Manager, IT Security

PURPOSE STATEMENT

The Manager, IT Security is responsible for leading and operating a comprehensive, risk‑based cybersecurity and information protection program for a regulated utility environment. This role will provide enterprise leadership for security strategy, governance, risk management, security operations, incident response, identity and access management, vulnerability management, and security architecture. This position requires deep technical breadth, strong management skills, and executive‑level judgment. The Manager, IT Security serves as a key advisor to IT and business leadership, translates cyber risk into business impact, and contributes to enterprise technology decision‑making.

ESSENTIAL FUNCTIONS/RESPONSIBILITIES

• Manages a team to oversee security operations, including monitoring, detection, investigation, and response activities.
• Manages security technologies and platforms, including but not limited to email security, endpoint detection and response (EDR), vulnerability management, identity protection, and logging/SIEM solutions.
• Creates programs designed to increase cybersecurity awareness within the company such as phishing campaigns and annual cybersecurity training programs.
• Leads cybersecurity incident investigations, coordinate containment and recovery activities, and engage external resources as required.
• Develops, maintains, and regularly tests incident response plans and playbooks, including tabletop exercises with IT and business stakeholders.
• Leads the design, implementation, and continuous improvement of the enterprise information security program.
• Develops and maintains security strategy, policies, standards, procedures, and multi‑year roadmaps aligned with business objectives and regulatory requirements.
• Establishs security metrics and dashboards to measure effectiveness and report risk posture to IT leadership and executives.
• Maintains an enterprise security risk register, including risk assessments, remediation plans, and formal risk acceptance documentation.
• Leads vulnerability scanning, prioritization, remediation tracking, and reporting across infrastructure, applications, and cloud environments.
• Partners with Infrastructure, Applications, OT, and Operations teams to manage patching cadence, exceptions, and remediation SLAs.
• Stays current on emerging cybersecurity threats, vulnerabilities, and industry‑specific risk trends affecting utility operations.

OTHER FUNCTIONS/RESPONSIBILITIES:

• Ensure compliance with IT controls, including preparing and approving audit reports.
• Manage operational budget and expenses related to both new purchases and existing cybersecurity services.
• Effectively manage strategic and highly visible projects related to cybersecurity and other IT initiatives.
• Comply with all safety rules and cooperate in the fullest in the promotion of safety and safe work habits, to include the reporting of any unsafe conditions or acts. Maintains all EH&S training on a current basis.
• Performs all other related duties as instructed by supervisor/manager.

Required Education and/or Work Experience:

• Bachelor’s degree in management information systems, information technology, computer science, or related field.
• Seven (7) or more years of experience in IT operations and management, including leading technical projects, analyzing business processes, and implementing systems and process improvements.
• Demonstrated experience leading and managing systems and vendor relationships with SOC and SIEM services.
• Three (3) or more years of experience managing a technical team.
• Demonstrated experience in managing large technical projects with budgets > $100K.
• Proficient in Microsoft 365 tools, especially Word, Excel, Project, Visio, and PowerPoint.

Preferred Education and/or Work Experience:

• Two (2) or more years of experience in software development.
• Two (2) or more years of experience in using scripting languages (e.g., Python, PowerShell).
• Graduate degree in Information Science, Engineering, or a similar discipline preferred.
• Hands-on experience with cloud-based SaaS, IaaS, and PaaS solutions.
• Experience in the energy and utilities industry.
• Experience in development of AI strategy in risk management and productivity applications.
• Knowledgeable in business processes such as sales, accounting, and IT service management.
• Familiarity with SOX audit requirements.

Required Licensure, Certification, Registration, or Designation:

• CISSP or equivalent cybersecurity certifications.
• Valid Hawaii Driver’s License.

Preferred Licensure, Certification, Registration, or Designation:

• IT Information Library Version (ITIL) 3 or 4 certifications.
• Six Sigma Green Belt or higher.
• PMP (Project Management Professional).
• The Open Group Architectural Framework (TOGAF) 9.x or 10.x certification.