Central Hudson Poughkeepsie , NY 12603
Posted 5 days ago
Benefits:
Competitive compensation
Medical, Dental, and Vision insurance
401(k) Retirement Savings Plan with substantial company match
Life and Travel Insurance
Tuition Assistance
Wellness Reimbursement Program
Paid Holidays and Vacation
What is a Manager
The Manager
Cybersecurity Vulnerability & Threat Management oversees and coordinates the activities of the cybersecurity operations team. Responsibilities include developing and implementing security practices for vulnerability management, application security, threat intelligence, threat hunting, managing incident response and investigations, conducting risk assessments, and staying updated on security trends. The Manager
Cybersecurity Vulnerability & Threat Management will be responsible for leading the organization's efforts in identifying, analyzing, and mitigating security vulnerabilities across all IT & OT systems and networks. This role involves collaborating with various departments to ensure timely remediation of vulnerabilities, developing strategies to manage and reduce risk, and maintaining compliance with relevant regulations and standards. The ideal candidate will possess a strong technical background, excellent leadership skills, and a proactive approach to vulnerability management. The Manager
Cybersecurity Vulnerability & Threat Management will be instrumental in building various vulnerability and threat management programs.
What does a Manager
The Manager
Develops, implement, and oversee the company's Vulnerability & threat management programs to protect Central Hudson's assets and critical infrastructure
Overall responsibility for Vulnerability Assessment and Management
Leads the design, implementation, and management of the organization's vulnerability management program
Conducts regular vulnerability assessments and scans to identify potential security weaknesses in IT & OT systems and networks
Prioritizes vulnerabilities based on risk, impact, and exploitability
Provides clear remediation guidance to IT teams
Risk Analysis and Mitigation
Analyzes vulnerability data to identify trends and develop strategies for mitigating risks
Develops and maintain a vulnerability risk register and track remediation efforts to closure
Assist in the investigation and response to security incidents, leveraging vulnerability data to understand attack vectors and prevent future occurrences
Generates and delivers regular reports on vulnerability management activities and risk posture to senior management and relevant stakeholders
Develops metrics and KPIs to measure the effectiveness of the vulnerability management program.
Continually develops and manages roadmaps, strategy and maturity of the cybersecurity vulnerability management program by partnering with key stakeholders across The Company
Develops and implements cybersecurity policies and procedures
Leads and manages the day-to-day vulnerability governance
Leads a team to defend against threats, reduce risk, and mitigate vulnerabilities across the Company
Works closely with software development, DevOps, and IT teams to integrate security into the software development lifecycle (SDLC)
Drives application security program, policies, and procedures
Establishes and enforce secure coding standards and practices across development teams
Integrates security tools and processes into the CI/CD pipeline to automate security checks
Conducts regular security assessments, including static and dynamic application security testing (SAST/DAST), to identify vulnerabilities in software applications
Performs threat modeling, code reviews, and penetration testing to uncover potential security weaknesses
Provides detailed reports on findings and work with development teams to remediate identified vulnerabilities
Identifies and implement automation opportunities
Implements continuous improvement over people, process, and technologies
Participates in incident response and investigation activities, ensuring timely resolution
Conducts regular risk assessments and vulnerability management processes
Leads teams in threat hunting measures
Collaborates with IT and other departments to ensure a cohesive and effective security posture
Stays updated on emerging cybersecurity threats and technologies
Coordinates with external vendors and stakeholders on security matters
Develops and deliver security awareness training programs for employees
Monitors and reports on key security metrics to executive leadership
Manages and guides third party vendor relationships related to the cybersecurity operations program
Supports the escalation of risks, issues, actions, & decisions within the program
Conducts risk assessments and develop strategies to mitigate potential threats and vulnerabilities
Collaborates with cross-functional teams to integrate security measures into business processes and technology solutions
Stays up-to-date with the latest cybersecurity trends, threats, and technologies to continuously improve the vulnerability management program
Establishes and maintains relationships with key stakeholders, communicating security policies, incidents, and mitigation strategies.
Ensures compliance with relevant regulations and standards
Provides storm/emergency response support
What does it take to be a Manager- Cybersecurity Vulnerability & Threat Management?
Required:
Bachelor's degree in Computer Science, Information Technology or related field of study and 5 years of relevant experience. In lieu of a bachelor's degree, an associate's degree with 7 years of relative experience or a high school diploma or equivalency degree and 9 years of related experience will be considered.
At least 3 years of vulnerability management experience
At least 2 years in a security related role
Proven leadership, facilitation, and organizational skills with at least 3 years of experience in a leadership role
Experience with incident response
Experience with creating and maintaining external and internal relationships with key stakeholders
Understanding of cybersecurity frameworks, standards, and best practices
Excellent knowledge of vulnerability management, and risk assessment
Strong leadership skills, with the ability to manage and mentor a team
Excellent communication skills, with the ability to collaborate effectively with diverse teams
Familiarity with regulatory requirements and compliance frameworks
Analytical mindset with the ability to assess complex situations and make informed decisions
Ability to present at all levels of the organization
A strong background with an understanding of the intersection between business and cybersecurity to improve security practices
Ability to influence business decision-making by providing quantitative/qualitative data analytics, metrics, and analysis
A results-oriented mindset with the ability to solve problems and make decisions
Ability to work with limited direct supervision and professionally respond to constructive feedback
Valid driver's license
Preferred:
Experience in Energy & Utilities or services industry
Experience with threat hunting and threat modeling
Experience with application security
Knowledge of application security tools and technologies (e.g., SAST, DAST, RASP, WAF)
Proficiency in programming and scripting languages (e.g., Java, C#, Python, JavaScript)
Familiarity with DevSecOps practices and tools (e.g., Jenkins, Git, Docker, Kubernetes)
Understanding of common security vulnerabilities (e.g., OWASP Top Ten) and how to mitigate them
Experience with Microsoft PowerBI
Experience with data visualization tools
Relevant certifications such as CISSP, CISM, or comparable
This position has a career path which allows for advancement opportunities within a job series. The title and level are commensurate with experience. Pay range: $136,800-211,900
Please go to https://www.cenhud.com/employment. Click the "Search Career Opportunities" button. Follow the directions to submit an application and upload your resume for the desired position.
Applications sent via e-mail and US Mail will not be accepted. No phone calls or agencies, please. All replies will be held in strict confidence.
All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or protected veteran status. Central Hudson Gas & Electric Corporation takes affirmative action in support of its policy to employ and advance in employment individuals who are minorities, women, protected veterans, and individuals with disabilities.
VEVRAA FEDERAL CONTRACTOR
Central Hudson