Southern Company Cybersecurity
Manager, Cybersecurity Assurance
Job Description
Southern Company’s Cybersecurity organization is committed to reducing risk using a threat-informed approach, enhancing the cyber resilience of Southern Company while delivering clean, safe, reliable, and affordable energy to the communities we serve.
Position Overview:
Southern Company, a major U.S. energy firm, is seeking a leader to provide leadership and direction for the Company’s governance, cybersecurity risk management and Department of Defense cyber compliance while driving continuous improvement in security controls. This role provides independent, risk-based assurance over the effectiveness of cybersecurity controls and the Company’s ability to prevent, detect, respond to, and recover from cyber threat
The role is responsible for multiple individual program leaders, oversees the Manager of Vulnerability Management and Validation, and collaborates closely with the Security Leadership Team. This Manager combines broad cybersecurity and business knowledge to reduce the company’s cyber risk posture over time. This leader serves as a trusted advisor to executive leadership by translating technical assurance outcomes into clear, business‑relevant risk insights. The role is hybrid but requires 4 days a week in the corporate office either in Atlanta or Birmingham.
Job Responsibilities:
- Hire, develop, inspire, reward and retain a highly qualified and diverse team including supporting leaders
- Apply strong leadership and strategic thinking to a diverse set of opportunities and challenges
- Create an environment that fosters accountability and engagement at all levels
- Establish and maintain excellent working relationships and partnerships across the Technology Organization functions, business partners, and external vendors and suppliers
- Perform cyber risk management by collaborating with the business to identify cyber risks, both within Technology Organization and associated business partners. Document unowned or long-term issues, exceptions, and/or risks to drive remediation, ownership, and accurately communicate risk posture.
+ Develop executive‑level metrics, KPIs, and KRIs that communicate control effectiveness, exposure, and cyber risk trends to senior leadership and governance forums
+ Measure adherence to published standards (company policies and requirements) and frameworks (e.g. NIST CSF, Gartner CARTA, CIS)
+ Map capabilities and gaps to stated strategy/direction, capital projects, and reporting
- Oversee and conduct periodic risk assessments in support of organizational goals
+ These include broad organizational assessments as well as targeted adversarial assessments of technology environments or applications
- Manage and oversee Federal (DoD, DoE) cyber security compliance and related required reporting
- Manage Southern’s Security Architecture Review process, ensuring that new/modified technology solutions add only well-managed security risk to our technology environments
- Manage 3 rd party cybersecurity risk to the Company, collaborating closely with Supply Chain partners and business units owning supplier relationships
- Manage continuous review and improvement of Company cyber security Standards, Policies, Requirements, and Guidelines
- Support Company Risk Management leadership to enable periodic renewals of Cyber Insurance
- Responsible for the discovery, qualification, monitoring, and reporting of cybersecurity asset and application vulnerabilities as well as misconfigurations both on-premise and in the cloud
- Responsible for the use of security controls validation testing to verify that cybersecurity solutions are performing as expected and drive the remediation of identified risks
- Drive innovation and leverage technology to create value and transform the business
- Establish an annual budget and meet expense and capital spend targets
- Maintain current knowledge of cybersecurity threats, tactics, techniques and procedures to inform above efforts
Requirements and qualifications:
- Bachelor’s degree preferred. An advanced degree is desirable.
- 7+ years of cybersecurity experience in architecture, engineering, operations, or compliance
- 5+ years of experience in leading teams, comfortable leading distributed/remote personnel
- Demonstrated ability to be an inclusive leader
- Strong leadership abilities, with the capability to attract and retain top talent, and motivate and develop personnel and future leaders
- Outstanding credibility and demonstrated ability to build strong relationships within the company and industry, as well as with vendors/suppliers.
- Experience with measuring cybersecurity programs via formal frameworks such as NIST CSF, NIST 800-53, ISO 27001/27002, CIS, Cloud Security Alliance (CSA) required
- Familiarity with adversary techniques/tactics to enable effective SOC collaboration, steer assessments, and develop/tune security control validation testing required
- Demonstrated knowledge of best practices related to cyber risk management, measurement and tracking
- Experience with information security regulation, to include those applicable to energy and utility industry, required
- Experience with driving cyber risk reduction in large, multi-stakeholder enterprise environments required
- Demonstrated ability to influence management and key stakeholders and lead through influence
- Strong oral and written communication skills, and the ability to communicate very complex or risk-related concepts to technical and non-technical audiences required
- Familiarity with the Department of Defense Federal Acquisition Regulation Supplement (DFARS)’s Cybersecurity Maturity Model Certification (CMMC) desired
- Industry certification preferred (CISSP, CISA, GIAC, CISM)
- Must pass NERC CIP & Insider Threat Protection background checks
- Must be able to obtain and maintain security clearance
This position falls under the company’s Insider Threat Program and will have access to, and control over sensitive data, systems or assets. Enhanced personnel screening, which includes a background review, drug screen and psychological assessment, will be required if you are selected for this position
About Southern Company
Southern Company (NYSE: SO ) is a leading energy provider serving 9 million customers across the Southeast and beyond through its family of companies. Providing clean, safe, reliable and affordable energy with excellent service is our mission. The company has electric operating companies in three states, natural gas distribution companies in four states, a competitive generation company, a leading distributed energy solutions provider with national capabilities, a fiber optics network and telecommunications services. Through an industry-leading commitment to innovation, resilience and sustainability, we are taking action to meet customers' and communities' needs while advancing our goal of net-zero greenhouse gas emissions by 2050. Our uncompromising values ensure we put the needs of those we serve at the center of everything we do and are the key to our sustained success. We are transforming energy into economic, environmental and social progress for tomorrow. Our corporate culture has been recognized by a variety of organizations, earning the company awards and recognitions that reflect Our Values and dedication to service. To learn more, visit www.southerncompany.com .
Southern Company invests in the well-being of its employees and their families through a comprehensive total rewards strategy that includes competitive base salary, annual incentive awards for eligible employees and health, welfare and retirement benefits designed to support physical, financial, and emotional/social well-being. This position may also be eligible for additional compensation, such as an incentive program, with the amount of any bonus/awards subject to the terms and conditions of the applicable incentive plan(s). A summary of the benefits offered for this position can be found here https://seo.nlx.org/southernco/pdf/SOCO-Benefits.pdf . Additional and specific details about total compensation and benefits will also be provided during the hiring process.
Southern Company is an equal opportunity employer where an applicant's qualifications are considered without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity or expression, or any other basis prohibited by law.
Job Identification: 17765
Job Category: Cybersecurity
Job Schedule: Full time
Company: Southern Company Services
