IT Security Manager

At Bernhard, we blend a rich history with a forward-looking vision. With over 100 years of experience, we are a pillar of stability in the energy infrastructure industry and a leader in innovative energy solutions. Our commitment to leveraging emerging technologies ensures that we remain at the forefront of the Energy-as-a-Service sector.

We believe in growth—not just for our business, but for our people. Our team members have the opportunity to advance their careers in a supportive environment that values continuous learning and development. We embrace innovation and encourage creative problem solving to tackle the energy infrastructure and energy challenges of tomorrow.

Inclusion is at the heart of our culture. We strive to create a workplace where every voice is heard and valued, fostering a collaborative environment where diverse perspectives drive our success.

Join us to be part of a legacy of excellence and a future of groundbreaking advancements. At Bernhard, stability, innovation, and growth are more than just values—they are the pillars of our continued success.

The Information Security Manager will serve as the process owner of all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee and business information in compliance with the organization's information security policies. A key element of the Information Security Manager’s role will be working with executive management to determine acceptable levels of risk for the organization. This position is responsible for establishing and maintaining a corporate-wide information security management program to ensure that information assets are adequately protected. 

Specific responsibilities include:

• Execute a strategic, comprehensive IT risk management program targeting information security and privacy matters. Ensure the integrity, confidentiality and availability of information owned, controlled, or processed by the organization.
• Maintain the Bernhard customized information security management framework
• Provide regular reporting on the current status of the information security program to organization leaders as part of a strategic enterprise risk management program.
• Ensure that security programs are in compliance with relevant laws, regulations, and policies to minimize or eliminate risk and audit findings.
• Assist executive leadership in establishing a cyber security culture throughout the enterprise
• Oversee the approval, training and dissemination of security policies and practices, as well as compliance from all employees, contractors, and approved system users.
• Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls.
• Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security throughout the organization.
• Engage with external communities and activities to maintain good perspective on information security practices at peer organizations and the threat environment; promote and increase organizational ability to address common problems. Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.
• Identify, Report and Control cyber incidents and minimize any disruption to the Bernhard network and protect the organization’s data assets
• Work directly with the business units to facilitate risk assessment and risk management processes
• Work directly with business lines to develop, maintain and test disaster recovery and business continuity plans and procedures
• Maintain strong working relationships with organization leadership and teams to align information security practices across the organization.
• Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services
• Design and work with other team members to architect new information security infrastructure solutions
• Complete customer and vendor assurance risk assessments
• Overseeing planning and execution of necessary vulnerability audits, penetration testing or forensic IT audits and investigations
• Program manage initiatives to improve company security posture, protecting company assets, reducing security risks, and meeting customer security requirements while balancing expenses and worker productivity
• Manage the Bernhard Cyber Hygiene Program and oversee employee training in all the latest security awareness skills

This position is Full Time Exempt, and reports to the Vice President for Information Technology.

Required Education, Experience and Qualifications

• Degree in computer science, information systems, business administration or a technology-related field, or equivalent work experience, is required
• Minimum of seven years of experience in a combination of risk management, information security and other IT jobs
• Applicable information security certifications (CISSP, CISM, CISA, CRISC, GSEC, or similar)
  • If CISSP is not a current certification, then selected individual must be able to obtain one within six months of being hired by Bernhard
• Extensive applied expertise in multiple disciplines, including risk assessment and auditing; security monitoring practices; the system development and engineering lifecycle; network security principles including an understanding of firewalls and security segmentation; endpoint and application security principles including understanding of access controls, vulnerability management; encryption best practices; and cloud and vendor security management principles
• Policy development and administration skills
• Strong analytical thinking and innovation skills
• Effective verbal and written communication skills.

Travel Requirements

• Frequent travel to Company or client locations. Approximately 15% of time will be spent traveling.

Bernhard is proud to be an Equal Opportunity Employer of Minorities, Women, Protected Veterans, and Individuals with Disabilities, and participates in the E-Verify program. All qualified applicants will receive consideration for employment without regard to race, creed, color, religion, sex, age, sexual orientation, gender identity, national origin, veteran status, disability, or any other classification protected by law.