Description
Calpine Corporation is America's largest generator of electricity from natural gas and geothermal resources with operations in competitive power markets. Its fleet of 77 power plants in operation represents over 27,000 megawatts of generation capacity. Through wholesale power operations and its retail businesses, Calpine serves customers in 22 states and Canada. Its clean, efficient, modern and flexible fleet uses advanced technologies to generate power in a low-carbon and environmentally responsible manner. The company was established on the premise that a strong commitment to the environment is inextricably linked to excellence in power generation and corporate responsibility. Since its founding in 1984, Calpine has led the power industry in its unwavering commitment to environmental stewardship. In addition, its renewable geothermal plants use steam generated deep below the earth's surface to produce clean, renewable electricity. Job Summary (includes but is not limited to the following, other duties may be assigned) The Information Technology Director - Governance, Risk, and Compliance (GRC) is primarily responsible for providing leadership, as well as operational and tactical direction to diverse teams, including analysts, advisors, and architects. The Director also provides strategic direction in coordination with the Chief Security Officer (CSO) leadership team. The Director leads the team through the GRC program by establishing highly effective policies, corporate protocols, and appropriate collaboration among teams. In addition, the Director assumes responsibility for the education and enforcement of GRC protocols and matters of compliance. The Director possesses a strong technical background and understands risk mitigation and technical controls. The Director is expected to lead teams that perform technical work and must possess leadership qualities. This position requires strong written and oral communication skills, as well as the ability to communicate detailed, technical information in a manner comprehensible by individuals at varying degrees of experience and skill level. The role requires the ability to speak confidently in front of large groups and with corporate management, vendors, and service providers. The Director also contributes to the company GRC strategy and roadmap. Job Responsibilities
- Oversees, evaluates, and supports the documentation, validation, assessment, and authorization processes necessary to assure that existing and new information technology (IT) and operational technology (OT) systems meet the organization's cybersecurity, regulatory, and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives.
- Ensures all regulatory requirements for new and operating assets are known, tracked, prepared for and met on time. Assists with the submission of accurate and timely reports as required by senior management and regulatory agencies.
- Research compliance issues and trends, formulate recommendations and solutions to support conclusions, and provide practical advice for corrective action, innovation, and continuous process improvements. Assist with presenting findings and recommendations to stakeholders and leadership teams. Secure management action plans for remediation and monitor remediation progress and timeliness.
- Incorporate cybersecurity provisions in contracts/agreements with third parties.
- Manages multiple functions within a department with responsibility for results in terms of costs, methods and employees.
- Responsible for performance reviews, promotional decisions, and pay actions for top professionals and management.
- Develops productive business partner relationships and proactively interacts with key management personnel at all levels to gather information, resolve problems, and make recommendations for business process improvements
- Recognizes his/her personal developmental needs and is proactive in obtaining the coaching, networking, and training needed to ensure his/her continued success in the position.
- Creates a working environment that is conducive to two-way communication, teamwork, and learning.
- Recognizes the varying strengths, skills and needs of the team and adapts his/her coaching skills to obtain the best possible results from each individual contributor.
- Openly supports the organization, the management team and executive leadership team, even during times of adversity.
- Utilizes open communication and managerial courage to ensure the standards, expectations and goals of the organization are respected and upheld.
- Acts as a change agent and drives the department and business forward using effective management, analysis, and strategic skills.
- Assumes responsibility for other duties as required or assigned.
Job Requirements
- Bachelor's degree in Computer Science, Information Assurance, Management Information Systems (MIS) or equivalent, prefer Master's Degree in Information Systems OR equivalent work experience.
- CISA, GRCP, CISSP, CISM, GIAC preferred.
- Preferably 15+ years of hands-on GRC experience, with at least 3-5 years in a team leadership role.
- In-depth knowledge of security standards and frameworks such as NIST, NERC CIP, TSA Pipeline, PCI, and SOX.
- Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
- Cybersecurity Supply Chain Risk Management experience.
- Experience with RSA Archer eGRC.
- Excellent problem-solving skills and entrepreneurial spirit: ability to create and maintain organizational systems for a large amount of data and regulatory documents.
- Attention to detail and the ability to prioritize numerous assignments in a fast-paced environment while meeting deadlines.
- Willingness and ability to master regulatory requirements, processes, and technical information quickly.
- Ability to develop systems, identify potential issues, and adapt to a fast-changing environment.
- Strong understanding of information and operational technology (IT and OT) systems, networks, SCADA, EMS, and terminology.
- Ability to communicate technical concepts to non-technical stakeholders.
- Monitor ongoing industry changes to applicable NERC CIP and other Standards.
- Possess excellent communication and interpersonal skills.
- Ability to prepare and disseminate training on CIP and cybersecurity topics, best practices, and company-wide processes.
- Possesses a high level of integrity, trustworthiness, and confidence, and represents the company and its management team at the highest level of professionalism.
- Demonstrates strong analytical skills and is effective at interpreting and applying applicable regulation.
- Works effectively with a variety of personalities and can adapt his/her approach to effectively reach and develop his/her team. Uses this skill as well as his/her functional knowledge to both earn and maintain a high level of credibility with the team.
Additional Benefit - Hybrid with On-Site in Houston, TX: Three times a week with Manager approval
Additional Calpine Information
- Equal Opportunity Employer of Minorities, Females, Protected Veterans, and Individuals with Disabilities.
- Calpine is committed to Equal Employment Opportunity and providing reasonable accommodations to applicants with physical and/or mental disabilities. If you are interested in applying for employment and need special assistance or an accommodation to use our website or to apply for a position, please send an e-mail with your request to hrrecruitment@calpine.com. Determination on requests for reasonable accommodation are made on case-by-case basis.
Please view Equal Employment Opportunity Posters provided by OFCCP here
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)
|