Cybersecurity Program Manager

Job Classification: Exempt, Full-time

Reporting Relationship: Chief Information Officer

Reporting Location: Topeka, KS

Primary Accountability:

The Cybersecurity Program Manager (CPM) will support FreeState Electric Cooperative’s (FreeState’s) cybersecurity compliance efforts by assisting in the implementation and maintenance of security policies, procedures, and programs. The CPM will work under the direction of the Chief Information Officer (CIO) and collaborate closely with the IT Supervisor, OT Supervisor, and Government Contract Manager to ensure alignment with CMMC Level 2 and other relevant frameworks.

Additionally, the CPM will coordinate extensively with FreeState’s external managed service provider (MSP) and managed security service provider (MSSP) dedicated to CMMC compliance requirements. The position will also engage in cybersecurity functions across the broader organization, contributing to the administration and security of a diverse array of technologies and systems.

Essential Duties:

• Cybersecurity Policies: Maintains cybersecurity policies, manages risk assessments, and coordinates audits in compliance with CMMC Level 2 and other cybersecurity frameworks.
• Compliance: Coordinates with key stakeholders to maintain and organize detailed records of all cybersecurity activities, policies, procedures, and compliance evidence for auditing and certification processes.
• Service Provider Coordination: Acts as the primary liaison with MSPs and MSSPs for compliance and security services. Tracks and assesses performance of service providers and addresses issues, as needed.
• Asset & Configuration Management: Maintains asset inventories and system baselines and ensures secure system configurations. Works with Department Leadership to execute annual processes including creating, analyzing, and reviewing procedures.
• Risk & Vulnerability Management: Conducts risk assessments, oversees vulnerability scanning, and coordinates patch management.
• Security Monitoring & Incident Response: Reviews security logs, investigates and responds to incidents (including after hours, as needed), and manages security event integrations. Creates and maintains alerting rules for logging events to enable timely detection of security incidents, and updates incident response plans, as needed.
• Access Control & User Management: Develops, implements, and manages conditional access policies. Administers and oversees Microsoft security tools (PIM, Conditional Access, Purview).
• Security Tools & Platform Management: Administers DLP, SIEM, and IAM solutions, and enhances security platforms.
• Training & Awareness: Conducts security training for employees and ensures policy adherence. Collaborates with HR to integrate cybersecurity training into onboarding processes.
• Reporting & Communication: Provides updates to leadership, generates reports, and tracks security metrics.

Marginal Duties:

• Cybersecurity Roadmap: Assists in developing a long-term cybersecurity roadmap to identify projects and initiatives; evaluates organizational needs and budgetary impacts.
• Continuing Education: Keeps abreast of the latest cybersecurity threats, technologies, and regulatory changes, and informs Department Leadership of significant developments.
• Test Data Backup and Recovery: Coordinates with System Owners to verify the effectiveness of data backup and recovery processes for all IT and OT systems, and reports findings.