Senior Manager, Cybersecurity and IT Systems
Location
Pennsylvania
Posted
3 days ago
Salary
$179K - $206K / year
Seniority
Senior
Job Description
Senior Manager, Cybersecurity and IT Systems
Westinghouse Electric Company
• Establish overall systems architecture vision and ensure that specific components are designed, procured, installed and used • Responsible for company level compliance and architectural standards, guidelines, policies, frameworks, and reference models • Oversee all company-level IT architecture components (e.g., data architecture, application/software architecture, technical architecture) • Establish a compliant protected information system (CUI) environment and develop a sustainable model for IT and Cybersecurity future function including company structure and relations with an external service provider • Oversee incident remediation activities to ensure compliance with WGS policies and security and nuclear industry best practices • Lead the IT and Security teams through the Cybersecurity Maturation Model Certification and C3PAO assessment including writing and reviewing WGS procedures and verifying and validating that the WGS process is within compliance • Oversee the Managed Service Provider (MSP) to ensure all company IT and cybersecurity requirements are met • Develop a framework for performing and overseeing the performance of IT risk assessments observing established company risk management policies for projects and of suppliers / vendors and within compliance requirements • Identify, recruit, develop Cybersecurity and IT staff and meet daily IT requests including installing for the WGS IT end-users • Oversee the development framework for performing technical vulnerability and penetration assessments • Maintain Main Risk Indicators, including metrics to ensure measurement of risk and threats • Conduct or oversee self-inspections and audits on WGS protected systems at least annually; document, track, and resolve corrective actions • Establish and oversee the process for capturing, assessing, decisioning, and reporting risks across the IT organization, both internally and coordinating with the overarching Westinghouse protocols • Oversee the development of the Security Controls Traceability Matrix (SCTM) to document implementation of applicable NIST 800-53 and 800-171 controls • Collaborate with the Security Team, Program Management, and MSP to address incidents, reportable events, and non-compliance findings, ensuring reporting to appropriate authorities and leadership
Job Requirements
- Bachelor's degree or equivalent experience
- Degree in Information Systems, related technical discipline
- Master's Degree preferred
- 10+ Years of information technology or systems, security, governance, risk and compliance, IT Audit, or related work experience
- We prefer CISA, CSAM, CISM CGEIT, CRISC, CISSP, or other applicable information security credentials
- Experience leading cybersecurity projects, including assessing options and subsequent procurement/roll-out
- Experience establishing main IT architecture standards, tools, best practices, and methodologies to meet our target state and help its architecture evolution and agreement across the organization
- Experience in more than one technical information systems discipline (e.g. Networking, Cloud Technology, Applications Development)
- Experience designing solution roadmaps, and system and software architecture according to business strategies and solution architecture standards/processes
- Experience leading a team towards CMMC certification or experience leading a team through cybersecurity compliance assessments and audits
- Knowledge of cloud architecture, platform and software as a service architecture and products
- Knowledge of security and control frameworks, such as ISO 27000, CobiT, NIST, COSO, NIST 800-171 and ITIL
- The company requires US Citizenship and the ability to qualify for federal security clearance
- 20% Travel expected
Benefits
- Comprehensive Medical benefits which could include medical, dental, vision, prescription coverage and Health Savings Account (HSA) with employer contributions options
- Wellness Programs designed to support employees in maintaining their health and well-being including Employee Assistance Program providing support for our employees and their household members
- 401(k) with Company Match Contributions to support employees' retirement
- Paid Vacations and Company Holidays
- Opportunities for Flexible Work Arrangements to promote work-life balance
- Educational Reimbursement and Comprehensive Career Programs to help employees grow in their careers
- Global Recognition and Service Programs to celebrate employee accomplishments and service
- Employee Referral Program
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Coordinador de Embarques
