Back to jobs
T

Director, Enterprise Security

Tucson, AZ - DowntownPosted Yesterday
Full-timeonsite

Job Description

We are looking for talented individuals who are passionate about making an impact in the company and the community. Apply now and become part of the dynamic energy industry!

 

 

Are you a strategic security leader who can balance risk, reliability, compliance, and innovation? Join Tucson Electric Power as our Director of Enterprise Security and help protect the critical technology, infrastructure, and operations that power our communities every day.

As a member of the IT Leadership Team, you will shape enterprise security strategy, influence technology decisions, and lead multidisciplinary teams responsible for cybersecurity, operational technology (OT) security, physical security, identity and access management, and governance, risk, and compliance.

What You Will Do

  • Lead TEP's enterprise security strategy and roadmap across cybersecurity, OT security, physical security, IAM, and compliance.
  • Partner with executive leadership to align security investments and priorities with business objectives.
  • Strengthen cyber resilience, incident response capabilities, and enterprise risk management programs.
  • Advance cloud security, Zero Trust initiatives, and secure-by-design technology practices.
  • Collaborate with operations and engineering leaders to protect critical infrastructure while supporting reliability and operational excellence.
  • Lead and develop high-performing teams while overseeing budgets, vendors, and strategic security investments.

What You Bring

  • Bachelor's degree in Information Security, Computer Science, Engineering, Business, or a related field, or equivalent experience.
  • 8+ years of progressive leadership experience in enterprise security, risk, technology, or critical infrastructure environments.
  • Experience leading enterprise security programs and influencing executive stakeholders.
  • Knowledge of regulatory, compliance, and audit requirements.
  • Experience working across both IT and operational technology (OT) environments.
  • Strong executive communication, collaboration, and leadership skills.

Preferred: Utility, energy, or critical infrastructure experience; cloud security and Zero Trust transformation expertise; relevant certifications such as CISSP, CISM, CRISC, CCSP, GICSP, or PMP.

Help shape the future of secure, reliable energy delivery while leading enterprise-wide security strategy for one of Arizona's premier energy providers.

Position Description

The Director of Enterprise Security is the senior-most authority responsible for the organization’s enterprise security posture. This role provides strategic leadership, governance, and execution across Cybersecurity (IT and OT), Physical Security, Identity & Access Management, and Enterprise Compliance in a highly regulated utility environment.

This role is a key member of the IT Leadership Team, serving as a strategic partner to the CIO and a peer to other senior IT leaders. The Director collaborates in establishing and executing the enterprise IT vision, strategy, architecture, and investment priorities, ensuring security is embedded into all technology decisions and initiatives. As a member of the IT Leadership Team, this role shares accountability for delivering secure, reliable, resilient, and compliant technology capabilities aligned with company strategy and operational priorities.

The Director defines and executes a comprehensive enterprise security strategy that protects critical infrastructure, ensures regulatory compliance, enables a Cloud‑First operating model, and maintains customer, regulator, and stakeholder trust. The role partners closely with executive leadership, operational organizations, and business stakeholders to balance security, reliability, safety, cost, and innovation, ensuring that security investments are risk-informed, financially responsible, and clearly tied to business value, regulatory obligations, operational resilience, and measurable risk reduction.

Key Responsibilities                                                                                  

Enterprise Security Leadership & Strategy

  • Serve as the enterprise leader accountable for all security domains, including IT cybersecurity, OT cybersecurity, physical security, identity and access management, and compliance.
  • Define, maintain, and execute a multi‑year Enterprise Security Strategy and roadmap aligned with company strategy, IT strategy, regulatory requirements, and operational priorities.
  • Establish enterprise security governance, metrics, and executive reporting, including risk posture, maturity indicators, and investment effectiveness.
  • Act as the primary security and risk advisor to the CIO and executive leadership. As appropriate, develop and present materials to these stakeholders in support of the security function.
  • Partner with Enterprise Risk Management to identify, quantify, communicate, and monitor enterprise security risks.

IT Leadership & Enterprise Technology Strategy

  • Serve as an active, peer-level member of the IT Leadership Team, contributing to enterprise IT strategy, operating model, and transformation roadmap.
  • Partner with senior IT leaders across infrastructure, applications, data, architecture, and operations to advance secure-by-design practices, with clear exception, risk acceptance, and prioritization processes.
  • Partner with senior leaders across the organization to amplify and achieve security goals.
  • Influence enterprise technology investment and architectural decisions through risk‑informed guidance that balances security, reliability, cost, and business value.
  • Participate as a decision‑maker in IT governance forums, architecture review, and strategic planning processes.
  • Ensure security strategy and capabilities are tightly integrated with IT modernization initiatives.
  • Prepare and deliver clear, business-oriented security updates for executive, board, audit, regulatory, and governance forums as needed.

