Senior Director, Product and Cybersecurity

We are looking for a Senior Director, Product and Cybersecurity leader to join our team in one of today's most exciting technologies in the energy sector. Reporting directly to the CIO, this person is tasked with leading the end-to-end product and cyber security strategies. You will work within the energy sector to find applicable methods to detect security risks and mitigate them rapidly through industry assessment capabilities, developing operational threat analysis tools, and working with the intelligence community to better share and consume actionable threat and intelligence information. You will assist the Product controls and IIoT teams to employ the principals of cyber-informed engineering and conform to regulatory requirements. On a more basic (yet equally important) level, as a savvy IIoT tech product leader, you have a sharp understanding of exactly how the product needs to be engineered across distributed networks, and the importance of the SSDLC for Controls, SCADA, and HMI systems.

The Senior Director, Product and Cybersecurity is the "thought leader" and subject matter expert for BE's Product Security & IIoT Security Innovation. The Senior Director, Product and Cybersecurity demonstrates leadership by supporting customer security efforts, supervising the development of reference architecture across industrial and energy products, in addition to supporting projects, services, operations, and reliability teams.

Responsibilities:

• Responsible for implementing and maintaining the best cyber security practices across all of BE's applications and platforms
• Manage the Corporate Information Security team including global SOC, IP protection, audit, and compliance requirements
• Represent Bloom Energy as the customer facing product leader and subject matter expert within cybersecurity, information security, application, device, and product security
• Develop and deliver external messaging for media, analysts, and other stakeholders
• Maintain relationships with key external stakeholders to stay current with emerging requirements and industry trends and regulations
• Work with other departmental and product leaders and use a high level of judgment to make decisions and oversee complex tasks or problems in areas of operational, product management, manufacturing, technology, or engineering problems outside of set parameters
• Engage external contacts including vendors, contractors, regulatory agencies (ex: NERC, CRISP), industry associations, utility partners and other strategic partnerships within the energy sector
• Provide leadership and subject matter expertise (internal and external) for all aspects of the product Software Security Development Life Cycle
• Drive product requirements while building the strategic roadmap following the best security standards and policies for all customer facing platforms, products, and devices
• Translate technology vision and strategy into robust, executable plans that enhance the customer experience across current and future product offerings
• Work with engineering and product support teams to ensure Industrial Control Systems (inclusive of Distributed Control Systems (DCS), Electric and GAS SCADA and Smart-Grid) Security Architecture based on industry-specific security standards
• Work with department heads and key stakeholders to ensure IP data is protected, and security is integrated into the products, devices, software, and applications for all customer sites
• Collaborate with product support and engineering teams during review of Engineering Change Notifications (ECN's) to ensure data supports fix and follow up with communication to the field and customers
• Partner closely with the Senior Director of Product Reliability to assist with cross functional engineering efforts to implement design for reliability (DFR) and/or Design for Six Sigma (DFSS) into new product development, in addition to driving CI/CD efforts
• Work cross functionally and collaboratively with Bloom's sales, product development, customer installation group, business development and finance teams
• Work with sales and business development to define strategies for new market and segment penetration to include extended industrial markets
• Participate in cybersecurity risk assessments of industrial control systems (ICS) to include all cyber assets, such as: Bloom Electrolyzer, Bloom Energy Saver, DCS, Human machine interfaces (HMIs), Programmable logic controllers (PLCs), Remote terminal units (RTUs), and Supervisory Control and Data Acquisition (SCADA)
• Perform risk and vulnerability research in response to the evolving IIoT threat landscape
• Utilize security metrics reports for ongoing analysis and review of customer product vulnerabilities
• Conduct quantitative and qualitative market analysis including prioritizing potential markets, segments, and customers
• Participate in project meetings and perform security design reviews - from high level architecture through various technologies, configurations, and parameters to meet security goals
• Research latest security best practices, staying abreast of new threats and vulnerabilities and help to disseminate this information to department heads and key stakeholders

Skills & Experience:

• 15+ years of security leadership experience with a minimum of 10+ years leading SaaS based product & product security teams
• 10+ years in Operational Technology (OT), Industrial networking, Cybersecurity, or equivalent role in any organization operating in the Industrial or Energy Sector

• 5+ years in O&G, Energy, Renewables, or multi-disciplinary consulting role
• Any of the following security certifications - CISSP, CISM, CISA, CEH, GICSP, CPP
• Basic understanding of requirements of working safely with fuels such as natural gas, biogas, and hydrogen.
• Familiarity with Energy Management Systems, distribution management systems, generation management systems, demand response systems
• Excellent written and verbal communication skills; proposal exposure desired.
• Knowledge of Electric and/or Gas industrial control networks and operations technology
• Solid understanding of cyber threat profiles and mitigation solutions in the areas of R&D / Labs, Manufacturing and Supply Chain, Customer Data
• Experience with complete product lifecycle development, especially design for service new product introduction (NPI) and end of life service support
• Experience in industrial cyber security standards and guidelines such as ISA 99, API-1164, and NIST 800/SP-800 series, DOE Electricity Sector Cyber Security Capability Maturity Model (ES-C2M2), IEEE standards
• Knowledge of ICS and SCADA protocols, including DNP3, ICCP, 61850, GOOSE, C37.118, ModBus+, ZigBee, 802.11x, RF
• Have experience in industry security standards, guidelines and regulatory/compliance requirements related to information security and cloud computing such as ISO 27001, ISO 27018, NIST 800-53, PCI DSS, SOC2, etc.
• Experience with Advanced Metering Infrastructure (AMI), Distribution Automation (DA) and Smart Grid deployments
• Knowledge of Field Area Network Architectures for Transmission and Distribution control and automation
• Familiarity with Energy Management Systems, distribution management systems, generation management systems, demand response systems
• Advanced knowledge of Utility/Energy Communications Systems Architecture
• Working knowledge of the Energy Critical Infrastructure
• Excellent leadership capabilities and management skills
• Experience with Distribution Modeling is a major plus

#LI-JS1

Salary Ranges:

$213,200.00 - $306,800.00