3+ years of actual security testing experience or strong knowledge of security standards like NIST 800-53.5+ years PM experienceMust have Utility experience.
Responsible for managing complex and high risks projects.Oversees project budgets and schedules.Manage day-to-day aspects of project scope.Minimizes project risk.Creates and manages project work plans and work breakdown structures.Position Summary Companys is looking to fill an important leadership role in our Advanced Grid Information Security (AGIS) Initiative.This role is the Advanced Meter Infrastructure (AMI) Security Test Lead.The lead is responsible for the testing deliverables (mapping security test strategies into security test plans and test scripts) in support of cyber security requirements for electricity distribution management and electric metering systems operating over a wireless mesh network.The individual in this role is responsible for communication and alignment between the AGIS Security Test Team and the Enterprise Security Services Strategy and Technology Delivery Teams.This role requires technical knowledge of testing best practices with an emphasis on security, the application of testing methodology in full end to end scenarios, and drafting and socializing testing deliverables among project, business, technology and security stakeholders.
Provide oversight and strategy for end-to-end security testing across all the AGIS program areas, ensuring scope, schedule and governance requirements are metDefine, refine and lead efforts to develop AGIS Security testing strategy and plans.Development and execution of the AMI Security Test Plans.Work independently and with security architects, business users, and developers to create and execute security test plans.Review and drive disposition of testing deficiencies.Track and report security test results.Utilize security framework (based on security standards such as NISTIR 7628, ISA 62443-3-3, and NIST 800-53) to test pertinent security requirements.
Minimum 5 years work experience in test development, design, and execution for a complex integrated enterprise solution with an emphasis on security.Excellent project management skills with an action oriented, can do attitude.Demonstrated ability to influence others and adapt to change quickly.Strong communication and organization skills.Awareness of project planning and business need justification process and methodology.Fundamental understanding of cyber security testing and standards like NISTIR, ISA etc.
Additional Preferred Requirements:
Understanding of cyber security disciplines such as security requirements testing, vulnerability management, identity and access management, information risk management, encryption, logging/monitoring, networking, architecture, security operations, and wireless communications.Utility, defence, telecommunications or aircraft/space testing experience.Understanding of - and ability to - apply cyber security frameworks such as NISTIR 7628, ISA 62443-3-3, NIST 800-53, and/or OT equivalent.Understand, negotiate and communicate complex security test requirements in a timely, concise and objective manner.Experience with Rational software preferred.Some travel may be required. The types of experience that are relevant are: testing NIST 800-53-based controls within the context of regulatory compliance (PCI, NERC CIP, Sarbanes-Oxley), or per a companys internal security requirements.Controls families include Access, Encryption, Logging and Monitoring, Asset and Configuration Management.