Exelon Mgr Cyber Sec Vul Det & Mgmt in Mays Landing, New Jersey
At Exelon, we've got a place for you! Join the nation's leading competitive energy provider, with one of the largest electricity generation portfolios and retail customer bases in the country. You will be part of a family of companies that strives for the highest standards of power generation, competitive energy sales, and energy delivery. Our team of outstanding professionals is focused on performance, thought leadership, innovation, and the power of ideas that come from a diverse and inclusive workforce. Exelon will provide you the tools and resources you need to design, build and enhance a successful career. We are also dedicated to motivating the success of our employees through competitive base salary, incentives, and health and retirement benefits. Join Exelon and share your passion at a forward-thinking Fortune 100 company. Establish yourself in a place where you can truly shine and create a brighter, more sustainable tomorrow. Energize your career at Exelon! PRIMARY PURPOSE OF POSITION
The Cyber Security Vulnerability Detection and Management Manager is responsible for supporting the architecture, implementation, and ongoing maintenance of the Cyber Security Vulnerability Detection and Management program, ensuring the confidentiality, integrity, and availability of all corporate assets. This role is responsible for the design and operation of cyber security vulnerability solutions to ensure these solutions are implemented in accordance with industry standards, best practices, and Exelon Management Model governance. This role is required to participate in the creation of and/or maintenance of policies, standards, baselines, guidelines, and procedures, as well as conduct risk and vulnerability assessments on a large array of IT/OT systems. This position requires active communication with development teams, infrastructure teams, and business areas supporting assessment requirements for core business functions, and will manage a geographically diverse team. This position also leads, coordinates, communicates, integrates, and is accountable for the overall success of the Cyber Vulnerability Detection and Management program.
PRIMARY DUTIES AND ACCOUNTABILITIES
Lead a geographically diverse team providing direction, management oversight, performance appraisals, and mentoring, career development; promote diversity and teamwork with other Security groups. Perform vendor management of associated Cyber Vulnerability platforms and solutions. May require travel up to 10%.
Develop and maintain annual vulnerability assessment schedule through interaction with business units, project management, emergent assessments and inclusion of business critical applications requiring predefined assessment requirements. Support and maintain a remediation tracking solution, enforcing accountability through final resolution. Ensure plans of actions and milestones or remediation plans are in place for vulnerabilities identified during vulnerability assessments. Management of Security Patch Management and Vulnerability Management processes and enforcement. Measure the effectiveness of the enterprise's cybersecurity safeguards to ensure they provide the intended level of protection.
Manage Vulnerability Threat and Industrial Control Systems notifications of emergent vulnerabilities ensuring remediation tracking.
Oversee supporting security related functions, processes, and engagement to include Firewall risk assessment and Data Loss Prevention. Maintain monthly reporting to senior Security management and Business Units for all Vulnerability Management responsibilities.
Lead and manage NERC CIP vulnerability assessment program and requirements that include active or paper based assessments, project management, adherence to reporting standards, enforcement of security compliance standards and remediation tracking.
Establish, maintain, and enhance relationships with business and IT partners. Communicate status to
Key stakeholders on a regular basis.
Bachelor’s Degree in Computer Science, Information Technology (IT), Security Management or a related discipline, and typically 8 or more years of experience in cyber security, vulnerability management or equivalent combination of education and work experience.
Graduate degree in cyber security or related area of expertise.
Relevant security certifications (CISSP, CISM or CISA; CEH or GIAC)
Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins
Knowledge of system life cycle management principles, including software security and usability
Knowledge of new and emerging information technology (IT) and cybersecurity technologies
Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth)
Knowledge of host/network access control mechanisms (e.g., access control list)
Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services
Knowledge of penetration testing principles, tools, and techniques
Knowledge of system and application security threats and vulnerabilities
Knowledge of resource management principles and techniques
Knowledge of information security program management and project management principles and techniques
Knowledge of cyber threats and vulnerabilities.
Demonstrated experienced in Vulnerability Management processes including remediation tracking and resolution
Demonstrated experience managing vulnerability assessment schedules that span across all business units, functions, and platforms
Demonstrated experience with standard security tools that include, but are not limited to, Nessus, Rapid7, Qualys, Metasploit, and Nipper
Demonstrated experience managing Security Patch Management engagements with support teams, developing risk evaluation, remediation planning, and validation
Demonstrated experience managing recurring vulnerability identification processes through scanning, notification, assisting with remediation requirements and validation
Experience managing firewall risk evaluation, providing support and describing alternatives to reduce risk exposure
Demonstrated experience managing Vulnerability Threat notification and analysis process, including daily reviews of emergent vulnerability threats that have an impact on the Exelon environment
Demonstrated experience supporting emergent threat intelligence through the use of security scanning tools, determining applicability and impact on the infrastructure
Experience managing Data Loss Prevention (DLP) policies, DLP incident resolution, providing support for Legal investigatory requests, providing monthly metrics reporting
Experience managing budget development and forecasting
Enforcement of change management techniques associated with Cyber Security Vulnerability Management enhancements
Managing approvals of changes affecting NERC CIP infrastructure
Demonstrated leadership ability
Excellent oral/written communication skills and the proven ability to work effectively with all levels of IT and business management
The Cyber Security Vulnerability Detection and Management Manager role provides direction and oversight to enterprise infrastructure and assets applying security best standards for remediation of known vulnerabilities. Deliverables for this role will be focused on identification, communication, and remediation of identified cyber security vulnerabilities. The Cyber Security Vulnerability Detection and Management Manager will provide project management, resources, and support of annual NERC CIP compliance requirements and manage the annual NERC CIP assessments. This role requires collaboration across the entire enterprise/business units to support remediation efforts. Support of the firewall risk based assessments is a key component of this role providing guidance on minimizing risk. This role requires close integration with other internal security teams.
Exelon is proud to be an equal opportunity employer and employees or applicants will receive consideration for employment without regard to: age, color, disability, gender, national origin, race, religion, sexual orientation, gender identity, protected veteran status, or any other classification protected by federal, state, or local law. VEVRAA Federal Contractor
EEO is the Law Poster (https://www.eeoc.gov/employers/upload/eeoc_self_print_poster.pdf)