Working under limited supervision, will form part of the Avangrid Renewables Operations team and be responsible for developing, and managing the Cyber Security policies for Avangrid Renewables. Within the Global \ Local context development the Cyber Threat and Incident Management program for Avangrid Renewables, participating in the definition of the overall Cyber Strategy, development support and coordination of the associated implementation plan and activities.Works with the Business and IT teams to govern and oversee the various action, treatment and implementation plans in respect to Cyber Security.
Assesses, tracks, monitors and verifies compliance against policy and standards.
Participates in Implementation and maintenance of effective unified security controls.
Participates in development of and maintains security incident response plan.
Leads Security incident response for Avangrid Renewables.
Coordinates and participates to investigate activities including vulnerability scans and penetration tests, incident evaluation and forensic analysis.
Develops and maintains the threats cape through collecting, correlating, and analyzing input from both external and internal sources to identify potential security threats, vulnerabilities and attacks.
Deployment of mitigating actions and strategies to address Development and management of unified treatment plans and management to closure
Govern, oversee and support, respond to, analyze, and resolve enterprise and Cyber security issues, incidents and events, concerns or questions of stakeholders.
Evaluates and identify threats and vulnerabilities in collaboration with stakeholders.
In the different countries of the Group, coordination of the regulations and criteria of a global scope in order to improve the cybersecurity of all the areas, in close collaboration with businesses and local Cybersecurity teams in USA, UK, Spain, Mexico, and Brazil.
Definition of methodologies and criteria for assessing cybersecurity risks.
Leadership of global projects to improve cybersecurity, in coordination with the technical and organizational areas involved as well as identification of synergies and efficiencies.
Development of scorecards and global reporting.
Develop, implement and manage a local asset inventory of SCADA devices and other Cyber assets within the portfolio of windfarms and other Avangrid Renewables locations.
Provide security advice, in collaboration with Corporate Cyber Security, and support to management, and projects to comply with both global and local requirements and obligations.
Maintain and communicate relevant local security procedures aligned with necessary Cyber Security rules, processes, procedures and standards.
Perform risk analysis to ensure that appropriate security controls are in place and highlight any deficiencies and gaps for management consideration.
Where required, propose solutions and coordinate delivery of mitigating actions to ensure risk levels are aligned with risk appetite.
Perform compliance checks to ensure Cyber Security controls are operating as designed.
Identify opportunities to enhance the business security incident response processes, tools and procedures.
In conjunction with the Cyber Security team collaborate to produce \deploy Cyber Security awareness training and material across Avangrid Renewables as required.
Assist in establishment and management of an EMS Cyber Security Program & Incident Response program, including written polices and associated OT procedures, standards, regulations and guidelines.

Develop Self & Others
Empower to grow
Collaborate and Share
Be a role model
Focus to achieve results
Be agile
Skills and Requirements
5-10+ years mission-critical expertise supporting an energy control center or equivalent.
5+ years’ experience with communication protocols such as Modbus, DNP, OPC, ICCP, TCP/IP, EIDE.
5+ years’ experience with Windows Server/Client operating systems
5+ years’ experience with industrial networking, VLAN’s, NAT’s, Static Routing, etc.
5+ years’ experience with VMWare virtualization.
Ability to qualify to NERC standards including successful 7-year background investigation and security review.
Proven ability to effectively communicate orally and in writing with management, Plant Operations, and technical personnel.
High energy and ability to work with little to no direct supervision.
Self motivating and have desire to stay abreast of latest systems technologies relating
to optimizing generation system performance.

Detailed understanding of NERC / CIP standards. Preference may be given to candidates with the following:
5+ years Balancing Authority (BA) operational experience
Background in process control and energy management systems, as related to the Wind Energy Business.
Certified Information Systems Security Professional (CISSP)
Certified Secure Software Lifecycle Professional (CSSLP)
Other industry recognized IT/OT security certifications specific to ICS and Cyber Security/Incident Handling.
Engage appropriate Federal, State and Regional entities and organizations as needed.

AVANGRID employees may be assigned a system emergency role and in the event of a system emergency, may be required to work outside of their regular schedule/job duties.