Deputy Chief Information Security Officer (Deputy CISO)

Job Title: Deputy Chief Information Security Officer (Deputy CISO)
Location: Flexible / Hybrid (with utility-site presence as needed)
Reports To: Chief Information Security Officer (CISO)
Industry: Utilities (Electric, Gas, Water, or Renewable Energy)
Pay Rate: $80-$85/hr. on 1099
Role Overview
The Deputy Chief Information Security Officer (Deputy CISO) serves as a senior cybersecurity leader responsible for supporting the CISO in protecting the utility’s critical infrastructure, information systems, and operational technologies. This role helps translate cybersecurity strategy into execution across IT and OT environments, ensuring compliance with regulatory requirements, enhancing resilience, and reducing cyber risk to reliable service delivery.
The Deputy CISO will act as a trusted partner to executive leadership, operations, engineering, and regulatory teams, and may serve as the CISO’s designee when required.
Key Responsibilities
Cybersecurity Strategy & Leadership
Partner with the CISO to define, execute, and evolve the enterprise cybersecurity strategy, roadmap, and operating model.
Provide leadership and oversight for cybersecurity programs across IT, OT/ICS, cloud, and enterprise applications.
Serve as acting CISO in the CISO’s absence, representing cybersecurity at executive, regulatory, and board levels.
Build and mentor high‑performing security teams and leaders.
Regulatory Compliance & Risk Management
Ensure ongoing compliance with utility and critical‑infrastructure regulations and standards, including:
NERC CIP
NIST CSF / NIST 800‑53 / 800‑82
ISO 27001
Applicable federal, state, and regional utility regulations
Lead internal and external audits, assessments, and regulatory examinations.
Oversee enterprise cyber risk management, including risk assessments, mitigation plans, and executive reporting.
Operational Technology (OT) & ICS Security
Drive cybersecurity governance and controls across SCADA, EMS, DMS, protection systems, substations, and field devices.
Partner with Operations and Engineering teams to integrate cybersecurity into system design, maintenance, and modernization initiatives.
Balance cybersecurity controls with operational safety, reliability, and availability requirements.
Incident Response & Resilience
Oversee cyber incident response, crisis management, and recovery activities for both IT and OT environments.
Ensure coordination with physical security, emergency management, legal, and communications teams.
Lead tabletop exercises and simulations related to cyber events impacting grid reliability and customer service.
Security Operations & Architecture
Provide oversight for security operations functions including SOC, threat detection, vulnerability management, and identity & access management.
Guide secure architecture and design for enterprise systems, cloud platforms, and OT modernization programs.
Evaluate and prioritize security investments, tools, and third‑party services.
Stakeholder & Executive Engagement
Communicate cybersecurity risks, posture, and progress clearly to executive leadership and business stakeholders.
Partner with Legal, Compliance, Privacy, Procurement, and Vendor Management teams.
Support engagement with regulators, industry groups, and information‑sharing organizations (e.g., ISACs).
Required Qualifications
Bachelor’s degree in Computer Science, Engineering, Information Security, or related discipline (Master’s preferred).
12+ years of progressive experience in cybersecurity, with senior leadership experience in a regulated or critical‑infrastructure environment.
Direct experience supporting utilities or critical infrastructure, including OT/ICS security.
Deep knowledge of:
NERC CIP standards and audit processes
NIST frameworks and risk management practices
Cybersecurity for industrial control systems
Proven experience leading incident response and cyber crisis management.
Strong executive communication and leadership skills.
Preferred Certifications
CISSP, CISM, or CISA
GIAC (e.g., GICSP, GRID, GCED)
CRISC or equivalent risk certification
Relevant utility or OT cybersecurity certifications
Key Competencies
Strategic thinking with strong execution discipline
Ability to bridge IT, OT, and business priorities
Regulatory and audit expertise
Calm, decisive leadership during incidents
Strong collaboration across engineering, operations, and corporate functions