Sr. Manager IT Security

Position Information:

Job Title: Sr. Manager - IT Security

Location: Orange CT

Salary Range: $155600 - $194500

Schedule: On Site - Office

Job Summary

The Sr. Manager Network & Infrastructure Security is accountable for the security-by-design operational resiliency and lifecycle governance of Avangrids network security and enterprise infrastructure security platforms. This role leads two teams responsible for protecting connectivity and critical IT services across the enterprise: (1) Network Security (firewalls IPS/IDS network segmentation perimeter security and cloud network security) and (2) Infrastructure Security / IT Security (enterprise security platforms identity & access management privileged access endpoint security vulnerability management and compliance support).

Key Responsibilities

Strategy Roadmap and Operating Model

• Leads and integrates Network Security and Infrastructure Security capabilities establishing a cohesive operating model clear ownership and measurable outcomes for protection of enterprise connectivity and IT platforms.
• Defines the technology strategy target-state architecture and multi-year roadmaps for network security and enterprise infrastructure security services aligned to Avangrid standards business priorities and the enterprise risk posture.
• Establishes lifecycle management programs to ensure security technologies are correctly deployed maintained patched and modernized; manages roadmaps aligned to enterprise strategy technology evolution and continuous transformation.

Network Security and Infrastructure Security Platforms

• Provides leadership over current and future enterprise security technologies and services including platforms such as Fortinet Palo Alto Check Point Cisco WAF and edge security platforms such as Akamai WAF secure web gateway/proxy platforms such as Zscaler privileged access platforms such as CyberArk network detection and response platforms such as ExtraHop or equivalent enterprise technologies.
• Defines and governs engineering standards reference architectures and technology guardrails for network security controls (e.g. perimeter segmentation IDS/IPS and cloud network security) and infrastructure security platforms (e.g. identity and access management privileged access endpoint security vulnerability management and security tooling operations).
• Champions security-by-design by embedding security requirements into architecture engineering standards configuration baselines and operational processes.
• Provides security leadership and architectural governance for cloud network and infrastructure security capabilities in partnership with Cloud and Platform teams.
• Leads hardening management by selecting applicable standards and reference guides defining configuration baselines prioritizing controls and establishing maturity levels for secure infrastructure and network security profiles.

Firewall SD-WAN Segmentation and Secure Connectivity

• Drives modernization and standardization of enterprise firewall and SD-WAN services including policy governance rule base optimization segmentation alignment VPN/NAT standards high availability logging monitoring change validation and operational readiness.
• Defines segmentation and secure connectivity patterns (e.g. site-to-site connectivity remote access cloud connectivity and third-party connectivity) that reduce exposure support resiliency and enable business outcomes.
• Partners with architecture and engineering stakeholders to ensure consistent implementation of perimeter internal segmentation and edge security controls across enterprise and cloud environments.

Operations Resiliency and Compliance

• Delivers high levels of operational security resiliency and reliability for network and infrastructure security services; defines operational programs and identifies opportunities for improving operational efficiency and reliability as demanded by Avangrid corporate applications.
• Manages operational security performance including service reliability incident response partnership threat containment support vulnerability remediation execution and continuous improvement of controls and monitoring.
• Ensures resiliency and availability of security services through capacity planning high-availability design principles disciplined change management and operational readiness practices.
• Leads regulated-utility security alignment activities including audit support risk assessments policy adherence evidence collection and remediation planning in partnership with compliance and control owners.
• Reduces operational bottlenecks by improving intake design review implementation standards escalation models documentation and automation opportunities to strengthen L3 engineering support.

Stakeholder Vendor and Financial Management

• Partners with Cybersecurity Corporate Security Risk Infrastructure Cloud and Network Engineering teams to align priorities manage shared dependencies and drive enterprise security outcomes.
• Manages vendor relationships and service delivery expectations including operational KPIs/SLAs contract performance service reviews and financial stewardship for assigned programs and platforms.

People Leadership and Workforce Development

• Provides leadership for managers technical leads and individual contributors: sets objectives manages performance develops skills and career paths executes workforce planning and builds an inclusive high-performing culture.
• Builds team capability through mentoring coaching hiring and succession planning to support an evolving security and network technology landscape.

