Sr Director - Cyber Security Strategy & Programs
Company: General Electric
Location: Austin, Texas
Posted: November 22, 2017
Reference ID: 3029904
GE is the world's Digital Industrial Company, transforming industry with software-defined machines and solutions that are connected, responsive and predictive. Through our people, leadership development, services, technology and scale, GE delivers better outcomes for global customers by speaking the language of industry.
Baker Hughes, a GE company (NYSE:BHGE) is the world's first and only fullstream provider of integrated oilfield products, services and digital solutions. We deploy minds and machines to enhance customer productivity, safety and environmental stewardship, while minimizing costs and risks at every step of the energy value chain. With operations in over 120 countries, we infuse over a century of experience with the spirit of a startup - inventing smarter ways to bring energy to the world.
Follow Baker Hughes, a GE company on Twitter @BHGECo at http://www.twitter.com/BHGECo , or visit us at BHGE.com .
GE offers a great work environment, professional development, challenging careers, and competitive compensation. GE is an Equal Opportunity Employer at http://www.ge.com/sites/default/files/15-000845%20EEO%20combined.pdf . Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.
This role will lead the Cyber Security, Risk, and Compliance Strategy for BHGE. This forward-looking role will understand the current capability, capacity of the CSRC organization against the BHGE business priorities to build a strategic security roadmap. Develop and maintain organizational metrics to measure maturity and program/project progress. Spans three distinct business environments - Enterprise Architecture, OT/Factory environments, and Predix.
+ Develop a deep understanding of the current architectural design, program and project demands on the CSRC organization. Ensure recognized best-practices are fully cataloged, documented and readily accessible for re-use by project teams.
+ Drive a focus of automation across the CSRC organization. Recognize and implement opportunities for reducing repetitive, manual tasks, esp. in the area of controls testing.
+ Define and assess BHGE's Cyber Security, Risk, and Compliance organizational capabilities and maturity against recognized industry frameworks (e.g. NIST CSF, Product Security)
+ Establish a comprehensive roadmap to further mature BHGE's cyber security capabilities, including the development of on-going measurements to track progress
+ Program manage the delivery and embedding of major functional enhancements across the CSRC organization
+ Develop a program to review and consolidate the security and compliance landscape of applications/tools. Drive implementation of an end to end GRC tool.
+ Liaise across the BHGE DT organization to understand business imperatives, strategic drivers, and the inherent risk of these plans. Establish a forward-looking, secure infrastructure environment to support these business objectives.
+ Engage with GE Corporate, technology providers, and industry leaders to understand emerging trends in infrastructure, cloud technology, automation, sensor technology, etc. and develop a roadmap for leveraging these new ways of working. Actively participate on committee and working groups to further the securing of our infrastructure environments.
+ Create a clear understanding of the program and project demands on the CSRC organization and look for ways to best deliver these consultancy services.
+ Continually focus on understanding new threats to the BHGE landscape and communicating these threats in business terminology.
+ Communicate and present to executive leadership
+ Liaise with Enterprise Architects and Security Architects to build and continuously update security controls to meet new threats
+ Familiarity with DoE, NRC, NIST, DHS, & ISO 2700x security requirements and risk management frameworks
+ Bachelor's Degree in Information Systems, Information Technology, Computer Science, or Engineering from an accredited College or University OR High School Diploma / GED with a minimum of 4 years of industry experience
+ Minimum of 10 years of strong IT Security experience and staff leadership
+ Legal authorization to work in the U.S. is required. We will not sponsor individuals for employment visas, now or in the future, for this job.
+ Recognized leader in implementing company-wide secure solutions
+ Hands on experience in addressing Product Security and OT challenges
+ Experience with cloud technologies, security metrics, secure architecture and design, secure network architectures, identity and access management principles, and secure software development
+ Broad background in the following areas: computer / OT security, network security, hardware security, firmware security, and embedded platform security
+ Understanding of engineering product lifecycle management (PLM) and enterprise resource planning (ERP) systems
+ Familiar with Palo Alto and/or CISCO Network infrastructure device (routers, switches, firewall)
+ CISSP or CISM certified
+ Familiarity with DoE, NRC, NIST, DHS security requirements
+ Experience managing / developing IT budgets
+ Proven ability to deliver while under tight timelines
+ Demonstrated ability to proactively analyze and solve complex problems
+ Strong understanding of project management methodologies
+ Experienced with outsourced IT engagements
+ Effective communication skills, listening and negotiation skills in order to articulate ideas and thoughts clearly through various means, including written and oral communications with all levels of the organization
+ Ability to work in a fast paced, performance / quality driven environment
+ Strong organizational, consultative and collaboration skills
+ Ability to build and maintain effective working relationships with all levels of management and staff
+ Strong knowledge and understanding of business needs, with the ability to establish and maintain a high level of customer trust and confidence in the security team's concern for customers
+ All US locations will be considered for this positionAbility to support large and complex BHGE organization, which includes Downstream & Unconventional Products & Services, Drilling & Surface, Lufkin, Measurement & Control, PII Pipeline Solutions, Subsea Systems, and Turbomachinery Products & Services
Locations: United States; Alabama, Alaska, Arizona, Arkansas, California, Colorado, Connecticut, Delaware, District of Columbia, Florida, Georgia, Hawaii, Idaho, Illinois, Indiana, Iowa, Kansas, Kentucky, Louisiana, Maine, Maryland, Massachusetts, Michigan, Minnesota, Mississippi, Missouri, Montana, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, New York, North Carolina, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Carolina, South Dakota, Tennessee, Texas, Utah, Vermont, Virginia, Washington, West Virginia, Wisconsin, Wyoming; Houston, all U.S. cities, remote
GE offers a great work environment, professional development, challenging careers, and competitive compensation. GE is an Equal Opportunity Employer at http://www1.eeoc.gov/employers/upload/eeoc_self_print_poster.pdf . Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.
GE will only employ those who are legally authorized to work in the United States for this opening. Any offer of employment is conditional upon the successful completion of a background investigation and drug screen.