Essential Utilities Corporation - Bryn Mawr, PA
posted 25 days ago
Full-time - Senior
Remote - Bryn Mawr, PA
Construction of Buildings
About the position
The Information Security Director at Essential Utilities will lead and manage the Information Security, Cybersecurity, Technology Risk Management, and Compliance efforts across IT and Operational Technology. This role is crucial for ensuring the organization can innovate while effectively managing cyber risks and complying with regulatory requirements. The director will collaborate with various stakeholders to develop and implement security programs, governance, and policies.
Responsibilities
- Function as the strategic leader for Information Security, Cybersecurity, Compliance, and Privacy.
- Direct and provide a strategic risk management vision to secure the business while supporting innovation.
- Develop multi-year strategic roadmaps addressing the threat and compliance landscapes for IT and OT/ICS/SCADA.
- Ensure alignment with regulatory compliance obligations and emerging cybersecurity standards.
- Foster an enterprise-wide culture of security awareness for both IT and OT.
- Oversee and manage teams for Security Operations & Engineering, Governance Risk and Compliance (GRC), Identity & Access Management, and SAP Security.
- Ensure continuous improvement of capabilities for vulnerability management, threat management, and incident response.
- Engage with regulators and industry groups on cybersecurity topics related to critical infrastructure.
Requirements
- Minimum of 10 years in a leadership role in technology, with at least 5 years in Information Security programs and strategy management.
- Bachelor's degree in Computer Science, Engineering, Information Sciences & Technology, Information Assurance, or related field.
- Certifications: CISSP and CISM strongly preferred; other advanced certifications (e.g., GCIH, CRISC, GRID, GICSP, CISA, ISSMP/ISSEP/ISSAP) considered a plus.
- Expert in cyber risk management with qualitative and quantitative approaches.
- Experience leveraging security frameworks, guidance, and best practices including NIST CSF, CIS Critical Security Controls, CIS Benchmarks.
- Expert level knowledge of security technologies including Threat Intelligence, Security Operations Centers, SIEM, Firewall Engineering, Network Security, Authentication, EDR/Anti-Malware, Encryption, PKI, Forensics, Intrusion Detection and Prevention.
Nice-to-haves
- Experience with critical industrial operations including SCADA/ICS, with utilities industry experience preferred.
Benefits
- Paid holidays
- Relocation assistance
- Health insurance
- Dental insurance
- 401(k)
- Tuition reimbursement
- Paid time off
- Employee assistance program
- Vision insurance
- 401(k) matching
- Life insurance
