Job Description:
• Lead key cybersecurity activities and protections at the company
• Work day-to-day with a broad set of stakeholders and contributors to drive Plus Power’s cybersecurity program and activities aligning with the company’s compliance and security postures
• Promote secure by design and secure by default strategies
• Baseline, monitor, identify, and assess security vulnerabilities and risks in applications and infrastructure across operational technology (OT), information technology (IT), data science, and data engineering environments
• Own and drive the resolution of different security events, control gaps, policy questions, and technical security risks
• Contribute to building repeatable/reusable/systematic security processes and frameworks to identify potential security events
• Manage the company’s Compliance & Security Posture Management (CSPM) Platforms
• Provide project management for the implementation of security controls while operating cross-functionally
• Conduct automated evidence collection operations to guarantee the longevity and uniformity of our controls
• Assist with identification and mitigation of cybersecurity risks including compliance concerns (SOX, ISO, NERC-CIP, NIST CSF 2.0)
• Develop, communicate, and assess the compliance stance of the framework in relation to internal and external policies
• Build out and run a Third-Party Cyber Risk Management (TPRM) Program and mitigate systemic risk from security posture vendors and end-to-end software supply chain
• Communicate and maintain cybersecurity and risk metrics for senior executives and leaders of various business units
• Work with External Relations team on proposed cybersecurity legislation and regulations
• Work with Legal and Compliance team to establish cybersecurity controls to facilitate compliance with applicable laws and regulations
Requirements:
• 8+ years of experience in identifying security issues and developing mitigation plans
• Bachelor's or Master's Degree in Information Systems, Computer Science, Software Engineering, or a closely related field
• Deep hands-on technical expertise in at least two of the following areas: network security, embedded/hardware security, cryptography, web and network protocols, secure bill of materials, threat modeling, pen tests, or vulnerability assessments
• Demonstrated use of scripting/software development skills (e.g., Python, Rust) to automate processes
• Certifications in Security: CISSP, CISM, CRISC, CISA, GIAC, and EC-Council desired
• Knowledge of fundamental security Email Security, DLP, CSPM, ZTNA, EDR/XDR, and additional security technologies preferred
• Experience in successfully implementing KPIs and metrics for security and risk management
• Proficient in overseeing the execution of audits, certification programs, and control assessments
• Experience with SOC2 ISO27001, and/or NIST security frameworks, controls, tests, and auditing and associated requirements, in addition to familiarity with SOX-regulated environments
• Excellent written and verbal communication skills
• Ability to work in a fast-paced environment while managing multiple priorities
• Ability to operate as a team and/or independently while demonstrating flexibility to changing requirements
• Demonstrated ability to work well in a cross-functional environment with both technical and non-technical team members
• Ability to effectively use Microsoft Office products – Word, Excel, Power Point, Outlook
Benefits:
• unlimited vacation
• flexible remote work
• work from home stipend
• educational assistance
• parental leave
• highly engaging company culture with opportunities for in-person connection and learning and growth
Apply Now
Apply Now