cross-functional team of technical experts.

DECISION MAKING:

• Ability to conduct and guide enterprise Information Security project and operations activities and practices within the bounds of approved security programs and policies, and in accordance generally accepted security standards.

SCOPE AND IMPACT:

• Electronically protects all enterprise computing platforms for the purpose of providing and preserving confidentiality, integrity, and availability of all corporate systems, applications and data
• Electronic protection of systems within the scope of this position is intended to minimize potential costs directly related to operational, legal, regulatory, and reputation risk from loss of enterprise system operation or confidential or proprietary information.
• Failure to protect systems from unauthorized electronic access exposes Company to heightened regulatory oversight, monetary sanctions, and increases vulnerability to malicious cyber-attack against Company cyber assets essential to enterprise operations.

PHYSICAL DEMANDS:

• While performing the duties of this job, the employee is frequently required to stand, sit, and/or walk up to 2/3 of the time
• The employee must occasionally lift and/or move up to 25 pounds.

WORK ENVIRONMENT:

• Office environment.
• Travel required.

EQUAL OPPORTUNITY STATEMENT

PNM Resources and affiliates are Equal Opportunity/Affirmative Action employers. Women, minorities, disabled individuals and veterans are encouraged to apply.

PI203045602