Senior Business Information Security Officer (m/w/d)

Job Description

This is a hybrid role. The first three months are fulltime in the office.

Manage the security activities and people associated with multiple projects and collaborate across both business and technical domains in the architecture function to execute critical initiatives of the function. Expertise is applied cross-functionally to drive the ideation, adoption, and implementation of technical methods within various teams and aid the firm in remaining at the forefront of industry trends, best practices, and technological advances in cybersecurity.

Essential Functions

• Serves as the Cyber Security point of contact and the primary interface on all initiatives in the business line working directly with the Director or Vice President for that business line.
• Cultivate security culture with your product technology and business colleagues. Build a vision around the next level of security maturity for the line of business. with inputs from the security organization and work with Product Line Managers, and Engineering Leaders to deliver on that idea. This vision must enable business outcomes and continuously raise the security bar and not one or the other.
• Know your business line across its breadth and depth. Be fluent in your business lines strategy and roadmap as well as its key investment programs. Identify unfamiliar technology components, capabilities, and business concepts and be self-motivated to learn all about them, applying critical thinking to identify hidden issues along the way.
• Serve as a product security thought leader. Learn from your business line and cybersecurity teams and share best practice in both directions. Be recognized in your business line as the clear point of escalation and subject matter expert for IT Risk and Cyber domains. Serve as a cyber risk advisor to the leadership team and help prioritize initiatives with the greatest ROI.
• Act with urgency managing emerging issues. Proactively monitor Key Risk Indicators to ensure issues are identified, quantified, communicated, and managed in a timely manner, including recommendations for resolution, and identifying the root cause/key themes.
• Enable and partner with application architects and engineering leaders to design secure, scalable, and resilient applications.
• Leads multiple cybersecurity architecture and process implementations across business line to achieve security architecture objectives.
• Provides leadership and high-level direction to teams while frequently overseeing employee populations across multiple platforms and lines of business.
• Acts as the primary interface with senior leaders, stakeholders, and executives to drive consensus across competing cyber security objectives.
• Identifies and manages cross-project risks and issues through the development and execution of alternatives and mitigation strategies.
• Influences and coordinates resource reallocations to assure project and portfolio success.

Technical Knowledge/Skill/Education/Licenses/Certifications

Technical Knowledge/Skill:

• Exhibits an exceptional degree of ingenuity, creativity and/or resourcefulness.
• Applies extensive organizational and/or project management expertise and has full knowledge of other related disciplines.
• Experience with documenting existing procedures, and in the analysis of security processes.
• May be viewed as expert within a given field.
• Formal training or certification on software engineering concepts and 5+ years applied experience.
• Experience running teams of architects that design cybersecurity solutions operations on cloud-based platforms and applications.
• Hands-on practical experience delivering enterprise level planning, design, and implementation of enterprise-level security solutions and controls related to:
  • Secure Software Development Life Cycle (SSDLC) (e.g., code review, risk assessments, threat modeling, static code analysis, and dynamic application scanning)
  • Modern Security Engineering/Architecture practices (e.g., micro services, containers, orchestration, continuous integration & delivery pipelines, API first, service delivery & integration)
  • Solution Development & Delivery
  • Product technologies
• Experience with writing, reviewing, and applying security policies, standards, and procedures based on NIST, ISO, PCI/DSS, CIP, and other frameworks/standards.
• Hands-on practical experience in cybersecurity architecture that can be applied and repeated across businesses, functions, and systems.
• Experience designing cybersecurity products and solutions for public cloud-based applications and infrastructure.
• Experience developing and leading large, cross-functional teams of technologists.
• Subject matter expertise in multiple security domains (e.g., mobile, application security, vulnerability reduction, data protection, encryption, logging and monitoring, network security, etc.)
• Demonstrated prior experience influencing across highly matrixed, complex organizations and delivering value at scale.
• Experience leading complex projects and supporting system design, testing, and operational stability.
• Experience hiring, developing, and recognizing talent.

Education:

Bachelor’s Degree in Information Technology, related degree or related experience

Experience:

10 years related experience required which includes 5 of those years related to senior level cyber security experience

Licenses & Certifications:

Certification in Public Cloud Technology from one of the major Cloud Service Providers (e.g. AWS Certified Solutions Architect, Microsoft Azure Architect, Google Cloud Architect) or prominent independent organization such as ISC2.

Working Conditions

• Must be available to work emergency restoration assignment as required.
• Must be available to travel between MA/CT/NH as necessary.

Mental Aspects

Leadership Behaviors/Competencies:

Set and Communicate Direction and Priorities

• Communicate priorities and goals (company, department, team)
• Show how employee’s work fits in
• Provide business updates, news
• Communicate, communicate, communicate

Build Trusting Relationships

• Role model honesty/integrity in communication and action
• Balance “getting results” with concern for individual needs
• Have honest dialogue with employees; get to know them

Manage and Develop People

• Set realistic performance objectives and expectations
• Give ongoing, honest feedback; coach for success
• Recognize good performance
• Visit crews in the field
• Remove obstacles to day-to-day performance
• Provide tools, information, training

Foster Teamwork and Cross-functional Collaboration

• Encourage cooperation/remove obstacles between work groups/departments
• Encourage collaboration/peers helping peers

Create a Diverse, Inclusive Workforce

• Ask for employee input on work process/practice improvements and before implementing change that will affect them
• Encourage ideas

Lead Change

• Deliver effective, positive communications about change to your team
• Exhibit a “can-do” attitude to successfully implement changes in priorities and work processes
• Respond positively to new demands or circumstances

Focus on the Customer

• Ensure that everyone on the team understands our customer promise and provides superior customer service
• Be a role model for the team on delivering superior customer service

Compensation and Benefits

Eversource offers a competitive total rewards program. The annual salary range for this position starts at $151,700.00 to $168,560.00.00, plus incentive. Salary is commensurate with your experience. Check out the career site for an overview of our benefits.

Worker Type

Regular

Number of Openings

3

EEO Statement

Eversource Energy is an Equal Opportunity and Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to age, race, color, sex, sexual orientation, gender identity, national origin, religion, disability status, or protected veteran status.

VEVRRA Federal Contractor

Emergency Response

Responding to emergency situations to meet customers’ needs is part of every employee’s role. If employed, you will be given an Emergency Restoration assignment. This means you may be called to assist during an emergency outside of your normal responsibilities, work hours and location.