I.T. Cyber Security Director
Description Calpine Corporation is America's largest generator of electricity from natural gas and geothermal resources with operations in competitive power markets.
Its fleet of 76 power plants in operation and one under construction represents nearly 26,000 megawatts of generation capacity.
Through wholesale power operations and its retail businesses, Calpine serves customers in 22 states, Canada and Mexico.
Its clean, efficient, modern and flexible fleet uses advanced technologies to generate power in a low-carbon and environmentally responsible manner.
The company was established on the premise that a strong commitment to the environment is inextricably linked to excellence in power generation and corporate responsibility.
Since its founding in 1984, Calpine has led the power industry in its unwavering commitment to environmental stewardship.
In addition, its renewable geothermal plants use steam generated deep below the earth's surface to produce clean, renewable electricity.
Job Summary (includes but is not limited to the following; other duties may be assigned) The Information Security Director is primarily responsible for providing leadership, as well as operational and tactical direction to diverse teams, including analysts, engineers, and architects.
The Director also provides strategic direction in coordination with the Chief Security Officer (CSO) leadership team.
The Director leads the team through the information security program by establishing highly effective policies, corporate protocols, and appropriate collaboration among teams.
In addition, the Director assumes responsibility for the education and enforcement of those protocols and matters of compliance.
The Director possesses a strong technical background and understands risk mitigation and technical controls.
The Director is expected to lead teams that perform technical work and must possess leadership qualities.
This position requires strong written and oral communication skills, as well as the ability to communicate detailed, technical information in a manner comprehensible by individuals at varying degrees of experience and skill level.
The role requires the ability to speak confidently in front of large groups and with corporate management, vendors, and service providers.
The Director manager also contributes to the company IT security strategy and roadmap.
Job Responsibilities and Duties
Analyzes technologies and establishes highly effective processes and protocols to ensure comprehensive protection exists to prevent unauthorized entry into the company networks and systems.
Leads the Security Operations Center (SOC)
Designs and manages processes for detection, investigation, correction of information security incidents.
Supports automation and orchestration to maximize team talent and reduce routine tasks.
Actively recruits and leads by example to create a culture where employees want to work.
Mentors security team and places a heavy emphasis on employee retention people, first.
Conducts independent verification and validation testing of the company networks and sensitive programs through internal team resources and independent consultant engagements.
Leads the team to implement secure enterprise systems and identifies issues that could compromise data integrity or security.
Develops IT security programs and recommends necessary changes to the information security team to ensure the companys systems are fully compliant with all applicable regulatory requirements and privacy laws.
Provides periodic training to company employees on information security topics.
Stays abreast of the security industry threat landscape, specifically within the companys industry.
Recognizes his/her personal developmental needs and is proactive in obtaining the coaching, networking, and training needed to ensure his/her continued success in the position.
Creates a working environment that is conducive to two-way communication, teamwork, and learning.
Recognizes the varying strengths, skills and needs of the team and adapts his/her coaching skills to obtain the best possible results from each individual contributor.
Openly supports the organization, the management team and executive leadership team, even during times of adversity.
Utilizes open communication and managerial courage to ensure the standards, expectations and goals of the organization are respected and upheld.
Acts as a change agent and drives the department and business forward using effective management, analysis, and strategic skills.
Leads security-related projects from inception to successful completion and is capable of effectively coaching technology staff on appropriate security protocols and needs as they implement new technology into the organization.
Assumes responsibility for other duties as required or assigned.
Preferred Minimum Experience
Preferably 10
years of technical hands-on security experience, with at least 3-5 years in a team leadership role.
In-depth knowledge of security standards and frameworks such as NIST, NERC CIP, TSA Pipeline, PCI, and SOX.
Knowledge of security technologies such as firewalls, intrusion detection/prevention systems, vulnerability scanners, and endpoint security.
Knowledge of risk management processes (e.
g.
, methods for assessing and mitigating risk).
Knowledge of incident response and handling methodologies.
Knowledge of enterprise incident response program, roles, and responsibilities.
Knowledge of industry-standard and organizationally accepted analysis principles and methods.
Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions.
Knowledge of system and application security threats and vulnerabilities (e.
g.
, buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language PL/SQL and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
Knowledge of system software and organizational design standards, policies, and authorized approaches (e.
g.
, International Organization for Standardization ISO guidelines) relating to system design.
Knowledge of penetration testing principles, tools, and techniques.
Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies.
Experience with cloud security and DevSecOps.
Demonstrates strong written and oral communication skills.
Demonstrates solid organizational skills and the ability to multi-task, prioritize workload and delegate responsibilities.
Demonstrates excellent judgment and the ability to make quick decisions and think outside the box when working with complex situations.
Demonstrates a high level of flexibility.
Is forward thinking and possesses business acumen.
Possesses a high level of integrity, trustworthiness, and confidence, and represents the company and its management team at the highest level of professionalism.
Demonstrates strong analytical skills and is effective at interpreting and applying applicable regulation.
Works effectively with a variety of personalities and can adapt his/her approach to effectively reach and develop his/her team.
Uses this skill as well as his/her functional knowledge to both earn and maintain a high level of credibility with the team.
Preferred Minimum Education
Bachelors degree in computer science, information assurance, Management Information Systems (MIS) or related field, or equivalent.
Preferred Certifications
CISSP, CISM, GIAC Additional Benefit - Hybrid with Remote in Houston, TX:
Two times a week with Manager approval.
Additional Calpine Information:
Equal Opportunity Employer of Minorities, Females, Protected Veterans, and Individuals with Disabilities.
Calpine is committed to Equal Employment Opportunity and providing reasonable accommodations to applicants with physical and/or mental disabilities.
If you are interested in applying for employment and need special assistance or an accommodation to use our website or to apply for a position, please send an e-mail with your request to email protected .
Determination on requests for reasonable accommodation are made on case-by-case basis.
Please view Equal Employment Opportunity Posters provided by OFCCP here (http:
//www.
dol.
gov/ofccp/regs/compliance/posters/ofccpost.
htm) Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant.
However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractors legal duty to furnish information.
41 CFR 60-1.
35(c) Recommended Skills Analytical Application Security Automation Buffers Business Informatics Certified Information Security Manager Estimated Salary: $20 to $28 per hour based on qualifications.
Its fleet of 76 power plants in operation and one under construction represents nearly 26,000 megawatts of generation capacity.
Through wholesale power operations and its retail businesses, Calpine serves customers in 22 states, Canada and Mexico.
Its clean, efficient, modern and flexible fleet uses advanced technologies to generate power in a low-carbon and environmentally responsible manner.
The company was established on the premise that a strong commitment to the environment is inextricably linked to excellence in power generation and corporate responsibility.
Since its founding in 1984, Calpine has led the power industry in its unwavering commitment to environmental stewardship.
In addition, its renewable geothermal plants use steam generated deep below the earth's surface to produce clean, renewable electricity.
Job Summary (includes but is not limited to the following; other duties may be assigned) The Information Security Director is primarily responsible for providing leadership, as well as operational and tactical direction to diverse teams, including analysts, engineers, and architects.
The Director also provides strategic direction in coordination with the Chief Security Officer (CSO) leadership team.
The Director leads the team through the information security program by establishing highly effective policies, corporate protocols, and appropriate collaboration among teams.
In addition, the Director assumes responsibility for the education and enforcement of those protocols and matters of compliance.
The Director possesses a strong technical background and understands risk mitigation and technical controls.
The Director is expected to lead teams that perform technical work and must possess leadership qualities.
This position requires strong written and oral communication skills, as well as the ability to communicate detailed, technical information in a manner comprehensible by individuals at varying degrees of experience and skill level.
The role requires the ability to speak confidently in front of large groups and with corporate management, vendors, and service providers.
The Director manager also contributes to the company IT security strategy and roadmap.
Job Responsibilities and Duties
Analyzes technologies and establishes highly effective processes and protocols to ensure comprehensive protection exists to prevent unauthorized entry into the company networks and systems.
Leads the Security Operations Center (SOC)
Designs and manages processes for detection, investigation, correction of information security incidents.
Supports automation and orchestration to maximize team talent and reduce routine tasks.
