Sr Manager Cybersecurity

Electrify America is committed to revolutionizing the way people charge. As the country's largest open DC fast charging network, Electrify America is actively contributing to electrifying mobility today and building a more sustainable future.At Electrify America, we value innovation, collaboration, and a commitment to sustainability. We strive to establish a diverse and inclusive workplace where employees can develop personally and professionally. As a team member at this rapidly growing company, you can work on state-of-the-art technology and join a team making a significant impact in the world. If you're interested in joining a dynamic, innovative company, Electrify America is a place where you can learn, grow, and make a difference!Brief Role DescriptionThe Sr. Manager, Cybersecurity position will be an expert leader influencing multiple functional areas and part of the team responsible for evolving and maintaining a unified security architecture, key security controls, and processes. This role is responsible for leveraging and amplifying subject matter expertise across various security areas to ensure our security practices and controls continually improve, conform to best practices and standards, and are independently reviewed through testing and audits. The Cyber Security Manager needs to be comfortable working across multiple Information Technology disciplines and demonstrate a strong passion for Information Security.Possible Tasks within this RoleRole Responsibilities: List essential functions in order of importance; include percentage of time spent performing each function (total should equal 100%)Main responsibility – 100% of time spentEstablish and evolve unified security architecture, key security controls, and models; while being subject matter experts for various security areas, ensure our security practices and controls constantly improveLead preparation and successful completion of initial and recurring cybersecurity audits in line with the attestation and certification requirements of SOC2, ISO-27001, PCI DSS, and similar standardsProvide guidance and advice to Software Development, Cloud Engineering, Enterprise System, and other teams in relation to secure development practices at both the application level as well as the virtual infrastructure level; periodically review adherence to the guidelines and enable continuous improvement by providing feedback and further inputs to the corresponding managers and teamssecurity requirements related to cybersecurity, assess steps required to meet these requirements, and provide inputs to Product Management, Software Development, and Enterprise SoftwareCollaborate with other teams and departments to review business and regulatory security requirements and fit them with other constraints or technology limitations.Educate and mentor project team members in areas of security best practices and company security policies.Create and maintain architecture design artifacts such as diagrams and documentation.Maintain and expand knowledge of best practices and emerging trends in both general information security as well as key specialty areas such as cloud and mobile security.Establish processes and criteria to translate output of architecture assessments, penetration tests, and application security scans into actionable remediationrequirements; monitor remediation activities to ensure the timelines and priorities are in line with expectations.Provide feedback and approval for system and application designs and architectures as relates to adherence to security principles and company security policies.Integrate and collaborate with the Information Technology team for various processes such as access and identity management, vulnerability management, risk management, etc.Own, author, and update company policies related to cybersecurityLead evolution and recurring testing of the incident response program; contribute to decision-making responding to potential cyber threatsMature and evolve robust and efficient processes managing supply chain cyber security, software, and hardware component and tool approval; enhance vendor cyber risk evaluation and assessmentEstablish a continuous process for identifying potential threats and collaborating with various engineering teams to assess threat and vulnerability impactsEngage with various industry players, organizations, and interest groups to influence policymaking and standard development in relation to EV charging and e-mobilityConstantly learn about the changing cybersecurity landscape and take actions to prepare our company for the futureQualification requirementsYears of Relevant Experience: Minimum years of relevant experience needed to perform the job10+ years of experience in Information Technology Security, 5+ years of experience in Cloud and IoT cybersecurityEducation Required BS in Computer Science, Computer Engineering, Information Systems, or equivalent experienceCISSP or GIAC GSE certification Additional relevant certifications (IRMCB, CompTIA, ISACA, ICS2, etc)Training on best cybersecurity practices and regulatory requirements from a recognized industry organization (SANS Institute, NICCS, etc)Skills: General skills needed to perform the jobAbility to explain complex concepts and dependenciesAbility to lead and facilitate training and planning workshopsAbility to understand contractual and regulatory requirements related to information management and cybersecurityExperience creating standards, policies, and proceduresCreative vision and ability to influenceTime management and organizational skills, with the ability to meet tight deadlinesStrong interpersonal skillsExcellent written and oral communication, including presentation skillsSpecialized Skills: Knowledge or certifications unique to this roleRequiredExtensive experience implementing common cybersecurity control frameworks such as NIST CSF, SOC2 Type 2, ISO 27001, or similarDemonstrated experience leading preparation and successfully attaining SOC2 Type 2 attestationStrong knowledge and expertise in secure software development lifecycle, understanding of common vulnerabilities in Web, Mobile and services-based applications, understanding of cybersecurity testingStrong knowledge and practical experience with identity management, authentication and authorization standardsStrong experience with common application security concepts, such as the OWASP Top 10, and their practical implementation.Experience with vulnerability management methodologies and implementations.Solid understanding of intrusion detection and prevention solutions and techniquesExperience with multi-factor authentication, single sign-on, identity management, and related technologies.DesiredExperience implementing development processes in line with IEC-62443-4Experience with PCI DSSStrong understanding of PKI standards and best practicesExperience with audit compliance and tracking softwareUnderstanding of DevOps principles and "shift left" philosophy.Understanding of application development and secure coding techniques.Certified Cloud Security Professional (CCSP)Electrify America, LLC is an Equal Opportunity Employer. We welcome and encourage applicants from all backgrounds, and do not discriminate based on race, sex, age, disability, sexual orientation, national origin, religion, color, gender identity/expression, marital status, veteran status, or any other characteristics protected by applicable laws.This role description is a guideline and does not create contractual rights between the Company and any of its applicants. The Company does not enter into any type of employment contract, implied or written, with its applicants regarding job security.This Organization participates in E-Verify. We maintain a drug free workplace and perform pre-employment substance abuse testing.Electrify America endeavors to make www.electrifyamerica.com/careers accessible to all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact us at careers@electrifyamerica.com. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications.Salary range is dependent on factors such as geographical differentials, industry-based experience, skills, training, credentials, and other qualifications.In the state of California, the salary range is $140,600 – $321,850.In the state of Colorado, the salary range is $140,600 – $247,550.In the state of Washington, the salary range is $140,600 – $270,050.In New York City, the salary range is $201,100 – $321,850.In Westchester County, the salary range is $168,800 – $321,850.In the state of Rhode Island, the salary range is $140,600 – $247,550.