Director - Trust & Safety

At ERCOT, our diverse and dynamic work environment provides a platform on which employees can work together to build the future of the Texas power grid and wholesale market utilizing the latest technologies and resources.  We encourage you to join our talented, dedicated workforce to develop world-class solutions for today and tomorrow’s energy challenges while learning new skills and growing your career.

ERCOT is committed to fostering inclusion at all levels of our company. It is the cornerstone of our corporate values of accountability, leadership, innovation, trust, and expertise. We know that individuals with a wide variety of talents, ideas, and experiences propel the innovation that drives our success. An inclusive and diverse workforce strengthens us and allows for a collaborative environment to solve the challenges that face our industry today and in the future.

The Director of Trust and Safety Program is responsible for developing, implementing, and leading a comprehensive Program to protect critical infrastructure assets from insider risks, including cyber, physical, and operational threats. This role requires a strategic leader with deep expertise in cybersecurity, risk management, behavioral analytics, and threat intelligence. The Director will collaborate across security, IT, legal, HR, and operational teams to proactively identify, assess, and mitigate insider threats while ensuring the safety of employees and compliance with regulatory requirements.

JOB DUTIES

• Responsible for hiring, coaching, training, and performance management of staff.

• Regularly interacts with executives and/or major customers. Interactions frequently involve special skills, such as negotiating with customers or management regarding matters of significance to the organization.

• Typically directs and controls the activities of a broad functional area through several department managers within ERCOT. Has overall control of planning, staffing, budgeting, managing expense priorities, and recommending and implementing changes to methods.

• Responsible for budgetary decisions within functional area according to organizational policy/guidelines.

• This role may require access to sensitive information and interaction with federal partners; therefore, eligibility for a U.S. Government security clearance is required.

ADDITIONAL JOB DUTIES

• Program Development & Leadership

• Design, implement, and oversee an enterprise-wide Program that integrates cybersecurity, physical security, and personnel security controls.

• Establish governance, policies, and frameworks to detect, analyze, and respond to insider threats.

• Lead cross-functional working groups, including cybersecurity, HR, legal, and compliance teams, to ensure a coordinated approach to insider threat mitigation.

• Develop insider threat risk assessments, metrics, and reporting mechanisms to inform executive leadership and stakeholders.

• Define and track program maturity goals and key performance indicators (KPIs) to ensure continuous improvement and transparent reporting to leadership.

• Leverage cybersecurity tools such as User and Entity Behavior Analytics (UEBA), Security Information and Event Management (SIEM), Endpoint Detection and Response (EDR), and Data Loss Prevention (DLP) to identify abnormal behaviors and potential threats.

• Develop investigative and forensic capabilities to analyze insider threat incidents and recommend mitigation strategies.

• Work closely with IT and Security teams to implement access controls, least privilege principles, and continuous monitoring solutions.

• Establish and refine response protocols for insider threat incidents, including legal, HR, and cybersecurity responses.

• Ensure compliance with NIST, CISA, NERC CIP, PCI, and other relevant regulations governing critical infrastructure security.

• Conduct risk assessments and gap analyses to evaluate potential vulnerabilities related to insider threats.

• Ensure monitoring, investigations, and data handling practices align with applicable privacy regulations and internal ethical standards, promoting transparency and fairness.

Training & Awareness

• Develop and lead Trust, Safety, and Risk awareness socialization and training programs for employees, executives, and security teams.

• Foster a culture of security awareness by promoting proactive reporting and engagement across the organization.

REQUIRED EXPERIENCE

• Requires minimum 10 years job-related work experience and 5 years in a management or leadership role in excess of degree requirements. Minimum years of job-related experience can include time in leadership roles.

PREFERRED EXPERIENCE

• Familiarity with user behavioral analytics.

Other Requirements:

• This role may require access to sensitive information and interaction with federal partners; therefore, eligibility for a U.S. Government security clearance is required.

EDUCATION

• Bachelor's Degree: Business, Computer Science, Criminal Justice or related field (Required)

• Master's Degree: Business, Computer Science, Criminal Justice or related field (Preferred)

• or a combination of education and experience that provides equivalent knowledge to a major in such fields is required

CERTIFICATION

• CISSP Certified Information Systems Security Professional (Required)

• CISA Certified Information Systems Auditor (Required)

• CISM Certified Information Security Manager (Preferred)

• Top Secret Clearance, Secret Clearance or TS/SCI (Nice to Have)

WORK LOCATION – Taylor, TX:

• Employees will be required to be on-site in Taylor, TX at a minimum of 2 days per week, or more, as needed based on the business needs as determined by management

• On-site schedules are flexible or may be rotated based on business needs as determined by the Manager

• Remote work is required to be performed from your Texas residence.  

• Employees may opt to work on-site more than required or 100% of the time

The foregoing description reflects the minimum qualifications and the essential functions of the position that must be performed proficiently with or without reasonable accommodation for individuals with disabilities.  It is not an exhaustive list of the duties expected to be performed, and management may, at its discretion, revise or require that other or different tasks be performed as assigned.  This job description is not intended to create a contract of employment with ERCOT.  Both ERCOT and the employee may exercise their employment-at-will rights at any time. #LI-Hybrid #LI-MH1

ERCOT is firmly committed to equal employment for all qualified persons without regard to race, sex, medical condition, religion, age, creed, national origin, citizenship status, marital status, sexual orientation, physical or mental disability, ancestry, veteran status, genetic information or any other protected category under federal, state or local law.

Expected Salary Range: