Manager, Cybersecurity

TerraForm Power is seeking a dynamic and strategic Manager of Cybersecurity to lead the development, execution, and continuous improvement of its cybersecurity program across both Information Technology (IT) and Operational Technology (OT) environments. This role bridges strategic leadership with hands-on execution, ensuring cybersecurity resilience across enterprise and industrial domains.

The successful candidate will be responsible for building and maintaining a robust cybersecurity posture, developing long-term security roadmaps, and translating technical risks into business impact for senior leadership. They will oversee governance alignment, vendor management, and compliance with standards such as NERC CIP, ISO 27001, and the NIST Cybersecurity Framework. Operationally, the role includes leading incident response, configuring and tuning security tools (SIEM, EDR, IAM, firewalls), conducting vulnerability scans, and supporting secure operations across TerraForm Power's wind, solar, and battery storage sites, as well as corporate and remote work environments.

Key Responsibilities

• Lead the design, implementation, and continuous improvement of cybersecurity programs across IT and OT systems.

• Manage cybersecurity service providers and specialized vendors to ensure quality delivery and alignment with TerraForm Power's security objectives.

• Oversee security operations including monitoring, threat detection, vulnerability management, and incident response.

• Ensure compliance with relevant frameworks and regulations, including NERC CIP, ISO 27001, SOC 2, and SOX ITGC.

• Provide security architecture guidance for cloud infrastructure, enterprise systems, and OT networks (e.g., SCADA, telemetry, and industrial firewalls).

• Conduct regular risk assessments and security reviews across IT and OT assets.

• Promote cybersecurity awareness across teams, business units, and stakeholders.

• Collaborate with IT, OT, project, and engineering teams to embed security in project design and operational planning.

Strategic Responsibilities

• Develop and maintain long-term cybersecurity roadmaps aligned with business growth and regulatory evolution.

• Translate cybersecurity risks into business impact for senior leadership and provide executive-level reporting.

• Ensure cybersecurity policies and standards are current and aligned with enterprise risk posture.

• Collaborate with IT, OT, and corporate risk teams to drive governance and compliance initiatives.

• Lead vendor and service provider management to ensure alignment with strategic cybersecurity objectives.

Operational Responsibilities

• Set-out requirements and manage third party providers for the configuration and tuning of tools such as SIEM, EDR, IAM, and firewall platforms including Check Point.

• Provide strategic direction and oversee third-party providers to ensure the configuration and optimization of security tools, including SIEM, EDR, IAM, and firewall platforms such as Check Point, to effectively protect our environment.

• Direct containment and recovery efforts during cybersecurity incidents and manage incident response workflows.

• Conduct vulnerability scans, phishing simulations, and root-cause analysis of security events.

• Oversee implementation of tactical security controls across IT and OT environments.

• Administer cybersecurity systems and support global awareness programs.

Qualifications

Education: Bachelor's or master's degree in Cybersecurity, Information Systems, Engineering, or a related discipline.

Experience:

• Minimum of 7 years of progressive cybersecurity experience, including at least 2 years in a management role.

• Proven ability to manage external security vendors and service providers.

• Blend of strategic and operational responsibilities in cybersecurity.

Technical Expertise:

• Strong knowledge of cybersecurity frameworks and compliance requirements in IT and OT environments (examples include: NIST CSF, ISO 27001, NERC CIP).

• Familiarity with SCADA systems, ICS, PLCs, and segmented OT network design.

• Previous experience in the hands-on configuration and tuning of SIEM, EDR, IAM, and firewall platforms (including Check Point) is valuable, as you will be responsible for directing, managing, and setting requirements for third-party providers delivering these services.

• Experience with a variety of cybersecurity tools, such as Security Information and Event Management (SIEM) platforms including Microsoft Sentinel and Splunk; Endpoint Detection and Response (EDR) solutions like CrowdStrike and Defender for Endpoint; firewall and network security technologies such as Check Point, Palo Alto, and Cisco; Identity and Access Management (IAM) tools including Azure AD, Okta, and CyberArk; vulnerability management solutions like Tenable, Rapid7, and Qualys; OT security monitoring platforms such as Nozomi Networks, Dragos, and Claroty; as well as Cloud Security Posture Management (CSPM) tools like Microsoft Defender for Cloud and Wiz.

Certifications: CISSP, CISM, GICSP, GIAC, or equivalent.

Leadership & Communication: Strong ability to influence cross-functional teams and communicate effectively.