Actively recruits and leads by example to create a culture where employees want to work.
Mentors security team and places a heavy emphasis on employee retention people, first.
Conducts independent verification and validation testing of the company networks and sensitive programs through internal team resources and independent consultant engagements.
Leads the team to implement secure enterprise systems and identifies issues that could compromise data integrity or security.
Develops IT security programs and recommends necessary changes to the information security team to ensure the companys systems are fully compliant with all applicable regulatory requirements and privacy laws.
Provides periodic training to company employees on information security topics.
Stays abreast of the security industry threat landscape, specifically within the companys industry.
Recognizes his/her personal developmental needs and is proactive in obtaining the coaching, networking, and training needed to ensure his/her continued success in the position.
Creates a working environment that is conducive to two-way communication, teamwork, and learning.
Recognizes the varying strengths, skills and needs of the team and adapts his/her coaching skills to obtain the best possible results from each individual contributor.
Openly supports the organization, the management team and executive leadership team, even during times of adversity.
Utilizes open communication and managerial courage to ensure the standards, expectations and goals of the organization are respected and upheld.
Acts as a change agent and drives the department and business forward using effective management, analysis, and strategic skills.
Leads security-related projects from inception to successful completion and is capable of effectively coaching technology staff on appropriate security protocols and needs as they implement new technology into the organization.
Assumes responsibility for other duties as required or assigned.
Preferred Minimum Experience
Preferably 10
years of technical hands-on security experience, with at least 3-5 years in a team leadership role.
In-depth knowledge of security standards and frameworks such as NIST, NERC CIP, TSA Pipeline, PCI, and SOX.
Knowledge of security technologies such as firewalls, intrusion detection/prevention systems, vulnerability scanners, and endpoint security.
Knowledge of risk management processes (e.
g.
, methods for assessing and mitigating risk).
Knowledge of incident response and handling methodologies.
Knowledge of enterprise incident response program, roles, and responsibilities.
Knowledge of industry-standard and organizationally accepted analysis principles and methods.
Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions.
Knowledge of system and application security threats and vulnerabilities (e.
g.
, buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language PL/SQL and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
Knowledge of system software and organizational design standards, policies, and authorized approaches (e.
g.
, International Organization for Standardization ISO guidelines) relating to system design.
Knowledge of penetration testing principles, tools, and techniques.
Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies.
Experience with cloud security and DevSecOps.
Demonstrates strong written and oral communication skills.
Demonstrates solid organizational skills and the ability to multi-task, prioritize workload and delegate responsibilities.
Demonstrates excellent judgment and the ability to make quick decisions and think outside the box when working with complex situations.
Demonstrates a high level of flexibility.
Is forward thinking and possesses business acumen.
Possesses a high level of integrity, trustworthiness, and confidence, and represents the company and its management team at the highest level of professionalism.
Demonstrates strong analytical skills and is effective at interpreting and applying applicable regulation.
Works effectively with a variety of personalities and can adapt his/her approach to effectively reach and develop his/her team.
Uses this skill as well as his/her functional knowledge to both earn and maintain a high level of credibility with the team.
Preferred Minimum Education
Bachelors degree in computer science, information assurance, Management Information Systems (MIS) or related field, or equivalent.
Preferred Certifications
CISSP, CISM, GIAC Additional Benefit - Hybrid with Remote in Houston, TX:
Two times a week with Manager approval.
Additional Calpine Information:
Equal Opportunity Employer of Minorities, Females, Protected Veterans, and Individuals with Disabilities.
Calpine is committed to Equal Employment Opportunity and providing reasonable accommodations to applicants with physical and/or mental disabilities.
If you are interested in applying for employment and need special assistance or an accommodation to use our website or to apply for a position, please send an e-mail with your request to email protected .
Determination on requests for reasonable accommodation are made on case-by-case basis.
Please view Equal Employment Opportunity Posters provided by OFCCP here (http:
//www.
dol.
gov/ofccp/regs/compliance/posters/ofccpost.
htm) Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant.
However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractors legal duty to furnish information.
41 CFR 60-1.
35(c) Recommended Skills Analytical Application Security Automation Buffers Business Informatics Certified Information Security Manager Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
