Mgr Energy Supply Operational Technology Cyber Security

Title: Mgr Energy Supply Operational Technology Cyber Security 
Company: Tampa Electric Company 
State and City: Florida - North Ruskin
Shift: 8 Hr. X 5 Days

 

 

POSITION CONCEPT: 
The Mgr Energy Supply Operational Technology Cybersecurity plays a crucial role in developing, implementing, and maintaining a comprehensive cybersecurity framework that aligns with industry best practices and organizational risk tolerance in support of Energy Supply.  Lead efforts to protect the organization's energy production assets from evolving cyber threats, ensuring compliance with regulatory requirements, and fostering a culture of cybersecurity awareness.  Partner with IT via a dotted-line reporting to the Dir of Information Security to establish objectives, strategies, plans, policies, and programs for cybersecurity, privacy, protection, and resilience of energy production assets, operational technology, and information.  Requires broad technical and industry experience to recommend effective and efficient security technology and compliance with industry regulatory requirements, future industry trends and corporate business plans.  Provide expert-level support, within a team environment, for systems used to monitor and protect power plant assets.  Ensure appropriate risk management assessments are performed on power plant assets for secure configurations while maintaining regulations regarding NERC Critical Infrastructure Protection (CIP) and corporate security standards.

 

DUTIES AND RESPONSIBILITIES:

OT Framework Development and Implementation: 

• Lead the adoption of a suitable cybersecurity program based on industry best practices (e.g., NIST Cybersecurity Framework, ISO 27001).
• Establish OT cybersecurity policies, standards, procedures, and guidelines based on corporate security standards and regulatory requirements.
• Coordinate and facilitate OT risk assessments.
  • Document existing vendor-provided cybersecurity OT solutions.
  • Identify control gaps and inefficiencies in operational effectiveness corresponding to corporate security framework.
• Develop an OT cybersecurity roadmap.
• Manage the resolution of identified risks.
  • Coordinate enhancements and partner on development of new features (include GE, ABB, Emerson and others in the OT CSF discussions and solutions).

OT Framework Management and Maintenance: 

• Oversee the ongoing implementation and alignment of the OT cybersecurity framework.
• Conduct regular OT framework assessments and gap analyses to identify areas for improvement.
• Ensure the OT framework remains aligned with evolving threats, technologies, and regulations.
• Coordinate OT framework-related activities with power plants and align with outage schedules when needed.

OT Risk Management: 

• Implement OT risk management process to identify, assess, and mitigate cybersecurity risks.
• Develop and implement OT risk response strategies, including incident response plans.

Collaboration and Coordination: 

• Collaborate with IT teams, security teams, and other stakeholders to ensure alignment with framework requirements.
• Establish relationships with external cybersecurity partners and vendors that specialize in OT.
• Provide guidance on determining and implementing solutions surrounding centralized support models with ICS/OT principles.
• Collaborate with business and technical stakeholders, including OT engineers/operators, to develop and implement infrastructure and associated standards and procedures.

Communication and Training: 

• Communicate OT cybersecurity risks and best practices to all levels of the organization.
• Facilitate collaboration and information sharing throughout Energy Supply to improve overall security.
• Participate in Power Plant Cybersecurity forums for the energy industry.
• Assist in the development of OT cybersecurity training programs.
• Report on the development and alignment of the OT cybersecurity program to Senior Management.
• Onboarding of additional OT cybersecurity resources as required.

 

EDUCATION:
Required: Bachelor’s Degree from an accredited university in any field of study.

Preferred: Master’s Degree and/or continuing cybersecurity education via classes, webinars, seminars, degrees, and training.

 

LICENSES/CERTIFICATIONS 
Required: Holds or in the process of obtaining a basic security clearance.
Preferred: Dragos Certified User (DPCU), active industry recognized security certification from at least one the following certification vendors: (ISC)2, SANS GIAC, ISACA.

 

EXPERIENCE:
Required: 6 years of experience related to the Duties and Responsibilities of this position.

