Plus Power is an energy storage market leader seeking a Principal Cybersecurity Engineer to lead and execute on key cybersecurity activities and protections. The ideal candidate has deep expertise in cybersecurity principles and frameworks and has built or managed InfoSec, AppSec, SecOps, identity and access management, and data privacy programs.
Requirements
- Work day-to-day with a broad set of stakeholders and contributors to drive Plus Power’s cybersecurity program and activities aligning with the company’s compliance and security postures
- Promote secure by design and secure by default strategies
- Baseline, monitor, identify, and assess security vulnerabilities and risks in applications and infrastructure across operational technology (OT), information technology (IT), data science, and data engineering environments
- Own and drive the resolution of different security events, control gaps, policy questions, and technical security risks
- Contribute to building repeatable/reusable/systematic security processes and frameworks to identify potential security events, quantifying and documenting their feasibility, and enumerating the potential blast radius for the organization
- Manage the company’s Compliance & Security Posture Management (CSPM) Platforms, and advance the enterprise's efforts to obtain cybersecurity framework certifications that align with compliance posture along with attestations to reassure internal stakeholders and external customers of our cybersecurity posture
- Provide project management for the implementation of security controls while operating cross-functionally
- Conduct automated evidence collection operations to guarantee the longevity and uniformity of our controls
- Assist with identification and mitigation of cybersecurity risks including compliance concerns (SOX, ISO, NERC-CIP, NIST CSF 2.0)
- Develop, communicate, and assess the compliance stance of the framework in relation to internal and external policies
- Build out and run a Third-Party Cyber Risk Management (TPRM) Program and mitigate systemic risk from security posture vendors and end-to-end software supply chain
- Communicate and maintain cybersecurity and risk metrics for senior executives and leaders of various business units
- Work with External Relations team on proposed cybersecurity legislation and regulations
- Work with Legal and Compliance team to establish cybersecurity controls to facilitate compliance with applicable laws and regulations
Benefits
- Unlimited vacation
- Flexible remote work
- Work from home stipend
- Educational assistance
- Parental leave
- Highly engaging company culture with opportunities for in-person connection and learning and growth
