Information Security Director at Essential Utilities
Bryn Mawr, PA
About the Job
Essential Utilities, Inc. delivers safe, clean, reliable services that improve quality of life for individuals, families, and entire communities.
Operating as the Aqua (water and wastewater services) and the Peoples and Delta (natural gas) brands, Essential serves approximately 5.5 million people across 10 states. We are committed to sustainable growth, operational excellence, a superior customer experience, and premier employer status - including a competitive and comprehensive benefits package as well as a commitment to career growth opportunities.
We are advocates for the communities we serve and are dedicated stewards of natural lands, protecting more than 7,600 acres of forests and other habitats throughout our footprint.
Our company is one of the most significant publicly traded water, wastewater service and natural gas providers in the U.S.
Essential Utilities is now looking to appoint an Information Security (InfoSec) Director who will playa critical roleinleading and spearheading Information Security, Cybersecurity, Technology Risk Management and ComplianceacrossInformation Technology (IT) and Operational Technology (OT). As InfoSec Director you will collaborateclosely with OT, IT, and business stakeholders at all levels acrossourWater, Wastewater, and Natural Gas sectors,with this role tasked with ensuring the development, implementation and operation of programs, capabilities, governance, and policies that enable the organization to innovate and operate efficiently while effectively managing cyber risks and ensuring compliance with regulatory requirements.
Ready to take your career to the next level? Let's Talk!
Keyaccountabilitiesinclude:
Functioningas the strategic leader for Information Security, Cybersecurity, Compliance and Privacy, acting as a subject matter expert responsible for strategy, standards, policies, and control frameworks.
Direct and provide a strategic risk management vision to effectively secure the business while supporting innovation and execution.
Experience developing multi-year strategic roadmaps addressing the threat and compliance landscapes for both IT and OT/ICS/SCADA.
Ensuring alignment with regulatory compliance obligations and emerging cybersecurity standards.
Foster an enterprise-wideculture of security awareness for both IT and OT.
Oversees and manages the teams and functions for Security Operations & Engineering, Governance Risk and Compliance (GRC), Identity & Access Management, and SAP Security.
Ensure operation and continuous improvement of capabilities for vulnerability management, threat management, and incident response.
Engage with regulators and industry groups on topics related to cybersecurity in critical infrastructure.
The ideal candidate will possess strong technical expertise in environments with large, complex, and distributed technology environments with experience in enterprise IT and OT, with regulated utilities experience preferred. Ability to communicate with both technical teams and executive leadership appropriately, with effective stakeholder management at all levels.
Required Experience, Education, Licenses, and Certifications:
Minimum of 10 years leadership role in technology with at least five having direct responsibility for Information Security programs and strategy management.
B.S. or equivalent degree in Computer Science, Engineering, Information Sciences & Technology, Information Assurance, or related field.
Certifications: CISSP and CISM strongly preferred with other advanced certifications (e.g. GCIH, CRISC, GRID, GICSP, CISA, ISSMP/ISSEP/ISSAP, etc.) considered a plus.
Expert in cyber risk management, knowing how to effectively use both qualitative and quantitative approaches, and ability to define effective risk treatment strategies.
Experience effectively leveraging security frameworks, guidance and best practices including NIST CSF, CIS Critical Security Controls, CIS Benchmarks.
Experience with critical industrial operations including SCADA/ICS, with utilities industry experience preferred.
Expert level knowledge of security technologies, functions and services including Threat Intelligence, Security Operations Centers, SIEM, Firewall Engineering, Network Security, Authentication, EDR/Anti-Malware, Encryption, PKI, Forensics, Intrusion Detection and Prevention.
Essential Utilities, Inc., is an Equal Opportunity/Affirmative Action employer. Equal employment opportunity is provided to all employees and applicants for employment without regard to the following legally protected characteristics: race, color, religion, sex, national origin, age, pregnancy (including childbirth and related medical conditions, including medical conditions related to lactation), physical or mental disability, covered-veteran status, genetic information (including testing and characteristics), sexual orientation, gender identity or expression or any other characteristic protected by applicable local, state or federal law.
Essential Utilities is committed to providing reasonable accommodation to individuals with disabilities. If you have a condition that may prevent you from applying for a job online or need to request an accommodation during the interview process, please call (1-877-271-9012).
To maintain the integrity of the recruitment process and to avoid real or perceived conflicts of interest due to employment and/or assignment of family members and personal referrals, specific guidelines apply to the hiring and assignment of these individuals including, but not limited to:
- Family members cannot result in a supervisor/subordinate reporting relationship
- Family members cannot work in the same department.