FirstBank Jobs

Benefits :

• Competitive compensation

• Medical, Dental, and Vision insurance

• 401(k) Retirement Savings Plan with substantial company match

• Life and Travel Insurance

• Tuition Assistance

• Wellness Reimbursement Program

• Paid Holidays and Vacation

What is a Manager – Cybersecurity Vulnerability & Threat Management?

The Manager – Cybersecurity Vulnerability & Threat Management oversees and coordinates the activities of the cybersecurity operations team. Responsibilities include developing and implementing security practices for vulnerability management, application security, threat intelligence, threat hunting, managing incident response and investigations, conducting risk assessments, and staying updated on security trends. The Manager – Cybersecurity Vulnerability & Threat Management will be responsible for leading the organization’s efforts in identifying, analyzing, and mitigating security vulnerabilities across all IT & OT systems and networks. This role involves collaborating with various departments to ensure timely remediation of vulnerabilities, developing strategies to manage and reduce risk, and maintaining compliance with relevant regulations and standards. The ideal candidate will possess a strong technical background, excellent leadership skills, and a proactive approach to vulnerability management. The Manager – Cybersecurity Vulnerability & Threat Management will be instrumental in building various vulnerability and threat management programs.

What does a Manager - Cybersecurity Vulnerability & Threat Management do?

The Manager – Cybersecurity Vulnerability & Threat Management is responsible for the following:

• Develops, implement, and oversee the company’s Vulnerability & threat management programs to protect Central Hudson’s assets and critical infrastructure

• Overall responsibility for Vulnerability Assessment and Management

• Leads the design, implementation, and management of the organization’s vulnerability management program

• Conducts regular vulnerability assessments and scans to identify potential security weaknesses in IT & OT systems and networks

• Prioritizes vulnerabilities based on risk, impact, and exploitability

• Provides clear remediation guidance to IT teams

• Risk Analysis and Mitigation

• Analyzes vulnerability data to identify trends and develop strategies for mitigating risks

• Develops and maintain a vulnerability risk register and track remediation efforts to closure

• Assist in the investigation and response to security incidents, leveraging vulnerability data to understand attack vectors and prevent future occurrences

• Generates and delivers regular reports on vulnerability management activities and risk posture to senior management and relevant stakeholders

• Develops metrics and KPIs to measure the effectiveness of the vulnerability management program.

• Continually develops and manages roadmaps, strategy and maturity of the cybersecurity vulnerability management program by partnering with key stakeholders across The Company

• Develops and implements cybersecurity policies and procedures

• Leads and manages the day-to-day vulnerability governance

• Leads a team to defend against threats, reduce risk, and mitigate vulnerabilities across the Company

• Works closely with software development, DevOps, and IT teams to integrate security into the software development lifecycle (SDLC)

• Drives application security program, policies, and procedures

• Establishes and enforce secure coding standards and practices across development teams

• Integrates security tools and processes into the CI/CD pipeline to automate security checks

• Conducts regular security assessments, including static and dynamic application security testing (SAST/DAST), to identify vulnerabilities in software applications

• Performs threat modeling, code reviews, and penetration testing to uncover potential security weaknesses

• Provides detailed reports on findings and work with development teams to remediate identified vulnerabilities

• Identifies and implement automation opportunities

• Implements continuous improvement over people, process, and technologies

• Participates in incident response and investigation activities, ensuring timely resolution

• Conducts regular risk assessments and vulnerability management processes

• Leads teams in threat hunting measures

• Collaborates with IT and other departments to ensure a cohesive and effective security posture

• Stays updated on emerging cybersecurity threats and technologies

• Coordinates with external vendors and stakeholders on security matters

• Develops and deliver security awareness training programs for employees

• Monitors and reports on key security metrics to executive leadership

• Manages and guides third party vendor relationships related to the cybersecurity operations program

• Supports the escalation of risks, issues, actions, & decisions within the program

• Conducts risk assessments and develop strategies to mitigate potential threats and vulnerabilities

• Collaborates with cross-functional teams to integrate security measures into business processes and technology solutions

• Stays up-to-date with the latest cybersecurity trends, threats, and technologies to continuously improve the vulnerability management program

• Establishes and maintains relationships with key stakeholders, communicating security policies, incidents, and mitigation strategies.

• Ensures compliance with relevant regulations and standards

• Provides storm/emergency response support

What does it take to be a Manager– Cybersecurity Vulnerability & Threat Management?

Required:

• Bachelor’s degree in Computer Science, Information Technology or related field of study and 5 years of relevant experience. In lieu of a bachelor’s degree, an associate’s degree with 7 years of relative experience or a high school diploma or equivalency degree and 9 years of related experience will be considered.

• At least 3 years of vulnerability management experience

• At least 2 years in a security related role

• Proven leadership, facilitation, and organizational skills with at least 3 years of experience in a leadership role

• Experience with incident response

• Experience with creating and maintaining external and internal relationships with key stakeholders

• Understanding of cybersecurity frameworks, standards, and best practices

• Excellent knowledge of vulnerability management, and risk assessment

• Strong leadership skills, with the ability to manage and mentor a team

• Excellent communication skills, with the ability to collaborate effectively with diverse teams

• Familiarity with regulatory requirements and compliance frameworks

• Analytical mindset with the ability to assess complex situations and make informed decisions

• Ability to present at all levels of the organization

• A strong background with an understanding of the intersection between business and cybersecurity to improve security practices

• Ability to influence business decision-making by providing quantitative/qualitative data analytics, metrics, and analysis

• A results-oriented mindset with the ability to solve problems and make decisions

• Ability to work with limited direct supervision and professionally respond to constructive feedback

• Valid driver’s license

Preferred:

• Experience in Energy & Utilities or services industry

• Experience with threat hunting and threat modeling

• Experience with application security

• Knowledge of application security tools and technologies (e.g., SAST, DAST, RASP, WAF)

• Proficiency in programming and scripting languages (e.g., Java, C#, Python, JavaScript)

• Familiarity with DevSecOps practices and tools (e.g., Jenkins, Git, Docker, Kubernetes)

• Understanding of common security vulnerabilities (e.g., OWASP Top Ten) and how to mitigate them

• Experience with Microsoft PowerBI

• Experience with data visualization tools

• Relevant certifications such as CISSP, CISM, or comparable

This position has a career path which allows for advancement opportunities within a job series. The title and level are commensurate with experience. Pay range: $136,800-211,900

Please go to https://www.cenhud.com/employment . Click the “Search Career Opportunities” button. Follow the directions to submit an application and upload your resume for the desired position.

Applications sent via e-mail and US Mail will not be accepted. No phone calls or agencies, please. All replies will be held in strict confidence.

All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or protected veteran status. Central Hudson Gas & Electric Corporation takes affirmative action in support of its policy to employ and advance in employment individuals who are minorities, women, protected veterans, and individuals with disabilities.

VEVRAA FEDERAL CONTRACTOR

Look to Central Hudson for an environment that fosters teamwork, safety awareness and impeccable customer service. We are committed to educational development, employee satisfaction and a diverse workforce. We also have a strong belief in and long history of promoting from within. Our employees enjoy numerous opportunities for transition and growth throughout their careers.

We offer a comprehensive benefits package including competitive compensation, health benefits, 401K plan with substantial company match, tuition assistance, wellness reimbursement, life insurance, and paid holidays and vacation.