Cyber Risk Management Jobs in Seattle, WA (NOW HIRING)

Position Description Seattle City Light, a department of the City of Seattle, is one of the nation's largest municipally owned utilities in terms of the number of customers served. Over the years we have worked very hard to keep Seattle's electricity affordable, reliable, and environmentally sound. Today, City Light is a recognized national leader in energy efficiency and environmental stewardship.

The Cyber Risk Manager is responsible for leading the cyber risk management function, ensuring that cybersecurity risks are identified, assessed, mitigated, and monitored effectively. This role combines team leadership with hands-on risk management, working cross-functionally to align cybersecurity initiatives with business objectives and regulatory requirements. This role supports governance processes, risk frameworks, standards of practice, security controls design and development, and other proactive risk management activities.

In addition, this role may support cyber security incident detection and response activities and will work with cyber security systems and toolsets. This position works with various groups within the utility, as well as with the City's IT department to monitor and manage risk for the utility's critical information and operational technologies - helping to enable Seattle City Light's vision of delivering clean, reliable, and affordable power. This position will report to the City Light Cyber Security Senior Manager, CISO Job Responsibilities Lead, mentor, and develop a team of cyber risk specialists and consultants.

Set team goals, performance expectations, and professional development plans. Foster a culture of accountability, trust, collaboration, and continuous improvement. Lead implementation and enhancement work for cyber risk management workflows, dashboards, and reports within Archer GRC to meet business and regulatory needs.

Drive automation and efficiency through effective use of Archer capabilities. Oversee the cyber risk register and associated issues management functions for cyber risks, to ensure risk items are being properly communicated and addressed by stakeholders. Maintain the risk management frameworks and metrics used to monitor and report on risks, maturity, and progress of the cyber security program, which helps to identify high priority goals and support roadmap development.

Track and communicate cyber risk posture and key metrics to City Light Cyber Security Sr Mgr, CISO. Directly conduct or support third-party/consultant conducting of cyber risk assessments. Risk assessments may include OT/SCADA environments, IT/OT convergence areas, Grid Modernization technology, and various other existing and emerging utility technologies.

Assess and provide subject-matter expertise and guidance on cybersecurity risk for technology projects and change requests. Support utility cyber security objectives, to include compliance, safety, reliability, and business continuity/disaster recovery initiatives. This includes leading/participating in various security enhancement projects to improve cyber security controls, and ensuring operational technology practices comply with organizational policies, industry best practices, and NERC-CIP regulatory requirements.

Lead development of policies, guidelines, and standards to ensure the safety, reliability, availability, confidentiality, and integrity of a wide range of operational technologies to include SCADA systems, HMIs, RTUs, various IEDs, internal and perimeter communications, and other applicable devices or supporting services. Support the vulnerability management program, to include developing policies and procedures for assessing systems for vulnerabilities, advising system owners on remediation strategies, and leveraging penetration testing where appropriate to validate controls and presumed security levels. Participate in 24/7 standby watch duty rotation.

Standby personnel are responsible for responding to cybersecurity alerts and incidents, triage and prioritize events, and ensure timely escalation in accordance with incident response procedures. Support incident response activities to minimize risk of compromised systems without impeding real time power grid operations. Support cyber security threat management activities, to include gathering, analyzing, and assessing the current and future threat landscape; understanding threats to City Light infrastructure and operational missions; and developing and sharing threat intelligence through collaborative efforts to include coordination with DHS, US-CERT, MS-ISAC, E-ISAC, WSFC, FBI, SPD, and other threat sharing vectors.

Develop threat summary reports and provide appropriate communications to leadership and operations staff. Support cyber security training and awareness efforts to include developing security awareness materials, supporting role based cyber security training for technical staff, and developing cyber security exercises. Keep abreast of technological advancements and operational technology cyber security best practices for the electric power grid.

Maintain subject matter expertise and represent City Light through various collaborative efforts, such as industry partnerships and participating in cyber security conferences, workshops, and information sharing. Additional duties as assigned. Qualifications Education: Bachelor's degree in Cyber Security, Computer Science, Technology Management, SCADA/Communications Engineering, or a closely related field, or an equivalent combination of education, training, and experience.

Experience: Five years of progressively responsible experience in threat management, information assurance, security operations, systems engineering, security policy development/administration, and/or security tool administration and use, preferably in an electric utility environment. Desired Qualifications - You will be successful if you have the following experience, skills, and abilities: Understanding of Power Grid Operational Technologies. Ability to plan, manage, and execute multiple tasks and projects within defined timelines.

Experience using GRC/IRM tools for cybersecurity processes Experience with NERC-CIP cyber security requirements and compliance. Background in common information and operational technologies applied in Utilities. Ability to work in fast-paced government technology environment; to work as a productive member of a professional team, as well as initiative to be a self-starter; ability to work under pressure, multi-task, and rapidly change priorities.

Please note this job advertisement is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice. Emergency Response Commitment: Seattle City Light is committed to reliable service during emergencies.

Through our Emergency Response Program, each employee is assigned a role-usually aligned with their regular duties-to support emergency operations. Your participation is vital to helping the utility stay prepared and serve our community when it matters most. Additional Information The full salary range for this position is $62.59 to $93.90 per hour

Application Process Please submit the following with your online application: A cover letter in which you clearly describe how your knowledge, experience, skills, and abilities prepare you for the job responsibilities and qualifications outlined in the job announcement A current resume of your educational and professional work experience. Incomplete recommendations may not be accepted. Who May Apply: This position is open to all candidates that meet the qualifications.

Seattle City Light values diverse perspectives and life experiences. Applicants will be considered regardless of race, color, creed, national origin, ancestry, sex, marital status, disability, religious or political affiliation, age, sexual orientation, or gender identity. Seattle City Light encourages people of all backgrounds to apply, including people of color, immigrants, refugees, women, LGBTQIA+, people with disabilities, veterans, and those with diverse life experiences.

Job offers are contingent on the verification of credentials and other information required by the employment process, including the completion of a background check. The background check will involve a criminal history check, which includes conviction and arrest records in compliance with the Seattle's Fair Chance Employment Ordinance, SMC 14.17and the City of Seattle Personnel Rule 10.3. A driving history review may be conducted in compliance with SMC 4.79.020.Applicants will be provided an opportunity to explain or correct background information

The City of Seattle offers a comprehensive benefits package including vacation, holiday, and sick leave as well as medical, dental, vision, life and long-term disability insurance for employees and their dependents. More information about employee benefits is available on the City's website at: https://www.seattle.gov/human-resources/benefits Want to know more about Seattle City Light. Check out our web page: https://www.seattle.gov/city-light/about-us/careers.