Required Qualifications

• Bachelors degree in computer science cybersecurity information systems engineering or a related field and a minimum of ten (10) years of relevant experience. An equivalent combination of education and experience may be considered.
• Relevant experience to include a minimum of five (5) years as a Technology Manager including direct people leadership and accountability for service delivery operating model maturity and multi-team execution.
• Demonstrated leadership across enterprise network security and infrastructure security capabilities in a large-scale complex environment including enterprise firewall SD-WAN WAF IDS/IPS segmentation secure connectivity (VPN/NAT) cloud network security identity and access management (IAM) privileged access management (PAM) endpoint security vulnerability management network detection and response (NDR) and security tooling operations.
• Strong understanding of firewall policy lifecycle management rule review and optimization segmentation strategy VPN/NAT governance high availability logging monitoring change validation and audit evidence requirements.
• Experience leading enterprise security platforms and vendors such as Fortinet Palo Alto Check Point Cisco Akamai WAF Zscaler CyberArk ExtraHop or equivalent enterprise technologies.
• Ability to establish governance engineering standards and operating rhythms that improve security outcomes service reliability and delivery predictability.
• Experience defining and managing operational metrics including KPIs and SLAs; leading service reviews; maintaining operational dashboards; and producing executive reporting risk summaries roadmap updates and decision materials.
• Ability to organize prioritize and coordinate multiple work activities and meet target deadlines.
• Ability to communicate with and influence technical and non-technical customers colleagues and vendors.
• Ability to share knowledge and mentor and manage less experienced team members.
• Strong commitment to personnel safety and IT security.
• Travel within the US and to Europe may be required as needed.

Preferred Qualifications

• Masters degree in IT Cybersecurity Engineering Business Administration or related field.
• Experience with Fortinet technologies such as FortiGate FortiManager FortiAnalyzer and Secure SD-WAN or equivalent firewall and SD-WAN platforms.
• Experience with enterprise firewall platforms such as Fortinet Palo Alto Check Point Cisco or equivalent enterprise technologies.
• Experience with WAF and edge security platforms such as Akamai WAF or equivalent enterprise technologies.
• Experience with proxy or secure web gateway platforms such as Zscaler or equivalent enterprise technologies.
• Experience with privileged access management or identity security platforms such as CyberArk or equivalent enterprise technologies.
• Experience with network detection and response platforms such as ExtraHop or equivalent enterprise technologies.
• Relevant certifications in network security firewall SD-WAN cybersecurity infrastructure security identity security or IT service management.

Competencies:

• Growth & Continuous Improvement

• Initiative & Change
• Focused on Results
• Customer Centric (internal and/or External)
• Communication
• Collaboration
• Leadership (people managers/leaders)

What We Offer:

• Competitive benefits and growth opportunities
• Generous performancebased bonuses
• 12% 401(k) match
• Comprehensive health dental and vision insurance
• Tuition reimbursement
• Professional development and clear careeradvancement pathways

For more information please visit: Benefits - Avangrid

#LI-Onsite; #LI-CH1

Company:

Mobility Information

Please note that any applicant who is not a citizen of the country of the vacancy will be subject to compliance with the applicable immigration requirements to legally work in that country.

At Avangrid we provide fair and equal employment and advancement opportunities for all employees and candidates regardless of race color religion national origin gender sexual orientation age marital status disability protected veteran status or any other status protected by federal state or local law.
If you are an individual with a disability or a disabled veteran who is unable to use our online tool to search for or to apply for jobs you may request a reasonable accommodation by contacting our People and Organization department at .

Avangrid employees may be assigned a system emergency role and in the event of a system emergency may be required to work outside of their regular schedule/job duties. This is applicable to employees that will work in Connecticut Maine Massachusetts and New York within Avangrid Network and Corporate functions. This does not include those that will work for Avangrid Power.

Avangrid employees may also be assigned a NERC Reliability Standards compliance role supporting Critical Infrastructure Protection (CIP) and/or Operations and Planning (O&P) responsibilities. This is applicable to employees that will work in electric transmission operations and cyber security business areas in Connecticut Maine Massachusetts and New York within Avangrid Network and Corporate business areas. NERC Reliability Standards compliance roles and responsibilities may include additional access protections training audit engagement and required evidence retention and will be communicated by the employees management.

Job Posting End Date: