Title: Manager, Cyber Protection 
Company: Tampa Electric Company 
State and City: Florida - Tampa
Shift: 8 Hr. X 5 Days

The Manager, Cyber Protection is responsible for developing and managing the organization’s protection mechanisms to safeguard its critical assets. Oversee capabilities in Identity and Access Management (IAM), Data Protection, Application Security, and Infrastructure Security and ensures robust security measures are in place to prevent unauthorized access, data breaches, and other security incidents. IAM: Responsible for delivering an enterprise class Identity and Access Management (IAM) strategy and roadmap for Emera US affiliates. Entrusted with the key responsibility of driving continuous improvement and robust support for IAM toolsets and Identity Governance and Administration (IGA) processes. Data Protection: Responsible for safeguarding sensitive or personal information by ensuring data is stored, processed, and transferred securely and in compliance with relevant laws and regulations. Proactive detection and mitigation of data-related risks through monitoring.  Application and Infrastructure Security: Responsible for minimizing application vulnerabilities through regular testing and assessment. Secure infrastructure configurations through adherence to hardening standards. Proactive vulnerability identification and mitigation. Partner with the business to establish objectives, strategies, plans, policies, and programs for the security, privacy, protection, and resilience of team members and customer information, such as Personally Identifiable Information (PII). Ensure that all information systems are functional and secure. Requires broad technical and industry experience and recommends effective and efficient security technology and compliance with industry regulatory requirements, future industry trends, and corporate business plans to ensure the alignment and accomplishment of company goals and strategies.

PRIMARY DUTIES AND RESPONSIBILITIES  

1.  IAM

• Develop and implement IAM policies and procedures to ensure that access to systems and data is granted based on the principle of least privilege.
• Oversee the deployment and management of IAM solutions, including single sign-on (SSO), multi-factor authentication (MFA), and role-based access control (RBAC).
• Enhance security through robust access controls and authentication mechanisms.
• Conduct regular audits of access controls to identify and remediate any unauthorized access or anomalies. Proactive risk management via ongoing monitoring and access certification.

2.  Data Protection

• Establish and maintain data protection policies and practices to safeguard sensitive and confidential information. Formalizes policies and procedures for data governance.
• Implement encryption, data masking, and other data protection technologies to prevent data leakage and unauthorized access.
• Alignment of data protection measures with business objectives and compliance requirements. Ensure compliance with data protection regulations and standards, such as GDPR, CCPA, and HIPAA.
• Collaborate with various stakeholders to identify, manage and monitor crown jewels.

3.  Application Security

• Develop and enforce secure coding standards and practices for application development. Implement secure development practices that align with leading practice.
• Conduct regular security assessments and code reviews to identify and remediate vulnerabilities in applications.
• Implement application security testing tools and processes, such as static and dynamic analysis, penetration testing, and vulnerability scanning.

4.  Infrastructure Security

• Oversee the security of the organization’s IT infrastructure, including networks, servers, endpoints, and cloud environments.
• Enhance network security with layered protection mechanisms.
• Continuous compliance monitoring for infrastructure components.

QUALIFICATIONS
Education
Required:     Bachelor’s Degree in Computer Science, Information Systems, Cybersecurity, or other IT related discipline.

Preferred:    Master’s Degree in Computer Science, Information Systems, Cybersecurity, or other IT related discipline.

Licenses/Certifications
Preferred:    CIAM, CISSP, CISM, ITILv3, and 3 or more of the following or similar security certifications: CISA, CRISC, GMON, etc.

EXPERIENCE
Required:    8 years of experience and/or training performing the Duties & Responsibilities of this position, to include at least one of the following: 3 years of experience in IAM, Data Protection, and/or Application and Infrastructure Security solution design, implementation, and operations.   

Supervisory Experience
Required:    3 years supervisory or management experience, creating and measuring individual performance goals, managing assignments and projects through to completion.

Preferred:    Leading IAM, Data Protection, and Application and Infrastructure Security teams and delivering enterprise class solutions.

Knowledge/Skills/Abilities (KSA)
Required:

• Possess an expert level of knowledge in the discipline of cybersecurity as well as a high level of competency in architecture, methodologies, and best practices for IAM, Data Protection, and Application and Infrastructure Security concepts, strategies, standards, functions, capabilities, and technologies.
• Knowledge of hacker methodologies and tactics, system vulnerabilities and key indicators of attacks and exploits.
• Significant high-level system/security engineering experience with broad knowledge across many technologies.
• Ability to manage service providers, contract management (SLAs). Effective vendor management capabilities, including ongoing vendor relations, evaluation and remediation, budgetary discussions, and contract negotiations.
• Strong critical thinking, analytical, problem solving, and risk assessment skills as well as strong listening and communication skills (oral and written).
• Strong understanding of the NIST Cybersecurity Framework and other relevant standards and regulations.
• Strong interpersonal skills with ability to interact with business partners, IT team members, and senior management. Effective collaboration and teamwork skills.
• Ability to understand technical delivery, communicate with senior leaders, and manage teams.
• Ability to present issues and topics of a complex technical nature to non-technical audiences.
• Expert verbal, written, organizational, analytical and presentation skills as the candidate will have frequent interaction with key business partners, IT management, and other technology teams.
• Develop comprehensive reports and communicate with key stakeholders. Time management skills and proven ability to work independently and adjust to changing priorities in a multi-tasking environment.
• Demonstrated ability leading teams in support of business process analysis efforts and educating others in the proper application of tools and techniques.
  Demonstrated ability to independently conduct interviews with management and other department leaders and distinguish between business needs and requests.
• Ability to manage multiple projects and priorities in a fast-paced environment. Understands project plans and ability to clearly articulate roles, project goals, and timelines.
• Understanding of the components of running a fiscally successful project and proficiency at assessing the proposed project plans to ensure all needs are met.
• Drives continuous process improvement for SDLC, maintenance, application support, and Information Technology architecture.

WORKING CONDITIONS 

• Normal working condition with occasional weekend and overtime requirements, including on-call rotational support.

PHYSICAL DEMANDS/ REQUIREMENTS 

• Normal physical demands related to an office workplace environment.

#LI-SC1

TECO offers a competitive Benefits package!!

Competitive Salary *401k Savings plan w/ company matching * Pension plan * Paid time off* Paid Holiday time * Medical, Prescription Drug, & Dental Coverage  *Tuition Assistance Program * Employee Assistance Program * Wellness Programs * On-site Fitness Centers * Bonus Plan and more!