Westwood, MA
11 days ago
Senior Business Information Security Officer (Hybrid)

Senior Business Information Security Officer (Hybrid)

This is a hybrid role. The first three months are fulltime in the office.

Our Team
Manage the security activities and people associated with multiple projects and collaborate across both business and technical domains in the architecture function to execute critical initiatives of the function. Expertise is applied cross-functionally to drive the ideation, adoption, and implementation of technical methods within various teams and aid the firm in remaining at the forefront of industry trends, best practices, and technological advances in cybersecurity.

Essential Functions: 

Serves as the Cyber Security point of contact and the primary interface on all initiatives in the business line working directly with the Director or Vice President for that business line. Cultivate security culture with your product technology and business colleagues. Build a vision around the next level of security maturity for the line of business. with inputs from the security organization and work with Product Line Managers, and Engineering Leaders to deliver on that idea. This vision must enable business outcomes and continuously raise the security bar and not one or the other. Know your business line across its breadth and depth. Be fluent in your business lines strategy and roadmap as well as its key investment programs. Identify unfamiliar technology components, capabilities, and business concepts and be self-motivated to learn all about them, applying critical thinking to identify hidden issues along the way. Serve as a product security thought leader. Learn from your business line and cybersecurity teams and share best practice in both directions. Be recognized in your business line as the clear point of escalation and subject matter expert for IT Risk and Cyber domains. Serve as a cyber risk advisor to the leadership team and help prioritize initiatives with the greatest ROI. Act with urgency managing emerging issues. Proactively monitor Key Risk Indicators to ensure issues are identified, quantified, communicated, and managed in a timely manner, including recommendations for resolution, and identifying the root cause/key themes. Enable and partner with application architects and engineering leaders to design secure, scalable, and resilient applications. Leads multiple cybersecurity architecture and process implementations across business line to achieve security architecture objectives. Provides leadership and high-level direction to teams while frequently overseeing employee populations across multiple platforms and lines of business. Acts as the primary interface with senior leaders, stakeholders, and executives to drive consensus across competing cyber security objectives. Identifies and manages cross-project risks and issues through the development and execution of alternatives and mitigation strategies. Influences and coordinates resource reallocations to assure project and portfolio success. 

Technical Knowledge/Skill/Education/Licenses/Certifications:

Technical Knowledge/Skill:

Exhibits an exceptional degree of ingenuity, creativity and/or resourcefulness.  Applies extensive organizational and/or project management expertise and has full knowledge of other related disciplines.  Experience with documenting existing procedures, and in the analysis of security processes.  May be viewed as expert within a given field. Formal training or certification on software engineering concepts and 5+ years applied experience. Experience running teams of architects that design cybersecurity solutions operations on cloud-based platforms and applications. Hands-on practical experience delivering enterprise level planning, design, and implementation of enterprise-level security solutions and controls related to: Secure Software Development Life Cycle (SSDLC) (e.g., code review, risk assessments, threat modeling, static code analysis, and dynamic application scanning) Modern Security Engineering/Architecture practices (e.g., micro services, containers, orchestration, continuous integration & delivery pipelines, API first, service delivery & integration) Solution Development & Delivery Product technologies Experience with writing, reviewing, and applying security policies, standards, and procedures based on NIST, ISO, PCI/DSS, CIP, and other frameworks/standards. Hands-on practical experience in cybersecurity architecture that can be applied and repeated across businesses, functions, and systems. Experience designing cybersecurity products and solutions for public cloud-based applications and infrastructure. Experience developing and leading large, cross-functional teams of technologists. Subject matter expertise in multiple security domains (e.g., mobile, application security, vulnerability reduction, data protection, encryption, logging and monitoring, network security, etc.) Demonstrated prior experience influencing across highly matrixed, complex organizations and delivering value at scale. Experience leading complex projects and supporting system design, testing, and operational stability. Experience hiring, developing, and recognizing talent. 

Education:

Bachelor’s Degree in Information Technology, related degree or related experience                

Experience:

10 years related experience required which includes 5 of those years related to senior level cyber security experience

Licenses & Certifications:

Certification in Public Cloud Technology from one of the major Cloud Service Providers (e.g. AWS Certified Solutions Architect, Microsoft Azure Architect, Google Cloud Architect) or prominent independent organization such as ISC2. 

Working Conditions:

Must be available to work emergency restoration assignment as required.Must be available to travel between MA/CT/NH as necessary.

Mental Aspects:

Leadership Behaviors/Competencies:

Set and Communicate Direction and Priorities

Communicate priorities and goals (company, department, team)Show how employee’s work fits inProvide business updates, newsCommunicate, communicate, communicate

Build Trusting Relationships

Role model honesty/integrity in communication and actionBalance “getting results” with concern for individual needsHave honest dialogue with employees; get to know them

Manage and Develop People

Set realistic performance objectives and expectationsGive ongoing, honest feedback; coach for successRecognize good performanceVisit crews in the fieldRemove obstacles to day-to-day performanceProvide tools, information, training

Foster Teamwork and Cross-functional Collaboration

Encourage cooperation/remove obstacles between work groups/departmentsEncourage collaboration/peers helping peers

Create a Diverse, Inclusive Workforce

Ask for employee input on work process/practice improvements and before implementing change that will affect themEncourage ideas

Lead Change

Deliver effective, positive communications about change to your teamExhibit a “can-do” attitude to successfully implement changes in priorities and work processesRespond positively to new demands or circumstances

Focus on the Customer

Ensure that everyone on the team understands our customer promise and provides superior customer serviceBe a role model for the team on delivering superior customer service

Compensation and Benefits

Eversource offers a competitive total rewards program.  The annual salary range for this position starts at $151,700.00 to $168,560.00.00, plus incentive.  Salary is commensurate with your experience.  Check out the career site for an overview of our benefits.

Worker Type:

Regular

Number of Openings:

3

EEO Statement

Eversource Energy is an Equal Opportunity and Affirmative Action Employer.  All qualified applicants will receive consideration for employment without regard to age, race, color, sex, sexual orientation, gender identity, national origin, religion, disability status, or protected veteran status.

VEVRRA Federal Contractor

Emergency Response:

Responding to emergency situations to meet customers’ needs is part of every employee’s role. If employed, you will be given an Emergency Restoration assignment.  This means you may be called to assist during an emergency outside of your normal responsibilities, work hours and location. 

Confirm your E-mail: Send Email