Share this Job

Vice President Chief Information Security Officer (CISO)


White Plains, NY, US


The VP Chief Information Security Officer is responsible for all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee and business information in compliance with the organization's information security policies. A key element of the CISO's role is working with executive management to determine acceptable levels of risk for the organization. This position is responsible for establishing and maintaining a corporate-wide information security management program to ensure that information assets (infrastructure/data) are adequately protected. The VP CISO is responsible to proactively communicate to NYPA’s Executive Management Committee and Board of Trustees on the progress of the cyber security vision, strategy, roadmap, and key performance indicators.

  • Advance NYPA’s cyber security vision, update the strategy for achieving the vision, and maintain and update a multi-year cyber security roadmap.
  • Communicate and promote cyber security best practices and promote awareness of the risks to NYPA stakeholders and report overall performance effectiveness, using KPIs, to the Board of Trustees and the EMC.
  • Direct and approve the design of security systems and strategies based on industry frameworks and standards (e.g. NERC CIP, NIST, ISO27001, COBIT, C2M2) for the IT and OT environments.
  • Deliver new security technology approaches and implement next generation solutions.
  • Partner with State and Federal agencies (DHS, DOE, FBI, Fusion Centers, ISACs, etc.) to share relevant actionable cyber threat information, cyber policies, and practices, and to coordinate response to incidents.
  • Manage staff, including performance management, salary administration, succession planning and workload balancing.
  • Manage the cyber security budgets (OPEX and CAPEX).
  • Ensure that disaster recovery and business continuity plans are in place and tested.
  • Review and approve security policies, controls and cyber incident response planning.
  • Review investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities.
  • Maintain an understanding of the cyber threat landscape for the industry.
  • Ensure compliance with the changing laws and applicable regulations.
Knowledge, Skills and Abilities
  • Digital leadership skills-capable of empowering and leading an cyber security team to meet business and cyber security goals.
  • Solid people management skills – providing direction, monitoring performance, motivating staff and building a positive working environment.
  • Ability to adapt to a fast-moving cyber security landscape and keep pace with latest thinking and new security technologies.
  • A passion for technology and security safeguarding with a desire to deliver.
  • Thrive on change, showing an impressive ability to drive the cyber security strategy forward.
  • Analytical mind capable of managing numerous information sources and providing data analysis reports to senior management.
  • Strong customer focus – able to meet the demands of internal and external customers.
  • Excellent communication skills – providing verbal and written communication that is outstanding to both direct reports and senior management as well as other stakeholders.
  • Flexible and adaptable – capable of changing direction where required and showing flexibility to meet new demands.
  • Forms business partnerships (internally/externally) that help drive the cyber security strategy forward.
  • Make decisions that are well informed and timely.
  • Creative thinking – able to look at alternatives and consider new ways of thinking to problem solve.
  • Multi-tasking – can manage several concurrent projects and prioritize demands.
Education, Experience and Certifications
  • Advanced degree in technology (computer science/engineering or related field) preferred
  • Ability to obtain federal security clearance
  • Bachelor of Science Degree in Engineering Technology, Computer Science, or equivalent. Advanced degree preferred.
  • 10+ years of progressive leadership experience.
  • 8-10 years of required experience in computing and information security, including experience with Internet technologies and security issues on a State and Federal level.
  • Formal certification in Information Security Management: CompTIA Security+, CISSP, CISM, CISA, and/or CEH preferred.
  • Cyber security experience in the energy industry preferred.
Physical Requirements
  • Approximately 10% travel within NY State, and to external states and localities based on business need.

The New York Power Authority is an Equal Opportunity Employer

New York is Powered by You

We are a team of over 1,900 energy technologists, IT specialists, business experts, hydro engineers, and other professionals leading the energy revolution. With state-of-the-art technology, advanced R&D, and a modernized infrastructure, we provide New Yorkers with low-cost, clean, reliable power — and we are well on the way to becoming the first fully digital utility in the country. At NYPA, you will be empowered to think big, do good, and transform the energy industry.

NYPA on Forbes "Best of" - again!

NYPA is ranked by Forbes as one of America's Best Midsize Employers 2019 - for the second year in a row. Browse today and apply...