• Power plant operations and/or cybersecurity frameworks (i.e. NIST, PCI, ISO, CIS).
• Energy Supply business processes and/or cybersecurity controls, including relevant regulatory and compliance requirements such as NERC.
• General knowledge of cybersecurity concepts such as Identity and Access Management, Zero Trust, Defense-in-Depth, networking, virtualization, encryption, vulnerability management, intrusion detection, incident response and Security Information and Event Management (SIEM).

Preferred:    

• OT security, incident response and critical infrastructure protection.
• Risk Management, Compliance, and conducting Industrial Control System (ICS)/ Operational Technology (OT) Cybersecurity risk assessments or audits.
• ICS Security Policies, Standards and Procedures based on industry standards, regulations, and best practices.
• Energy Supply Control Systems and Distributed Control Systems.
• Dragos or similar OT cybersecurity monitoring solutions.

KNOWLEDGE/SKILLS/ABILITIES:
Required:

• Working collaboratively, building relationships and leading teams of skilled professionals\
• Organizing and proactively working within deadlines and budget constraints.
• Strong project management background and skills.
• Knowledge of detection, threat hunting, response, insider threat, security automation and threat intelligence.
• Strong critical thinking, analytical, problem solving, and risk assessment skills and strong listening and oral and written communication skills.
• Ability to present issues and topics of a complex technical nature to non-technical audiences.
• Knowledge of OT systems’ architecture.

Preferred:

• Understanding of the processes that ensure compliance with NERC CIP, SOX, or PCI
• Familiarity with IDS/IPS, OSI layers, packet decoding, SIEM, firewalls, advanced endpoint protection, scripting languages, and threat intelligence feeds
• Knowledge of methodologies and best practices for network, operating system, database, and application security.
• Understanding of attack vectors and exploits (e.g. MITRE)

 

COMPETENCIES:

• Builds Strong, Collaborative Relationships 
• Cultivates Innovation and Embraces Change
• Develop People and Teams
• Speaks up on Safety, Health, and the Environment
• Drives Operational Excellence for Customers
• Takes Ownership & Acts with Integrity
• Thinks Strategically & Exercises Sound Judgment

 

WORKING CONDITIONS:
Travel between power plants. May require assistance responding to cybersecurity incidents outside of normal business hours.

 

PHYSICAL DEMANDS/ REQUIREMENTS:
Requires the use of PPE at the power plants. May require interacting with equipment in the computer rooms at the plants around hot and audible equipment. May require light lifting, ascending/descending stairs and reaching.

TECO offers a competitive Benefits package!!

Competitive Salary *401k Savings plan w/ company matching * Pension plan * Paid time off* Paid Holiday time * Medical, Prescription Drug, & Dental Coverage  *Tuition Assistance Program * Employee Assistance Program * Wellness Programs * On-site Fitness Centers * Bonus Plan and more!

 

STORM DUTY REQUIREMENTS....Please make sure to read below!!!  Responding to storms will be considered a condition of employment.

TECO Energy and its companies serve a role in providing critical services to our community during an emergency. Team members are required to participate in the response/recovery activities related to emergencies/disasters to maintain service to our TECO Energy customers. Team members are required to work in their normal job duties or other assigned activities. Proper compensation will be made in accordance with the company's rules and procedures.

 

TECO Energy is proud to be an Equal Opportunity Employer.

TECO Energy is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability status, veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by law, except where physical or mental abilities are a bona fide occupational requirement and the individual is unable to perform the essential functions of the position with reasonable accommodations.

In order to provide equal employment and advancement opportunities for all individuals, employment decisions at TECO Energy will be based on skills, knowledge, qualifications and abilities.

Pay Transparency Non-Discrimination Statement
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)

ADA policy
It is the policy of TECO Energy to provide reasonable accommodation for all qualified disabled individuals who are employees and applicants for employment, unless it would cause undue hardship. The corporation will adhere to applicable federal and state laws, regulations and guidelines, including, but not limited to the Americans with Disabilities Act (ADA) of 1990 and section 503 and 504 of the Rehabilitation Act of 1970s.

 

Application accommodations
Applicants may request reasonable accommodation in the application process five business days prior to the time accommodation is needed.

 

Pre-employment physical exams may be required for positions with bona fide job-related physical requirements regardless of disability.