"Alerted.org

Description

**Division** **:** BITS

**Summary Description:** The Director of Enterprise Security is responsible for the strategy, design, engineering, implementation, and ongoing operations of NCEMC’s **enterprise security program** , encompassing both **cybersecurity** and **physical security** . This role safeguards NCEMC’s information assets, operational systems, facilities, and critical infrastructure—including substations, control centers, generation facilities, and corporate offices—through a layered defense approach ( **deter, detect, delay, respond, recover** ) and continuous maturity of the organization’s security posture.

This position collaborates closely with **Network Services, Datacenter Operations, and the Service Center** to ensure the performance, reliability, and security of IT infrastructure. The Director also partners with **Software Development, Data Management, and EMS/OT teams** to embed security by design across applications, data platforms, and operational technologies. The role serves as a key liaison with contractors, vendors, law enforcement, and regulatory bodies to ensure audit readiness and alignment with industry standards and applicable regulations.

Academic and Trade Qualifications:

+ Bachelor’s degree in **computer science, Information Security, Security Management, Emergency Management** , or a related field. An equivalent combination of education, training, and relevant work experience may be substituted for the degree requirement.

+ A master's degree is preferred.

+ **Certifications:**  Advanced security certifications such as  **CISSP, CISM, CISA, CRISC, or CCISO**  are strongly preferred.

**Work Experience:** 6–10 years of progressive experience across IT/cybersecurity and physical security, including:

+ At least 5+ years focused on cybersecurity/physical security

+ 3–5+ years of leadership/management experience in security or IT.

+ Electric utility operations experience preferred (including familiarity with substations, control centers, and generation facilities).

Responsibilities:

Strategic Leadership & Program Development

+ Develop and execute an **enterprise-wide security strategy** covering both **cyber** and **physical** security domains.

+ Establish and maintain **policies, standards, procedures** , and **site security plans** aligned with industry best practices (e.g., **ASIS** , **DHS CISA** , **NFPA** , **NERC** ).

+ Coordinate enterprise risk management activities: **risk assessments** , **criticality analyses** , **threat/vulnerability reviews** , and remediation roadmaps.

+ Define security architecture and control baselines across IT, OT, facilities, and corporate environments.

Cybersecurity Operations & Governance

+ Oversee the Manager of Cybersecurity, including **policy development** , **regulatory compliance** , **security assessments** (internal and third-party), and **incident response planning and execution** .

+ Ensure security is integrated into SDLC, data platforms, and EMS/OT systems; collaborate with Software Development and Data Management teams to **embed cybersecurity controls** .

+ Oversee audit readiness and compliance with applicable standards and regulations (e.g., **NERC CIP** where applicable).

+ Manage **cybersecurity awareness and training** for all staff and facilitate executive briefings and security committee meetings.

Physical Security Operations & Incident Management

+ Oversee the Manager of physical security systems to ensure NCEMC’s seven facilities across the state of NC are safe and secure.

+ Lead and coordinate response to physical security incidents; manage investigations and reporting with **law enforcement** and **regulatory agencies** .

Capital Planning & Project/Portfolio Management

+ Plan and execute security infrastructure projects balancing **cost, risk reduction, regulatory compliance, and operational impact** .

+ Prepare and manage budgets for **cybersecurity** and **physical security** operations and capital initiatives.

Training, Awareness & Exercises

+ Develop and deliver training for employees, contractors, member organizations, and security personnel on **site access** , **reporting** , and **emergency response protocols** .

+ Establish criteria for coordinate **drills and exercises** in collaboration with internal safety personnel and relevant external partners.

Governance, Compliance & Reporting

+ Ensure compliance with regulatory requirements and maintain audit readiness, including **NERC CIP-003-8** (where applicable).

+ Define and report **security performance metrics, risks, and improvement plans** for senior leadership.

+ Maintain and continuously improve the **incident response plan** and **business continuity interfaces** .

Team Leadership & Collaboration

+ Manage and mentor the **cybersecurity and physical security managers** .

+ Foster strong cross-functional relationships with IT, operations, facilities, and business units to **integrate security** into daily operations and strategic initiatives.

Job Knowledge:

+ Working knowledge of IT hardware, operating systems, applications, and datacenter operations.

+ Expertise in cybersecurity tools, network topologies, intrusion detection/prevention, and network security.

+ Familiarity with physical security systems, site assessments, CCTV operations, perimeter defense, and visitor/access control management.

+ Experience interpreting and implementing cybersecurity and physical security regulations/standards (e.g., NIST CSF, DOE C2M2, ASIS, DHS CISA, NFPA, and NERC CIP low- and medium-impact physical security requirements where applicable).

+ Strong understanding of documentation processes, operational procedures, project planning and management, and audit practices.

Abilities and Skills:

+ Proven ability to lead and develop teams (cyber and physical security) and manage contractors/vendors.

+ Strong oral and written communication; effective presentation skills for technical and executive audiences.

+ Demonstrated customer and colleague relationship-building skills; cross-functional collaboration.

+ Strength in risk assessment, incident/crisis management, analytical thinking, problem solving, conflict resolution, and adaptability.

+ Familiarity with CIS (Center for Internet Security). security frameworks and maturity models.

**Relationships and Contacts:** Must maintain the internal and external relationships necessary to achieve the purpose of the position and desired results. Works cooperatively with staff members across divisions and with key partners to resolve mutual operational challenges and meet corporate policies, procedures, and goals. Interacts with NCEMC member organizations, vendors, consultants, contractors, law enforcement, and regulatory bodies as necessary to accomplish objectives.

**Reports to:** Chief Information Officer (CIO)

Working Conditions:

+ Normal business hours with occasional overtime.

+ Travel ~20% across the state of North Carolina to remote NCEMC locations (substations, control centers, generation facilities, and offices).

+ Ability to lift and move items up to 25 pounds as needed.

**Company Profile** **:** NCEMC ( https://www.ncelectriccooperatives.com/who-we-are/ ) is one of the largest generation and transmission cooperatives in the nation and is the power supplier for most of the state's member cooperatives. NCEMC acquires the power it sells to its member cooperatives in a number of ways, including asset ownership and Purchased Power Agreements.

_North Carolina Electric Membership Corporation provides equal employment opportunities (EEO) to all applicants for employment._

Equal Opportunity Employer

This employer is required to notify all applicants of their rights pursuant to federal employment laws.

For further information, please review the Know Your Rights (https://www.eeoc.gov/poster) notice from the Department of Labor.