The National Rural Electric Cooperative Association (NRECA), with offices in Arlington, VA and Lincoln, NE is the trade association for over 900 consumer-owned electric cooperatives serving more than 42 million people. NRECA is committed to harnessing the strength of America's electric cooperatives into a single powerful voice. NRECA has won the following awards over the past few years:
* Top Workplace by the Washington Post * 100 Best Places to Work - ComputerWorld Magazine * 50 Best Places to Work - The Washingtonian * CARE Award Recipient - Recognizing organizations that promote a positive work-life balance * Best Place to Work Award Recipient - Lincoln, NE * Gold Well Workplace - Wellness Councils of America * State of NE Governor's Wellness Award - Grower Level
At NRECA, we work with people who are leaders in their fields. They are down-to-earth, hardworking professionals committed to helping our members serve their communities. Our work is interesting, constantly evolving, and requires new skills to meet the evolving needs of a dynamic industry. In this collegial, inclusive work environment, united around the compelling purpose and history of electric cooperatives, we thrive. And topping it off, NRECA cares about each person's overall well-being, encouraging health, financial security, and a sustainable work/life balance. EEO/AA- M/F/Disability/Protected Veteran Status/Genetic Data
Summary Principal IT Program Manager (Information Security) P.5
Position Summary: Under CISO direction, responsible for all aspects of the development and implementation of assigned complex programs; provides a single point of contact for those programs (management and analysis). Leads multidisciplinary Information Security programs and teams to address risks and/or information security issues. Programs are typically large scale with development and implementation requiring multiple teams and 12+ months to complete. Recognized as a subject matter expert within the company.
Essential Duties and Responsibilities:
Responsible for all aspects of the development and implementation of assigned complex Information Security programs and provides a single point of contact for those programs (management and analysis). Takes complex, multidisciplinary programs from original concept through final implementation. Leads cross-functional and multidisciplinary program teams to address business and/or systems issues.
Defines, analyzes and manages program scope, objectives and efficiency.
Develops detailed work plans, schedules, program estimates, resource plans, and executive reports. Conducts program meetings and is responsible for program tracking and analysis.
Authors and ensures adherence to best practices, quality standards and reviews program deliverables. Selects and manages the integration of vendor resources; tracks and reviews vendor deliverables.
Participates in the development of functional strategy for the department.
Provides technical and analytical oversight multiple, simultaneous project teams.
Recognizes, recommends and takes action to direct the analysis and solutions of problems.
Establishes systems analysis methodology and documentation standards, providing guidance to lower level staff.
Analyzes, refines, and documents complex system user requirements including functional objectives of system, data sources and availability, including cross-system integration requirements.
Provides consultation to users in the area of automated systems.
Networks with key contacts outside in area of expertise to grow existing knowledge base.
Responsible for the proper security and disposal of any confidential information that he or she may possess in the course of performing this position's job duties, as well as ensuring staff compliance with security protocols in accordance with NRECA's Personnel and Administrative Policy and HIPAA Privacy and Security Policies and Procedures Manuals.
Direct Reports to this Position: Supervises contracted personnel
Requirements and Qualifications
Formal Education Required: Bachelor's degree in Computer Science, Information Systems, Business Management or a related discipline.
Experience and Certifications Required:
Twelve years of related systems analysis experience with demonstrated project management experience.
Experience with Scaled Software Development Life-Cycle mythologies, applications and techniques.
Experience using RDBMS, MS Office products and diagramming software.
5 Years of specialized Information Security experience with demonstrated knowledge of Information Security Domains.
Multiple industry credentials and professional certification in a primary field (i.e., CSP, ACP or PMP) or equivalent technical specifications required.
Experience working with protected data, specifically in Employee Benefits, Financial/Banking industry, Healthcare and/or Trade Associations required.
Knowledge, Skills and Abilities Required:
Manage the information security program and projects that focus on technical security controls to meet internal polices and compliance with regulatory and industry standards.
Ability to analyze system/ data/ functional/ integration impacts across various applications and complex application architecture as demonstrated by prior work experience.
Ability to lead functional teams or projects with moderate resource requirements, risk, and/or complexity.
Ability to define issues, establish facts and draw valid conclusions and apply to work environment as demonstrated by prior work experience.
Ability to effectively interact with others and work in a team environment and providing follow-up when needed as demonstrated by prior work experience.
Ability to manage competing deadlines and multiple projects at various stages of development using effective organization skills as demonstrated by prior work experience.
Ability to perform and work on multiple tasks while being flexible and able to cope with changing conditions/policies/procedures in a fast-paced and sometimes intense working environment, while staying productive and maintaining a high level of accuracy as demonstrated by prior work experience.
Ability to understand of key information security concepts, best practices and frameworks. (ie NIST CSF, PCI, HIPAA)
Ability to anticipate internal and or external business challenges and/or regulatory issues; recommends process, product or service improvements as demonstrated by prior work experience.
Ability to communicate, both verbally and in writing, with a diverse membership and employees in a clear and precise manner,as demonstrated by prior work experience.
Ability to coach, train and mentor lower level staff.
Ability to use Microsoft Office tools (Excel, Word, Power Point) in the day-to-day essential duties of the job as demonstrated by prior work experience.
Ability to operate various office equipment such as personal computer, copier, printer, fax machine, 10-key adding machine, and multiple line telephone as demonstrated by prior work experience.
Essential Physical Requirements:
The worker is required to have close visual acuity to perform an activity such as: preparing and analyzing data and figures; transcribing.
Exerting up to 20 pounds of force occasionally, and/or up to 10 pounds of force frequently, and/or a negligible amount of force constantly to move objects. If the use of arm and/or leg controls requires exertion of forces greater than that for sedentary work and the worker sits most of the time, the job is rated for light work.
Disclaimer Statement: The preceding job description has been written to reflect management's assignment of essential functions. It does not prescribe or restrict the tasks that may be assigned.