Magna InternationalFounded in 1957, Magna International is now one of the largest automotive suppliers in the world. Headquartered in Aurora, Ontario, Canada, the company maintains more than 320 manu
Job descriptions may display in multiple languages based on your language selection. What we offer:At Magna, you can expect an engaging and dynamic environment where you can help to develop industry-leading automotive technologies. We invest in our employees, providing them with the support and resources they need to succeed. As a member of our global team, you can expect exciting, varied responsibilities as well as a wide range of development prospects. Because we believe that your career path should be as unique as you are. Group Summary:Cosma provides a comprehensive range of body, chassis and engineering solutions to global customers. Through our robust product engineering, outstanding tooling capabilities and diverse process expertise, we continue to bring lightweight and innovative products to market. Job Responsibilities: Coordinar y asegurar el cumplimiento a los requerimientos de los clientes tanto de producción regular como refacciones por medio del seguimiento a los programas diarios de embarque. Asegurar la generación de la facturación información vía EDI en tiempo y de forma correcta. Dar seguimiento a las proyecciones de los requerimientos a futuro de los diferentes clientes. Ser capaz de coordinar el proceso de embarque y de asegurar la disponibilidad de equipo vacío para facilitar el traslado del producto terminado en tiempo y forma con el cliente. Ser capaz de administrar el área de embarques garantizando el cumplimiento de los procesos para dar cumplimiento a los requerimientos del cliente. ESCOLARIDAD/EDUCACIÓN: Licenciatura en Comercio Exterior / Licenciatura en Administración de empresas / Ingeniería Industrial FORMACIÓN/EXPERIENCIA: Mínima de 3 años en la Industria Automotriz en puesto similar - CONOCIMIENTOS TECNICOS: - APICS - Cadena de Suministro - Conocimiento de sistemas de embarques de los clientes - Estadística básica - Metodología de solución de problemas - Administración de almacenes - Módulos que le apliquen de SAP - Office - Procedimientos, instrucciones y formatos del área que le apliquen - SPC Básico IDIOMAS: Inglés Avanzado Awareness, Unity, Empowerment:At Magna, we believe that a diverse workforce is critical to our success. That’s why we are proud to be an equal opportunity employer. We hire on the basis of experience and qualifications, and in consideration of job requirements, regardless of, in particular, color, ancestry, religion, gender, origin, sexual orientation, age, citizenship, marital status, disability or gender identity. Magna takes the privacy of your personal information seriously. We discourage you from sending applications via email or traditional mail to comply with GDPR requirements and your local Data Privacy Law. AI-Assisted Screening DisclosureAs part of our commitment to a fair, consistent, and efficient recruitment process, we may use artificial intelligence (AI) tools to assist in the initial screening of applications submitted through our Workday system. These tools help identify qualifications and experience that align with the role requirements. Please note that AI is used solely to support our recruiters. Final decisions are always made by the hiring manager and the hiring team. Importantly, no applicant data is shared externally through these AI tools. All information remains securely within our systems and is handled in accordance with our privacy and data protection policies. Under conditions defined by applicable law, you may have the right to request an explanation of how AI is used to support decision-making.If you have any questions or concerns about this process, feel free to contact our Talent Attraction team. Worker Type: Regular / Permanent Group: Cosma International
Security Advisor I – Falcon Complete
CrowdStrikeCrowdStrike has redefined security with the world’s most advanced cloud-native platform that protects and enables the people, processes and technologies that drive modern enterprise. Tested and proven, the world's largest organizations trust CrowdStrike to stop breaches with unparalleled protection against the most sophisticated cyberattacks. The CrowdStrike culture has been built upon our Core Values since the day we began. We are Fanatical About the Customer, Relentlessly Focused on Innovation and believe that our Limitless Passion drives Unlimited Potential for every CrowdStriker. As a purpose-built remote-first company, we believe cultivating a connected culture for every employee, no matter where they are in the world, is a key ingredient in building a high-performing, diverse team. We don’t have a mission statement. We’re on a mission—to stop breaches. Ready to join a mission that matters?
