Senior Cybersecurity Program Development Manager

Senior Cybersecurity Practice

Doosan GridTech® delivers innovative control and optimization software and services to developers and electric utilities, helping them turn distributed energy resources such as energy storage and solar PV into valuable contributors to grid reliability and economics for our customers. We aim to be the global leader in delivering technology solutions for the emerging digital, distributed grid, a critical component of the world’s clean energy future.

Doosan GridTech™ currently has an outstanding career opportunity for an experienced Senior Cybersecurity Program Development Manager to join our growing North American team. The Senior Cybersecurity Program Development Manager directly collaborates with Product Management, Engineering, Software, Commissioning, and Marketing Teams. The incumbent will leverage a full spectrum of knowledge of Cybersecurity Strategies and Technologies, Risk Assessments, Security Operations and Incident Response, and Regulatory Frameworks and Requirements to effectively devise, implement, orchestrate, and maintain the GridTech Cybersecurity Governance, Risk & Compliance Management (GRC) and Staff Cybersecurity Training Programs. The incumbent will proactively espouse NIST Cyber Security Framework (CSF), North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP), and ISO/IEC 27001 frameworks and requirements in response to federal and state regulatory agencies (e.g., NERC, FERC) and industry best practices (e.g. C2M2, NIST) as applied to critical energy infrastructure and control solutions. The incumbent will create, document, and maintain policies and procedures covering Cybersecurity Supply Chain Risk Management (C-SCRM), Information Security Management Systems (ISMS), Threat, Vulnerability and Risk Assessment (TVRA), Security Information and Event Management (SIEM) and drive DevSecOps Solutions and Tier 4 compliance across the six Core Functions within CSF.

Responsibilities

• Provide subject matter expertise for NERC-CIP, FERC, NIST, ISO27001 regulations and standards and utility industry cybersecurity and threat mitigation best practices.
• Collaborate with teams across Doosan GridTech to develop and integrate security requirements, compliance, and governance into sales, supply chain, product development, and threat assessment and mitigation practices.
• Act as principal point of contact for customer and vendor cybersecurity compliance and regulatory inquiries, and internal and external audits.
• Perform benchmark threat and risk assessment and address control gaps.
• Establish and manage product and system penetration and vulnerability testing program.
• Devise and own implementation and enforcement of standards, policies, and controls governing energy resource technologies and systems design, integration, and operations, including EMS, PCS, RTU, SCADA, HMI, and network communications and protocols.
• Own product and system Operational Continuity and Disaster Recovery Plans.
• Develop and own cybersecurity training program and promote a culture of security and DevSecOps.
• Own GridTech 2 year strategic and tactical roadmap for Critical Infrastructure Cybersecurity Regulatory Compliance Program.

Qualifications

• 5 years of experience in Cybersecurity for Critical Infrastructure Systems.
• Bachelors in cybersecurity engineering or related discipline.
• 5 years of experience in Industrial or Utility Operational Technology or Field Operations.

Required

• Bachelor’s degree in cybersecurity engineering or related discipline.
• Deep experience with Critical Infrastructure Security with Application Security as a primary focus.
• Experience with power industry controls systems and software operations and compliance.
• Experience defining strategic and tactical plans for complex technical programs.
• Pragmatic experience with ISO/IEC 27001, NIST CSF, or NERC CIP frameworks.
• Pragmatic experience in cyber risk and threat assessment and mitigation.
• GICSP, CISSO, CISSP, CISM, CISA, CRISC, or equivalent certifications.
• PMP, PMI or equivalent certifications.
• Strong technical and non-technical communication skills.
• Ability to apply strategic thinking with a focus on business value.
• Ability to influence business practices and outcomes across a multi-disciplinary business and technical cohort.

Desired

• Experience managing internal/external cybersecurity or industry regulatory audits.
• Experience with security technologies and threat analysis and mitigation for industrial digital products.
• Experience with operational technologies such as SCADA systems, HMIs, RTUs, various IEDs, network communications, or supporting services.
• Master’s degree in cybersecurity engineering or related discipline.

About Doosan GridTech

At Doosan GridTech, we believe that enduring economic growth and environmental healing starts with a resilient, low-carbon power grid. We are a multi-disciplined team of power system engineers, software developers, and turnkey energy storage specialists. We help utility-scale power producers evaluate, procure, integrate, control, and optimize energy storage, solar power, and other renewable power resources. Our battery storage experts in Seattle, Melbourne, and Seoul have designed and built dozens of installations in the Americas and Asian-Pacific regions – representing nearly 1GWh of capacity.

Our parent company, Doosan Enerbility, is a multibillion-dollar global conglomerate that serves power and industrial markets.

We offer a collaborative work environment, competitive salary, health benefits, and a 401(K) plan. In addition, we are an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including gender identity, sexual orientation, and pregnancy), national origin, age (40 or older), disability, or genetic information.