Title: Manager, Cyber Protection 
Company: Tampa Electric Company 
State and City: Florida - Tampa
Shift: 8 Hr. X 5 Days

The Manager, Cyber Protection is responsible for developing and managing the organization’s protection mechanisms to safeguard its critical assets. Oversee capabilities in Identity and Access Management (IAM), Data Protection, Application Security, and Infrastructure Security and ensures robust security measures are in place to prevent unauthorized access, data breaches, and other security incidents. IAM: Responsible for delivering an enterprise class Identity and Access Management (IAM) strategy and roadmap for Emera US affiliates. Entrusted with the key responsibility of driving continuous improvement and robust support for IAM toolsets and Identity Governance and Administration (IGA) processes. Data Protection: Responsible for safeguarding sensitive or personal information by ensuring data is stored, processed, and transferred securely and in compliance with relevant laws and regulations. Proactive detection and mitigation of data-related risks through monitoring.  Application and Infrastructure Security: Responsible for minimizing application vulnerabilities through regular testing and assessment. Secure infrastructure configurations through adherence to hardening standards. Proactive vulnerability identification and mitigation. Partner with the business to establish objectives, strategies, plans, policies, and programs for the security, privacy, protection, and resilience of team members and customer information, such as Personally Identifiable Information (PII). Ensure that all information systems are functional and secure. Requires broad technical and industry experience and recommends effective and efficient security technology and compliance with industry regulatory requirements, future industry trends, and corporate business plans to ensure the alignment and accomplishment of company goals and strategies.

PRIMARY DUTIES AND RESPONSIBILITIES  

1.  IAM

• Develop and implement IAM policies and procedures to ensure that access to systems and data is granted based on the principle of least privilege.
• Oversee the deployment and management of IAM solutions, including single sign-on (SSO), multi-factor authentication (MFA), and role-based access control (RBAC).
• Enhance security through robust access controls and authentication mechanisms.
• Conduct regular audits of access controls to identify and remediate any unauthorized access or anomalies. Proactive risk management via ongoing monitoring and access certification.

2.  Data Protection

• Establish and maintain data protection policies and practices to safeguard sensitive and confidential information. Formalizes policies and procedures for data governance.
• Implement encryption, data masking, and other data protection technologies to prevent data leakage and unauthorized access.
• Alignment of data protection measures with business objectives and compliance requirements. Ensure compliance with data protection regulations and standards, such as GDPR, CCPA, and HIPAA.
• Collaborate with various stakeholders to identify, manage and monitor crown jewels.

3.  Application Security

• Develop and enforce secure coding standards and practices for application development. Implement secure development practices that align with leading practice.
• Conduct regular security assessments and code reviews to identify and remediate vulnerabilities in applications.
• Implement application security testing tools and processes, such as static and dynamic analysis, penetration testing, and vulnerability scanning.

4.  Infrastructure Security

• Oversee the security of the organization’s IT infrastructure, including networks, servers, endpoints, and cloud environments.
• Enhance network security with layered protection mechanisms.
• Continuous compliance monitoring for infrastructure components.

QUALIFICATIONS
Education
Required:     Bachelor’s Degree in Computer Science, Information Systems, Cybersecurity, or other IT related discipline.

Preferred:    Master’s Degree in Computer Science, Information Systems, Cybersecurity, or other IT related discipline.

Licenses/Certifications
Preferred:    CIAM, CISSP, CISM, ITILv3, and 3 or more of the following or similar security certifications: CISA, CRISC, GMON, etc.

EXPERIENCE
Required:    8 years of experience and/or training performing the Duties & Responsibilities of this position, to include at least one of the following: 3 years of experience in IAM, Data Protection, and/or Application and Infrastructure Security solution design, implementation, and operations.   

Supervisory Experience
Required:    3 years supervisory or management experience, creating and measuring individual performance goals, managing assignments and projects through to completion.

Preferred:    Leading IAM, Data Protection, and Application and Infrastructure Security teams and delivering enterprise class solutions.

