Department Manager - Information Security - Red Team

Job Info

Aug 24, 2023


Posting Expiration Date: Sep 25, 2023

Schedule Type: Full-Time

Minimum Salary: $160000

Maximum Salary: $200000

Organization: IT Engineering & Operations

Department: Information Security

Section: IT ENG Information Security

Location: NY-New York-4 Irving Pl Headquarters

Job Description

Mission Statement

  • Consolidated Edison Company of New York, Inc. (Con Edison), Orange & Rockland Utilities (O&R), and Consolidated Edison Transmission (CET) employees are required to follow health, safety, and environmental policies, EEO, Standards of Business Conduct, and all other applicable company policy and procedures. We all share a responsibility to advance the company’s mission by excelling at our three corporate priorities – safety of our people and the public, operational excellence in all that we do, and ensuring the best possible customer experience.

Core Responsibilities

  • The Department Manager will design, build and lead a Cyber Threat Emulation and Red Team. This Team will have the responsibility for creating a program to proactively identify, test, and drive mitigation efforts to reduce potential cyber-attacks. These services include, but are not limited to, Red and Purple Teaming, Penetration Testing, proactive Ethical Hacking of Con Edison applications and infrastructure. This role will be responsible for the creation and management of a dedicated core team of cyber security experts responsible for coordinating and interfacing with other internal teams, as well as working with external consultative and outsourced services teams. The Systems Manager will function as the primary subject matter expert, responsible for development, implementation, and maintenance of any needed policies, standards, operational processes and playbooks, and tools related to the implementation of the above services.
  • Effectively build and lead an expert team that supports multiple Threat Emulation and Red Team services and initiatives across the Enterprise (in both IT and OT environments).
  • Develop and implement a Roadmap to define short- and long-term strategies as well as detailed activities for the team.
  • Work with other departments to Identify key performance gaps and focus areas, develop performance benchmarks, select, recommend and manage related cyber security projects, technologies, and vendors to ensure that service delivery and support meet performance and business objectives.
  • Manage and provide effective communications as they relate to associated initiatives.
  • Understand and adhere to the regulatory and compliance requirements that impact business operations.
  • Anticipate trends, situations, and/or changing threat landscape conditions and coordinate with the broader cyber security and infrastructure teams to take appropriate actions on both an immediate need and planned regularly scheduled cadence as needed.
  • Perform other related tasks and assignments as required.

Required Education/Experience

  • Bachelor's Degree preferably in Information Technology, Computer Science, Math, Engineering or Cybersecurity, Forensics, business-related discipline preferred. and 12 years in Information Security Three (3) or more years management experience building and leading a team that is responsible for the design, deployment, and operationalizing of a Threat Emulation and Red Team program.

Relevant Work Experience

  • Minimum twelve years in Information Security. Required
  • Three (3) or more years management experience building and leading a team that is responsible for the design, deployment, and operationalizing of a Threat Emulation and Red Team program. Required
  • Strong understanding of cybersecurity principles. Required
  • Strong service oriented, collaborative attitude with both peers and internal customers. Required
  • Experience and proficiency in developing and running day-to-day operations for mature Red, and Purple Team capabilities. Required
  • Experience and proficiency in scheduling coordinating and reporting Compromise Assessment and Penetration Testing internal and external engagements. Required
  • Cyber security experience and proficiency in cloud, API's, infrastructure layers, hardware, OS, virtualization, storage, network, database and other related systems and technologies, information security risk and vulnerability remediation, reverse engineering, automation and scripting, network monitoring, malware protection and analysis, intrusion detection and SIEM systems. Required
  • Must be able to communicate designs and give persuasive presentations. Must be able to interact with all levels of management and communicate technical concepts to a non-technical audience. Required
  • Experience and proficiency in developing effective and innovative Ethical Hacking capabilities. Required
  • Must be flexible and able to work off-hours as required to support deployments, resolve production problems or respond to corporate emergencies. Required
  • Strong working knowledge of various Threat Emulation and Red Team disciplines and services in the Utility industry (both IT and OT), related current and emerging technologies. Preferred
  • Strong professional relationships with other cyber security professionals and members of the Intelligence Community. Preferred

Skills & Ability

  • Strong written and verbal communication skills
  • Excellent collaboration and team building skills
  • Ability to inspire and develop staff
  • Ability to lead/manage others
  • Builds and manages effective teams
  • Effective leadership skills
  • Instills commitment to organizational goals
  • Ability to drive multiple projects to successful completion
  • Ability to work within tight timeframes and meet strict deadlines
  • Possesses strong technical aptitude
  • Must be proficient in Microsoft Office including Word, Excel, Outlook and PowerPoint, etc.
  • Demonstrates excellent judgment and decision making skills
  • Ability to represent the company with external constituents
  • Possesses flexibility to work in a fast paced, dynamic environment

Licenses & Certifications

  • Driver's License Required
  • Other: CISSP, CISM, CISA, CRISC, CEH certification(s) preferred. Preferred

Physical Demands

  • Must push, pull, lift up to 25 pounds
  • Must sit or stand to answer a phone for entire shift
  • Must sit or stand to use a keyboard, mouse, and computer for entire shift
  • Must be able to read small print and symbols.

Other Physical Demands

  • Must be able to respond to Company emergencies by performing a System Emergency Assignment to restore service to our customers.
  • Must be able and willing to travel within Company service territory, as needed

Technical Difficulty Statement

Equal Opportunity Employer

  • Consolidated Edison Company of New York, Inc. (Con Edison), Orange & Rockland Utilities (O&R), and Consolidated Edison Transmission (CET) are equal opportunity employers. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of the individual’s actual or perceived disability, protected veteran status, race, color, creed, religion, sex, age, national origin, gender, gender identity, gender expression, genetic information, marital status, sexual orientation, citizenship, domestic violence victim status, or any other actual or perceived status protected by law.