Blue Ridge Power (BRP) is seeking a Manager, Digital Security to join our team! The Manager, Digital Security is responsible for the assessment, design, development, deployment, monitoring, compliance, and maintenance of the comprehensive information technology and cyber security programs across the technology ecosystem. 

This role is the Security Subject Matter Expert on all things related to information technology and cyber security and will provide thought leadership on effective assessments, security frameworks, policies, protocols, procedures, and technologies to enhance threat detection, protection, and recovery capabilities in a constantly evolving threat environment. 

Success in this role is defined by successfully identifying, planning for, and mitigating the modern threat landscape, including identifying threat actors, attack vectors, and threat techniques and then recommending and implementing effective protective and adaptive technologies, techniques, and training to reduce overall risk and exposure, as well as the ability to recover quickly and completely from a successful attack incident. 

This position can be remote, preferably within comfortable travel distance of one of our BRP office locations in Asheville or Fayetteville, NC, and any travel will be fully reimbursable. Competitive salary and annual bonus offered. 

What You’ll Do: 

• Roll up your sleeves and perform an individual contributor hands-on role in all areas of information technology and cyber security management. 
• Provide thought leadership and guidance on protective and adaptive technologies to mitigate the risks to the comprehensive technology and information ecosystem, including both on-prem and cloud-based assets. 
• Manage end-to-end security architecture, from identifying requirements, selecting the platforms, designing the technical architecture, and developing the program to final testing, implementation, monitoring, maintenance, and management of the final solution. 
• Identify all corporate information and technology assets that need to be protected and then design a multi-layered protective approach. 
• Develop policies, protocols, procedures, and training to protect all categories of corporate assets, such as edge equipment, access points, servers, personal computers, and mobile devices, as well as all cloud presence, databases, application access, SharePoint sites, email, etc. 
• Recommend and implement the appropriate security framework relative to business and compliance requirements. 
• Partner with business stakeholders, management, and technology teams to identify security needs and exposures and then guide the delivery of cost-effective, multi-layered, high-performance technology and programs to mitigate risks, limit damage, and ensure recovery from attack incidents. 
• Build and maintain healthy relationships with security peers, third-party security vendors, and law enforcement to maintain up-to-date intelligence on current threat events and recommended response actions. 
• Collaborate with Legal and Business Stakeholders to develop business continuity and incident response plans. 
• Conduct continuous monitoring and audits of systems and resources to ensure ongoing compliance with standards for safe and secure operations. 
• Practice self-leadership and promote learning in others by soliciting and acting on performance feedback. 
• Adapt to competing demands, evolving threats, and new responsibilities, providing feedback to others, including upward feedback to leadership. 
• Influence, mentor, and coach team members, and foster open dialogue amongst team members. 
• Additional duties as assigned. 

Must Haves: 

• Demonstrated capability to build from scratch robust, comprehensive, and adaptive information technology and cyber security programs based on accepted security frameworks for the protection of information, technology, and cyber assets – both on-prem and cloud-based. 
• Demonstrated success designing and delivering enterprise-level level security programs in a multi-company, multi-location, mixed-cloud environment. 
• Deep experience and understanding of widely accepted Information Security frameworks, such as CIS, ISO 27001, NIST 800-53, and NIST CSF. 
• A minimum of 5 years of progressively responsible experience in hands-on application of information technology and cyber security. 
• A minimum of 3 years as the senior security leader and subject matter expert with a proven track record of successful security management. 
• Extensive experience with security capabilities within Microsoft Azure, Microsoft 365, IaaS, PaaS, and SaaS environments. 
• Extensive experience with access, authentication, MFA, and SSO functionality.  
• Deep experience across all aspects of security frameworks; Identify, Protect, Detect, Respond, Recover. 
• Ability to educate and coach stakeholders and users on security fundamentals and best practices. 
• Excellent leadership, interpersonal, communication, collaboration, and negotiation skills 

Nice-to-Haves: 

• 2+ years of experience auditing security compliance. 
• Agile (Scrum) project implementation and management experience. 
• Experience collaborating with third-party data providers. 
• Evaluate vendors for security compliance (SOC 2) and negotiate favorable terms for the company. 
• Experience with NERC Reliability Standards used to define the reliability requirements for planning and operating the North American bulk power system under FERC (Federal Energy Regulatory Commission).
• Experience with CIP – Critical Infrastructure Protection.  
• Must possess and maintain a current valid driver's license required.

Education and Certifications: 

• Bachelor’s degree in Computer Science, Computer Technology, Information Technology, Cybersecurity, or a related field is highly preferred. 
• An advanced degree in Computer Science, Cybersecurity, or related fields is a plus.
• Security Certification Required. One of the following: CISSP, CRISC, CISM, CCSP, CEH 

Working Environment and Physical Demands: 

• This position can be remote, preferably within comfortable traveling distance to one of our BRP office locations in Asheville and Fayetteville, NC. 
• Office visits may be required when needed. This could include travel up to 10%.  
• Must be able to sit/stand at a desk and utilize a computer, for extended periods.