Information Security Director jobs in Houston, TX

Overview

Company Overview

Pattern Energy is a leading renewable energy company that develops, constructs, owns, and operates high-quality wind and solar generation, transmission, and energy storage facilities. Our mission is to transition the world to renewable energy through the sustainable development and responsible operation of facilities with respect for the environment, communities, and cultures where we have a presence. 

Our approach begins and ends with establishing trust, accountability, and transparency. Our company values of creative spirit, pride of ownership, follow-through, and a team-first attitude drive us to pursue our mission every day. Our culture supports our values by fostering innovative and critical thinking and a deep belief in living up to our promises.  

Headquartered in the United States, Pattern has a global portfolio of more than 35 power facilities and transmission assets, serving various customers that provide low-cost clean energy to millions of consumers.

Responsibilities

Job Purpose

The Sr. Director of Information Security will be responsible for assessing the adequacy and performance of existing security controls, developing and executing a multi-year roadmap to enhance controls and mitigate cyber security enterprise risk as the company scale and grows. The Sr. Director will also be responsible for security operations (including monitoring, investigations, and incident response), security awareness program (e.g. training, awareness campaigns), and cyber risk assessments (e.g. penetration testing and vendor risk management). In this role you will collaborate with Enterprise Technology teams: Infrastructure & Operations, Data Architecture, Business Applications to ensure appropriate technology and process controls are fully integrated into the enterprise environment and operating effectively, as well as with operational excellence and asset regulatory leaders to assess and mitigate asset infrastructure (OT) specific risks aligned to NERC/SIP compliance.

This role will own the overall framework and process for IT risk management, including information security, regulatory compliance, and operational continuity risks. However, colleagues in Enterprise Technology and Operational Excellence will have responsibility for some of the individual risks and associated controls defined in that framework.

Key contacts

Key internal relationships will include the following departments: Enterprise Technology, Operational Excellence, Regulatory, Legal, HR, Compliance.  The incumbent can expect to have substantial interaction with the CFO and the Chief Compliance Officer and provide reporting to the Executive team and Audit Committee.

Key Accountabilities

The following reflects management’s definition of essential functions for this job but does not restrict the tasks that may be assigned.  Management may assign or reassign duties and responsibilities to this job at any time due to reasonable accommodation or other reasons:

• Use the recently conducted security risk & maturity assessment to develop a multi-year roadmap to enhance security controls and reduce risk, and execute against that roadmap - i.e. select, configure, and support enterprise cyber security solutions and associated processes and policies.
• Develop and manage a model for security operations including building/updating security policies monitoring, investigations, penetration testing and incident response management.
• Drive security awareness across the organization through communications, training, phishing simulations
• Contributes to the maintenance of the enterprise’s Business Continuity Plan and Disaster Recovery Plan for IT and OT
• Design and implement a framework, process and policies for IT risk management including information security, regulatory compliance, and operational continuity risks. Continue improving and operationalize the Incident response plan for both corporate and Operational infrastructure.
• Collaborate with IT business partners to identify and mitigate information security risks in key functional areas such as External Affairs (ESG), HR, Operations, Engineering & Construction, Development.
• Manage the internal team and external resources to design and deliver effective solutions (people process technology) and to seamlessly support those solutions.
• Leverage data and metrics to understand performance trends, enable insights, and promote a proactive approach to security and continuous improvement through KPI development and management.
• Contribute to the development and execution of the strategy to evolve the overall IT operating model, including new structure, processes, and ways of working.
• Recruit, lead, direct, develop, coach and evaluate direct reports.
• Ensure compliance with internal processes and standards to support compliance with relevant regulations (e.g. NERC, SIP, SOX, privacy).

Qualifications

Experience/Qualifications/Education Required

Educational Requirements

Undergraduate degree in Computer Science or related engineering discipline and at least 10 years of progressive information security experience in a similar role, of which at least 5 years of the experience is in a leadership/people management capacity. Holding relevant security certifications ideal (CISSP, CRISC, CISA).

Required Work Experience

• Deep technical knowledge of common information security solutions and vendors including recent hands-on experience with the Microsoft security suite and other infrastructure technologies
• Working knowledge of common industry frameworks and security standards for both IT and OT security management (NIST CSF, ISO 27001, NERC, SIP).
• Utility & Energy Generation industry experience a big plus
• Practical experience securing industrial control systems (i.e. SCADA and EMS)
• Experience with public cloud platforms such as Amazon AWS, Microsoft Azure, or Google Cloud Platform
• Understanding of computer networking concepts and protocols, and network security methodologies, including working knowledge of firewall, router, and switch configuration
• Experience managing security operation teams, with a track record of ensuring seamless collaboration between internal and external resources.
• Excellent written and verbal communication skills with the ability to explain highly technical information in a concise and effective manner to an audience of varying technical aptitude and to sr. leaders of the company.
• Demonstrated judgment in balancing risk mitigation and operational effectiveness - i.e. maintaining reasonable security while preserving agility and usability.
• Strong sense of urgency to assess impact of security events, mobilize & influence resources from multiple departments and effectively communicate across leadership levels.
• Strong interpersonal skills and a collaborative mindset.
• Effective problem solving, with an emphasis on diagnosing and resolving root causes, and on building and supporting robust solutions.
• Data-driven approach to managing performance and driving continuous improvement.
• Ability to work independently, as a team member, and across the organization with colleagues at any level in a fast-paced environment.

The expected starting pay range for this role is $160,000 - $217,000 USD. This range is an estimate and base pay may be above or below the ranges based on several factors including but not limited to location, work experience, certifications, and education. In addition to base pay, Pattern’s compensation program includes a bonus structure for full-time employees of all levels. We also provide a comprehensive benefits package which includes medical, dental, vision, short and long-term disability, life insurance, voluntary benefits, family care benefits, employee assistance program, paid time off and bonding leave, paid holidays, 401(k)/RRSP retirement savings plan with employer contribution, and employee referral bonuses.

Pattern Energy Group is an Equal Opportunity Employer.#LI-AT1 #LI-Hybrid