Knowledge/Skills/Abilities (KSA)
Required:

• Possess an expert level of knowledge in the discipline of cybersecurity as well as a high level of competency in architecture, methodologies, and best practices for IAM, Data Protection, and Application and Infrastructure Security concepts, strategies, standards, functions, capabilities, and technologies.
• Knowledge of hacker methodologies and tactics, system vulnerabilities and key indicators of attacks and exploits.
• Significant high-level system/security engineering experience with broad knowledge across many technologies.
• Ability to manage service providers, contract management (SLAs). Effective vendor management capabilities, including ongoing vendor relations, evaluation and remediation, budgetary discussions, and contract negotiations.
• Strong critical thinking, analytical, problem solving, and risk assessment skills as well as strong listening and communication skills (oral and written).
• Strong understanding of the NIST Cybersecurity Framework and other relevant standards and regulations.
• Strong interpersonal skills with ability to interact with business partners, IT team members, and senior management. Effective collaboration and teamwork skills.
• Ability to understand technical delivery, communicate with senior leaders, and manage teams.
• Ability to present issues and topics of a complex technical nature to non-technical audiences.
• Expert verbal, written, organizational, analytical and presentation skills as the candidate will have frequent interaction with key business partners, IT management, and other technology teams.
• Develop comprehensive reports and communicate with key stakeholders. Time management skills and proven ability to work independently and adjust to changing priorities in a multi-tasking environment.
• Demonstrated ability leading teams in support of business process analysis efforts and educating others in the proper application of tools and techniques.
  Demonstrated ability to independently conduct interviews with management and other department leaders and distinguish between business needs and requests.
• Ability to manage multiple projects and priorities in a fast-paced environment. Understands project plans and ability to clearly articulate roles, project goals, and timelines.
• Understanding of the components of running a fiscally successful project and proficiency at assessing the proposed project plans to ensure all needs are met.
• Drives continuous process improvement for SDLC, maintenance, application support, and Information Technology architecture.

Preferred:
Strong project management background and skills.

LEADERSHIP COMPETENCIES

• Speaks Up on Safety, Health, and the Environment
• Takes Ownership and Acts with Integrity
• Drives Operational Excellence for Customers
• Builds Strong, Collaborative Relationships
• Develops People and Teams
• Cultivates Innovation and Embraces Change
• Thinks Strategically and Exercises Sound Judgment

WORKING CONDITIONS 

• Normal working condition with occasional weekend and overtime requirements, including on-call rotational support.

PHYSICAL DEMANDS/ REQUIREMENTS 

• Normal physical demands related to an office workplace environment.

TECO offers a competitive Benefits package!!

Competitive Salary *401k Savings plan w/ company matching * Pension plan * Paid time off* Paid Holiday time * Medical, Prescription Drug, & Dental Coverage  *Tuition Assistance Program * Employee Assistance Program * Wellness Programs * On-site Fitness Centers * Bonus Plan and more!

STORM DUTY REQUIREMENTS....Please make sure to read below!!!  Responding to storms will be considered a condition of employment.

TECO Energy and its companies serve a role in providing critical services to our community during an emergency. Team members are required to participate in the response/recovery activities related to emergencies/disasters to maintain service to our TECO Energy customers. Team members are required to work in their normal job duties or other assigned activities. Proper compensation will be made in accordance with the company's rules and procedures.

TECO Energy is proud to be an Equal Opportunity Employer.

TECO Energy is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability status, veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by law, except where physical or mental abilities are a bona fide occupational requirement and the individual is unable to perform the essential functions of the position with reasonable accommodations.

In order to provide equal employment and advancement opportunities for all individuals, employment decisions at TECO Energy will be based on skills, knowledge, qualifications and abilities.

Pay Transparency Non-Discrimination Statement
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)

ADA policy
It is the policy of TECO Energy to provide reasonable accommodation for all qualified disabled individuals who are employees and applicants for employment, unless it would cause undue hardship. The corporation will adhere to applicable federal and state laws, regulations and guidelines, including, but not limited to the Americans with Disabilities Act (ADA) of 1990 and section 503 and 504 of the Rehabilitation Act of 1970s.

Application accommodations
Applicants may request reasonable accommodation in the application process five business days prior to the time accommodation is needed.

Pre-employment physical exams may be required for positions with bona fide job-related physical requirements regardless of disability.