Cybersecurity Program Owner

Job Description

Cybersecurity Program Owner protects the nuclear facility’s digital assets, sensitive data, and plant digital infrastructure from potential cyber threats ensuring that those protections meet regulatory requirements. This role involves planning, implementing, and maintaining cybersecurity controls, as well as monitoring and reporting on the program's effectiveness. 

Primary Duties & Areas of Responsibility

• Cybersecurity Program Owner demonstrates overall accountability for the nuclear cybersecurity program.
• Creates, reviews, and approves cyber assessments as required by the cybersecurity program.
• Analyzes, reviews, recommends changes as appropriate for plans required to ensure nuclear site adheres to the 10CFR73.54 cybersecurity regulations and ensures the site meets the regulatory requirements.
• Supports external parties in the audit and inspection of the cybersecurity program.
• Provides input and commentary to develop and revise procedures and policies relevant to the cybersecurity program.
• Leads and reviews the analysis of incident response policies, takes an active role in cyber incident response and recovery, the identification of vulnerabilities in the network, and the performance of risk assessments on new and existing computer systems and equipment.
• Develops and maintains a thorough knowledge of 10 CFR 73.54, NEI -08-09 including associated addendums, NEI-13-10, site Cyber Security Plan, cybersecurity implementing procedures, and the cybersecurity defense‑in‑depth protective strategy.
• Active industry participation (USA Cyber Project Team, NITSL, NEI telecoms and conferences, NEI Cyber Security Task Force (CSTF)), some travel is required. 
• Coordinates and collaborates with other departments providing advice, staying abreast of technical solutions, and providing necessary cybersecurity guidance to accomplish required actions.
• Ability to communicate complex cybersecurity information to both technical and non-technical audiences.
• Ability to understand and contribute to the organization's overall strategic goals. 
• Coordinates mitigation of identified vulnerabilities to maintain a high-security standard and a hardened environment.
• Collaborates with corporate IT, legal and other corporate business teams to integrate security measures into operational processes.
• Proficient with Microsoft Office products: Word, Excel, Powerpoint and Access

Minimum requirements

• BA/BS degree in engineering, computer science, cyber security, related fields, or equivalent experience
• Must have ability to acquire unescorted access to a nuclear facility.
• The person in this position needs to occasionally move about inside the radiological controlled area (RCA) and maintain qualifications to access this restricted area.

Desired requirements

• Working knowledge of 10 CFR 73.54, NEI-08-09 and associated addendums, NEI 13-10
• Knowledge of:
  • Digital components comprised of industrial network and control systems
  • Supervisory Control and Data Acquisition (SCADA) Systems
  • Distributed Control Systems (DCS)
  • Safety Instrumented Systems (SIS) a plus
  • Access / SQL database queries
  • Visio flowcharts
  • Multiple years of experience at a nuclear facility with several years related to nuclear cybersecurity.
  • Certified Information Systems Security Professional (CISSP) or Associate of ISC (current or previous) or equivalent.
  • Proficiency in security technologies and tools, including SIEM, firewalls, VPNs, data encryption protocols, and anti-malware solutions.
  • Experience leading cybersecurity initiatives.

Note: You will have an opportunity to add attachments to your application. Please use this opportunity to upload your resume, cover letter, and any relevant documents .