Sr. Director, IT Security Operations & Deputy CISO

Power the Future of New York

At the New York Power Authority, we’re not just part of the energy landscape—we’re leading the charge toward a carbon‑free, resilient, and economically vibrant New York. Our work keeps the state moving, innovating, and thriving.

Summary

The Sr. Director, Security Operations & Deputy CISO leads the development of a multi‑year security strategy while influencing cross‑functional stakeholders and ensuring alignment with NYPA’s risk appetite and business objectives. This role ensures the confidentiality, integrity, and availability of NYPA’s information assets by implementing security controls, policies, and standards, while overseeing detection and response to cybersecurity threats. The position plays a key part in shaping multi‑year security strategies aligned with organizational risk appetite, IT/business goals, regulatory requirements, and evolving threat trends.

This role requires an experienced leader who can communicate complex technical concepts clearly to both technical teams and senior executives, fostering understanding and buy‑in across the organization. The Sr. Director serves as a trusted escalation point during security incidents, demonstrating sound judgment, composure under pressure, and the ability to guide diverse teams toward effective resolutions.

Success in this position hinges not only on deep security expertise but also on strong interpersonal skills, strategic thinking, and the ability to build relationships that drive collaboration and organizational impact.

#LI-JP1

Responsibilities

• In collaboration with the CISO and other leadership, develop and maintain a multi-year strategy for the assigned area of responsibility aligned with NYPA’s risk appetite, IT & business strategies, threat trends and regulatory requirements.
• Oversee the development of information security capabilities and services, including the development of service line strategies, policies & standards, program & project portfolios and recommended staffing and delivery options. 
• Guide and oversee the development of performance metrics and dashboards to monitor and control service performance and/or demonstrate business value.
• Prepare & deliver reports and presentations to senior management covering service performance, security threats and incidents and service enhancements.
• Coordinate efforts across Business Units, including network and telecommunications engineering and infrastructure, application services, HR, Legal and other groups to identify and address information security concerns within NYPA’s risk appetite.
• Act as an escalation point for security incident response or service delivery concerns.
• Perform financial oversight including the preparation and management of project and operational budgets.
• Manage employees including performance management, salary administration, succession planning and workload balancing.  Identify and recommend solutions to modify staff to meet NYPA needs.
• Measure and monitor cost, schedule, and performance including security metrics (KRI/KPI) of the security program.

Knowledge, Skills and Abilities

• Proven ability to lead and develop a team in a fast-paced technical environment.
• Strong knowledge of one or more security frameworks.
• Proven ability to effectively communicate complex concepts to both technical and non-technical audiences at all levels of the organization.
• Strong knowledge of current and emerging enterprise IT technologies and services
• Business savvy to be able to translate and effectively communicate security concerns in business terms.
• Forward-looking, out of the box thinker able to challenge the status-quo to deliver innovative security strategies and services.
• Ability to respond to Cyber Security alerts and communicate during off hours is required.

Education, Experience and Certifications

• Bachelor’s degree required.
• Master of Business Administration degree or equivalent experience demonstrating business acumen desired.
• Minimum 10 years of related experience, or an equivalent combination of training and experience preferred.
• Minimum 3 years of experience managing employees / leading a team preferred
• Previous senior management experience.
• Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) is preferred.

Physical Requirements

• Up to 10% travel primarily within NY State. 
• Ability to lift to 20 pounds for racking of equipment.