Manager - Cyber Metrics & Human Risk Management
Location: Atlanta, GA or Birmingham, AL (Onsite 4 days a week)
Job Description
At Southern Company, our core objective is to ensure a safe and reliable computing environment for the consumers of our services, both internally and externally. Our complex environment generates a constant stream of challenges which require continual innovation with an evolving set of technologies. Keeping the network safe and reliable ensures that our users stay connected with our applications, products and services. Southern Company is committed to supporting the professional development and growth of its employees and fosters an environment of diversity, equity, and inclusion.
Position Overview:
Southern Company is seeking a passionate leader to oversee the day-to-day execution of Cybersecurity Department enablement programs including cyber-safety initiatives, department communications, department metrics and reporting efforts, technology planning and procurement activities, and the early career talent program. This role serves as a focal point for supporting department-wide business functions, driving cyber safety culture change and developing content in support of executive communications that demonstrate cyber‑related behaviors, risk trends, and support leadership decision‑making.
The ideal candidate will bring strong people leadership skills and the ability to collaborate effectively across multiple teams and departments. This role requires a proven ability to successfully drive program strategy and execution, define key performance indicators, and develop reporting dashboards and communication materials demonstrating program success.
Qualifications:
- Bachelor’s degree in Information Systems, Cybersecurity, Risk Management, Communications or a related field.
- Minimum 8 years of experience working in cybersecurity, risk management, business analytics, requirements analysis, communications, or other related field.
- Strong understanding of Cybersecurity concepts, including awareness of relevant industry trends, standard processes, and best practices in cybersecurity metrics and reporting.
- Understanding of common cyber threats including phishing, social engineering and insider threats.
- Proactive and self-motivated approach to work, with excellent problem-solving and analytical skills.
- Ability to effectively organize tasks, manage multiple priorities/details, meet schedules, and deliver on commitments.
- Strong written and verbal communication and presentation skills.
- Familiarity with cybersecurity metrics frameworks, KPIs/KRIs, and enterprise reporting.
- Experience owning or influencing vendor/tool selection and procurement.
- Experience supporting executive or board‑level reporting.
- Ability to effectively communicate findings and work with various stakeholders, including technical, non-technical and executive-level audiences.
- Experience working across multiple stakeholders (security, IT, HR, Legal, Communications).
- Ability to work effectively at all levels of the organization, from executive committee to individual contributors.
- Energy sector or critical infrastructure experience a plus.
Job Responsibilities:
- Exemplify a leadership approach focused on building, inspiring, and developing outstanding teams.
- Support the professional growth of direct reports by setting clear expectations, providing ongoing coaching, and establishing performance goals.
- Support department communications efforts, including communications development and review/approval cycles.
- Oversee and direct efforts around cyber business measures, including establishment of key performance indicators and metrics that align with business initiatives and strategic risk management vision.
- Develop leadership‑ready scorecards and dashboards that clearly highlight trends, changes since prior reporting periods, and areas requiring action.
- Translate cybersecurity data and metrics into plain‑language insights for executives, leadership teams, and the workforce.
- Ensure consistency of metric definitions, data quality, and reporting cadence across cybersecurity and business stakeholders.
- Use metrics to inform prioritization, investment decisions, continuous improvement, and executive discussions.
- Oversee the Cyber Safety and Human Risk Management program with accountability for reducing human‑driven cyber risks through measurable, sustained behavior change.
- Establish and maintain a long‑term human risk management strategy with clear maturity targets and performance benchmarks.
- Ensure Cyber Safety efforts are risk‑driven, targeted, and coordinated—not treated as awareness-only or compliance exercises.
- Define and own the cybersecurity metrics framework for Cyber Safety and Human Risk Management, ensuring metrics are outcome‑oriented and decision‑useful.
- Oversee department procurement efforts and ensure compliance with organizational standards and support cybersecurity strategic objectives.
- Oversee and support department early career talent efforts, including internship program.
- Coordinate across security, IT, HR, compliance, and business teams to address high-risk populations and validate that platform insights align with observed behaviors.
- Collaborate with peers from across the organization and maintain excellent working relationships with key partners across Cybersecurity and the business.
- Demonstrate Southern Company values of Safety First, Unquestionable Trust, Superior Performance, and Total Commitment.
- Influence across organizational boundaries without direct authority, building strong partnerships with cybersecurity and business stakeholders.
- Promote a culture of accountability, continuous improvement, and evidence‑based decision‑making.
Job Requirements :
- Demonstrated ability to design and execute behavior change programs at an enterprise scale.
- Experience developing and tracking outcome-driven metrics.
- Demonstrated ability to collect and understand business requirements and to conceive and present appropriate solutions.
- Strong storytelling and content creation skills, including the ability to develop compelling awareness campaigns, videos, newsletters, and intranet content.
- Relevant certifications (Security+, SSAP, CISM, CISSP) preferred.
- Occasional travel to local and regional locations in pursuit of job duties and requirements.
- Must be willing and able to obtain and maintain US government security clearance.
- Required to submit to a thorough background examination, including NERC CIP and Insider Threat Protection checks.
About Southern Company
Southern Company (NYSE: SO ) is a leading energy provider serving 9 million customers across the Southeast and beyond through its family of companies. Providing clean, safe, reliable and affordable energy with excellent service is our mission. The company has electric operating companies in three states, natural gas distribution companies in four states, a competitive generation company, a leading distributed energy solutions provider with national capabilities, a fiber optics network and telecommunications services. Through an industry-leading commitment to innovation, resilience and sustainability, we are taking action to meet customers' and communities' needs while advancing our goal of net-zero greenhouse gas emissions by 2050. Our uncompromising values ensure we put the needs of those we serve at the center of everything we do and are the key to our sustained success. We are transforming energy into economic, environmental and social progress for tomorrow. Our corporate culture has been recognized by a variety of organizations, earning the company awards and recognitions that reflect Our Values and dedication to service. To learn more, visit www.southerncompany.com .
Southern Company invests in the well-being of its employees and their families through a comprehensive total rewards strategy that includes competitive base salary, annual incentive awards for eligible employees and health, welfare and retirement benefits designed to support physical, financial, and emotional/social well-being. This position may also be eligible for additional compensation, such as an incentive program, with the amount of any bonus/awards subject to the terms and conditions of the applicable incentive plan(s). A summary of the benefits offered for this position can be found here https://seo.nlx.org/southernco/pdf/SOCO-Benefits.pdf . Additional and specific details about total compensation and benefits will also be provided during the hiring process.
Southern Company is an equal opportunity employer where an applicant's qualifications are considered without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity or expression, or any other basis prohibited by law.
Job Identification: 18404
Job Category: Cybersecurity
Job Schedule: Full time
Company: Southern Company Services
