Director, Enterprise Security

Join to apply for the Director, Enterprise Security role at North Carolina's Electric Cooperatives
.

The Director of Enterprise Security is responsible for the strategy, design, engineering, implementation, and ongoing operations of NCEMC’s enterprise security program
, encompassing both cybersecurity and physical security
. This role safeguards NCEMC’s information assets, operational systems, facilities, and critical infrastructure—including substations, control centers, generation facilities, and corporate offices—through a layered defense approach (
deter, detect, delay, respond, recover
) and continuous maturity of the organization’s security posture.

This position collaborates closely with Network Services, Datacenter Operations, and the Service Center to ensure the performance, reliability, and security of IT infrastructure. The Director also partners with Software Development, Data Management, and EMS/OT teams to embed security by design across applications, data platforms, and operational technologies. The role serves as a key liaison with contractors, vendors, law enforcement, and regulatory bodies to ensure audit readiness and alignment with industry standards and applicable regulations.

• Bachelor’s degree in computer science, Information Security, Security Management, Emergency Management
  , or a related field. An equivalent combination of education, training, and relevant work experience may be substituted for the degree requirement.
• A master's degree is preferred.
• Certifications:
  
  Advanced security certifications such as CISSP, CISM, CISA, CRISC, or CCISO are strongly preferred.

• 6–10 years of progressive experience across IT/cybersecurity and physical security, including:
• At least 5+ years focused on cybersecurity/physical security
• 3–5+ years of leadership/management experience in security or IT.
• Electric utility operations experience preferred (including familiarity with substations, control centers, and generation facilities).

• Develop and execute an enterprise-wide security strategy covering both cyber and physical security domains.
• Establish and maintain policies, standards, procedures
  , and site security plans aligned with industry best practices (e.g.,
  ASIS
  , DHS CISA
  , NFPA
  , NERC
  ).
• Coordinate enterprise risk management activities:
  risk assessments
  , criticality analyses
  , threat/vulnerability reviews
  , and remediation roadmaps.
• Define security architecture and control baselines across IT, OT, facilities, and corporate environments.

• Oversee the Manager of Cybersecurity, including policy development
  , regulatory compliance
  , security assessments (internal and third‑party), and incident response planning and execution
  .
• Ensure security is integrated into SDLC, data platforms, and EMS/OT systems; collaborate with Software Development and Data Management teams to embed cybersecurity controls
  .
• Oversee audit readiness and compliance with applicable standards and regulations (e.g.,
  NERC CIP where applicable).
• Manage cybersecurity awareness and training for all staff and facilitate executive briefings and security committee meetings.

• Oversee the Manager of physical security systems to ensure NCEMC’s seven facilities across the state of NC are safe and secure.
• Lead and coordinate response to physical security incidents; manage investigations and reporting with law enforcement and regulatory agencies
  .
• Plan and execute security infrastructure projects balancing cost, risk reduction, regulatory compliance, and operational impact
  .
• Prepare and manage budgets for cybersecurity and physical security operations and capital initiatives.

• Develop and deliver training for employees, contractors, member organizations, and security personnel on site access
  , reporting
  , and emergency response protocols
  .
• Establish criteria for coordinated drills and exercises in collaboration with internal safety personnel and relevant external partners.

• Ensure compliance with…