Primary Purpose of the Position Senior leader responsible for activities of the Enterprise Standard Owner (ESO) for CIP-004 - Electronic Access Management, CIP-006- Physical Security, CIP-008 - Incident Response and these requirement areas as they apply to low assets under CIP-003. Responsible for day-to-day leadership and oversight of the Real-Time Systems Security and Compliance team. * Lead the overall NERC CIP compliance efforts across Corporate and Information Security Services by interfacing and integrating with all CISS leaders and key managers. * Provide leadership to the Real-Time Systems Security and Compliance Team in the development, maintenance and promotion of a NERC CIP security and compliance posture and establish service relationships with Business Unit (BU) CIP Compliance Coordinators, BU IT Support teams, NERC CIP PMO, CIP Enterprise Standard Owners (ESO), Legal, Internal Audit, Regulatory and other entities to provide timely, cost effective and consistently high quality cybersecurity services * Develop, recruit and retain a diverse, capable, high performance work force. Evaluate performance and provide personnel coaching. Promote diversity and foster teamwork, collaboration, and a learning organization. Requires regular, consistent in-person engagement in Baltimore and Owings Mills work spaces. * Leverage Exelon Management Model documents, Standards and Industry best practices to establish and sustain high quality NERC CIP Compliance activities * Develop and participate in external liaison relationships to share, learn, apply and influence cybersecurity viewpoints and best practices with industry and government. * Regularly report, inform and influence Exelon Business, Utility and IT Leadership regarding NERC/CIP and Real-Time Systems cyber threats, events, incidents, risks, and corrective actions. North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Standards and Requirements Roles and Responsibilities Lead the Corporate Information Security Services (CISS) CIP Assurance team to develop, maintain and promote a security-driven and CIP compliant posture. Establish and measure strategy, goals, and objectives and achieve annual progress. Lead CISS efforts on CIP audits (Exelon has seven registered entities subject to CIP audit). Lead the Real-Time Systems Security & Compliance team to assure performance of the CISS NERC CIP requirement fulfillment obligations. the development of collaborative requirements, and the translation of functional requirements into secure technical solutions. Serve as the Exelon Enterprise Standard Owner (ESO) for CIP-004 - Electronic Access Management, CIP-006- Physical Security, CIP-008 - Incident Response and these requirement areas as they apply to low assets under CIP-003. Responsible for implementation, maintenance and continuous improvement of Exelon CIP compliance fulfillment. Develop and maintain partnerships with Exelon Business Unit (BU) including compliance contacts and Registered/Responsible Officers, to sustain compliance and drive improvement for CIP-003, -004, -006 and -008. Review and approve compliance approaches and evidence documentation for BU projects with CIP obligations and for BU changes in approaches to fulfill compliance obligations. Leverage Exelon Management Model to establish and sustain the policies, programs, procedures and other documentation to structure and fulfill the high quality security capabilities that are CIP compliant Develop, recruit and retain a diverse, capable, high performance work force. Evaluate performance and provide personnel coaching. Promote diversity and foster teamwork, collaboration, and a learning organization. Provide input on staff development and retention. Develop and participate in external liaison relationships to share, learn and influence 3rd party cyber security, compliance and monitoring viewpoints and best practices Plan and manage O&M and baseline capital investment budgets totaling approximately $2 Million O&M annually. Qualifications: Minimum *BA/BS in public policy, IT, Cyber Security, or related technical discipline and typically 8 years' experience, including 4 years in a leadership role, within a fast-paced industry or federal government cybersecurity or IT department, or equivalent combination of education and work experience. *Knowledge of and demonstrated proficiency in NERC CIP Reliability Standards *Experience in leading geographically-distributed teams *Experience leading collaboration teams outside direct report chain. *Advanced interpersonal skills, communications skills, and presentation skills to executive leadership *Proficient in capital planning, budget justification and management, and acquisition and oversight of products and services *Availability for occasional travel to various work locations, external liaison activities Preferred *Master's degree in a technological discipline or public policy or MBA *Track record of successfully implementing and optimizing the use of NIST Cyber Security Framework, CIP Frameworks, and Cybersecurity Capability Maturity Models (C2M2) focused on the energy sector. *Extensive professional network across the public and private-sector cyber security companies, consortiums, and associations. *Professional experience in public and private sector organizations/consortiums/associations.