• Assess customer’s Falcon environment and ensure alignment with Falcon Complete standards. • Provide Falcon Complete customers with recommendations that align to improved security. • Create and recommend remediation for components of CrowdStrike products that may lead to improved security posture. • Contact customers directly upon identification of misalignment with Falcon Complete standards. • Document, update, and resolve all customer related issues in accordance with established procedures and SLAs. • Develop and provide customers with service reports and stats as requested. • Partner with internal teams to ensure customer satisfaction. • Liaise with support team to help troubleshoot and coordinate efforts to resolve technical issues.
Security Advisor II – Falcon Complete
CrowdStrikeCrowdStrike has redefined security with the world’s most advanced cloud-native platform that protects and enables the people, processes and technologies that drive modern enterprise. Tested and proven, the world's largest organizations trust CrowdStrike to stop breaches with unparalleled protection against the most sophisticated cyberattacks. The CrowdStrike culture has been built upon our Core Values since the day we began. We are Fanatical About the Customer, Relentlessly Focused on Innovation and believe that our Limitless Passion drives Unlimited Potential for every CrowdStriker. As a purpose-built remote-first company, we believe cultivating a connected culture for every employee, no matter where they are in the world, is a key ingredient in building a high-performing, diverse team. We don’t have a mission statement. We’re on a mission—to stop breaches. Ready to join a mission that matters?
• Assess customer’s Falcon environment and ensure alignment with Falcon Complete standards. • Provide Falcon Complete customers with recommendations that align to improved security. • Create and recommend remediation for components of CrowdStrike products that may lead to improved security posture. • Contact customers directly upon identification of misalignment with Falcon Complete standards. • Document, update, and resolve all customer related issues in accordance with established procedures and SLAs. • Develop and provide customers with service reports and stats as requested. • Partner with internal teams to ensure customer satisfaction. • Liaise with support team to help troubleshoot and coordinate efforts to resolve technical issues.
Vice President, Information Security
Spring HealthPrecise. Personal. Proven. The most comprehensive mental health care for teams and families everywhere.
• Develop and execute the enterprise information security vision, strategy, and multi-year roadmap. • Serve as a trusted advisor to executive leadership and the Board on cybersecurity risks, trends, and investments. • Establish security objectives, metrics, and reporting mechanisms aligned with business priorities. • Drive a security culture across the organization that enables innovation while maintaining appropriate risk controls, including effectively communicating risks and changes in the risk landscape to leadership, the Board, and key stakeholders in clear, business-relevant terms. • Own the enterprise information security risk management program, including formal risk assessments, risk registers, and risk treatment plans. • Ensure compliance with applicable frameworks and regulations, including SOC 2, ISO 27001, HIPAA, HITRUST, PCI DSS, GDPR, and CCPA. • Oversee security audits, risk assessments, policy development, and remediation initiatives. • Manage the Business Associate Agreement (BAA) program across the customer and vendor ecosystem. • Maintain and test the enterprise Incident Response and Business Continuity programs. • Drive continuous improvement of security controls and risk management practices. • Oversee security operations, threat detection, vulnerability management, and incident response functions. • Own the security operations center (SOC) function, including SIEM strategy, threat intelligence, and endpoint detection and response. • Lead the organization's response to security incidents, including executive communication, regulatory notification obligations, and post-incident review. • Direct penetration testing, security assessments, and resilience exercises. • Partner with Engineering and Product leadership to embed security throughout the software development lifecycle (SDLC), including threat modeling, secure code review, and automated security testing. • Provide strategic direction for the design and implementation of secure enterprise and cloud infrastructure, ensuring security architecture principles are embedded in platform design, data flows, and technology decisions across the organization. • Provide security architecture review and guidance for new products, features, and third-party integrations. • Oversee vulnerability management, penetration testing, and remediation programs across the platform and infrastructure. • Build, mentor, and develop high-performing security teams. • Manage security budgets, technology investments, and vendor relationships. • Lead third-party risk management and vendor security assessment programs. • Demonstrated ability to work closely with leadership across the organization, including Engineering, Legal, Privacy, Product, Sales, IT, HR, and others, serving as a trusted partner who enables the business rather than a barrier to it. • Serve as the executive point of contact for cyber insurance underwriters, external auditors, and regulatory examiners.


