Director Cyber Security & IT Governance
Portland General Electric Company
PGE's Enterprise Security Department is comprised of the Cyber and Physical Security Teams.
The Director of Cyber Security and Manager of Physical Security report to the Senior Director of Enterprise Security.
The Director of Cyber Security will lead the following teams focused on protecting PGE's technology assets and information from damage, unauthorized use, modification, or exploitation:
1. Asset & Governance
2. Cyber Technology
3. Threat Defense
4. Threat Response
The Cyber Security team evaluates, tests, recommends, develops, coordinates, monitors, and maintains information systems (IS) and cyber security policies, procedures, and systems, including access management for hardware, firmware, and software. Ensures that IS and cyber security architecture/designs, plans, controls, processes, standards, policies, and procedures are aligned with IS standards and overall IS and cyber security. Identifies security risks and exposures, determines the causes of security violations, and suggests procedures to halt future incidents and improve security. Develops techniques and procedures for conducting IS and cyber security risk assessments and compliance audits, evaluation and testing of hardware, firmware, and software for possible impact on system security and investigation and resolution of security incidents. Implements IS and cyber security policies and takes measures against intrusion, frauds, attacks, or leaks.
Career Level Summary
- Develops comprehensive Cyber Security strategy which aligns to Enterprise Security strategy
Drives horizontal integration and collaboration with business partners
Executes functional business plans and contributes to the development of functional strategy
Drives holistic Culture of Security
Decisions are guided by Enterprise Strategy and priorities
Provides leadership, mentorship, and direction to and through managers
Is accountable for the performance and results of multiple teams
Research, Analysis and Technology Governance Solutions Leads analysis of the IT environment, especially as it relates to core governance processes and procedures and cyber security, to detect critical deficiencies and recommend improvements. Directs the analysis of operating model market trends and technology industry best practices to determine the potential impact on the enterprise's security and efficiency, business strategy, direction, and architecture. Provides perspective on the organization's readiness to change and innovate in an efficient and secure manner; presents a gap analysis and/or IT governance roadmap that reflects the status of the existing IT state and its ability to contribute to future-state business capabilities around the governance of digital operations; researches worldwide major disruptive technology practices and nontechnology trends that affect business; advises on best practices to overcome these challenges and successfully deliver the expected business outcomes.
Manage Information Security Strategy Provides strategic leadership for PGE's information security function; provides information security reports and guidance to executive leadership; recommends security investments that mitigate risks, strengthen defenses and reduce vulnerabilities for development and internal and customer-facing systems and products; manages risks related to information security, compliance and reliability to ensure the protection of PGE technology assets and information; ensures the integrity, confidentiality and availability of information that is owned, controlled or processed by the company.
Manage Information Security Operations Manages the enterprise's information security organization consisting of multiple IT risk-based departments focused on functions such as compliance, governance, risk management, disaster recovery, security assurance, security operations and cybersecurity engineering and administration; provides leadership and direction to direct reports and indirect reports (such as committees and individuals in business groups with security responsibilities); leads and facilitates information security governance through PGE's hierarchical governance program (i.e., executive and operational steering committees); develops and implements information security policies, standards and guidelines and facilitates risk assessment and risk management processes throughout the enterprise; facilitates a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation and increase the maturity of the security program. Regularly reports program and strategy status to the board of directors.
Internal Collaboration Collaborates with key technology and business leaders to establish and ensure consistent, disciplined use of technologies, including goals, policies, standards, and priorities across the organization; promotes and demonstrates the business value of digital operations governance and cyber security programs/functions as an enabler of strategy formulation and as support for technology innovation that drives the organization's top and bottom lines.
Functional Leadership Exercises comprehensive functional and industry knowledge in specialized areas; identifies and resolves complex multidimensional business problems; exercises delegated authority over planning, direction and timely execution for a functional area or program; establishes and maintains contacts with management levels within and outside the company and at government agencies and with industry experts in accomplishing function or program objectives.
Financial Management Sets strategy and develops plans, policies and processes for the accounting, budgeting and, where applicable, charging of department resources and services, including the definition of cost models, and charging models; sets, negotiates, approves, and manages all financial budgets and targets, ensuring that there is adequate funding for department objectives and plans.
Resourcing Oversees workforce planning and resource strategy across multiple departments, ensuring that there is adequate skilled resource to meet planned service delivery or department objectives; ensures integration with strategic human resource plans; responsible for recruitment, development, and demand forecasts for multiple departments.
Professional Development Determines organizational development needs in line with business needs and strategic direction of departments; generates development strategies to achieve required change; monitors progress and evaluates business benefits achieved.
Portland General Electric Company
121 SW Salmon St
Oregon United States
From the same organization