Cloud‑First Security Enablement

  • Lead the design and implementation of security capabilities that enable and scale a Cloud‑First enterprise architecture.
  • Establish cloud security standards, reference architectures, and guardrails, including:
    • Secure cloud landing zones
    • Cloud security posture management (CSPM)
    • Cloud workload, container, and API security
    • Data protection and encryption strategies
  • Embed security into application delivery through DevSecOps secure SDLC practices.
  • Govern third‑party and cloud service provider risk through standardized assessments and monitoring.

Operational Technology (OT) Cybersecurity Maturity

  • Provide leadership for OT cybersecurity across generation, transmission, distribution, and field operations.
  • Partner with Operations, Engineering, and Reliability teams to advance OT cyber maturity while preserving safety and system reliability.
  • Establish OT cybersecurity governance covering:
    • Asset visibility and classification
    • Network segmentation and secure remote access
    • Vendor and contractor access controls
    • OT‑appropriate vulnerability and patch management
  • Develop, test, and maintain OT‑specific incident response plans and conduct exercises.

IT Cybersecurity Maturity & Resilience

  • Maintain and continuously improve enterprise IT cybersecurity maturity, including:
    • Security operations (SOC), monitoring, and SIEM/SOAR
    • Vulnerability management and configuration compliance
    • Endpoint, network, and email security
    • Data protection, privacy controls, and encryption
  • Partner with business continuity, disaster recovery, operations, and risk leaders to strengthen cyber resilience.

Integrated Governance, Risk & Compliance (GRC)

  • Implement and operate a fully integrated enterprise GRC program spanning cybersecurity, physical security, privacy, and operational risk.
  • Establish cloud, identity, infrastructure, application, data, and third-party security standards, guardrails, and governance practices that enable secure enterprise modernization.
  • Maintain an enterprise security risk register with formal risk acceptance and exception governance.
  • Support internal, external, and regulatory audits; ensure audit readiness and timely remediation.
  • Serve as executive sponsor of internal and external security assessments.

Zero Trust Strategy & Implementation

  • Own and execute the enterprise Zero Trust strategy and roadmap.
  • Implement Zero Trust principles across:
    • Identity‑first access controls and strong authentication
    • Least privilege and privileged access management (PAM)
    • Network segmentation and micro‑segmentation
    • Continuous verification based on user, device, and risk context
  • Establish metrics to measure Zero Trust adoption and reduction in attack surface.

Physical Security

  • Provide strategic oversight for physical security programs protecting personnel, facilities, substations, and critical infrastructure.
  • Ensure alignment between physical access controls, identity systems, and enterprise risk posture.
  • Coordinate with internal stakeholders and external partners as appropriate.
  • Appropriately, leverage guard force and physical security technology to reduce physical security risk.

Incident Response & Crisis Leadership

  • Lead enterprise security incident response governance and coordinate cyber/physical security response capabilities
  • Ensure clear command structure, escalation protocols, and coordination with Legal, Communications, HR, Operations, and executive leadership.
  • Ensure security lessons learned are captured and incorporated into continuous improvement efforts.

People, Budget, and Vendor Management

  • Lead a multi‑disciplinary organization spanning cybersecurity, OT security, IAM, GRC, and physical security.
  • Manage budgets, prioritize investments, and oversee vendor and partner relationships.
  • Establish operating model, decision rights, and accountability across security domains.
  • Own workforce planning, budgeting, and vendor strategy.
  • Ensure security capabilities scale with business growth and transformation.

Management Responsibilities

  • Ensure that the Company’s management principles, policies and programs are consistently practiced and continually support the Affirmative Action Plan.
  • Assume fiduciary responsibility for operating the business and provide recommendations on cost improvement measures.
  • Ensure that the Performance Management program is administered uniformly and effectively.
  • Comply with and administer the terms and conditions of the Collective Bargaining Agreement when applicable.
  • Administers personnel functions, including recruiting, review and approval of job descriptions and salary classifications, and selection and placement of personnel.  Participates in hiring, termination, promoting, assignment and direction of staff.  Ensure compliance with all applicable local, state and federal laws, regulations and standards, company policies, practices and ethical obligations to investigate, evaluate and recommend appropriate resolution to employee complaints.
  • Promotes and participates in the professional development, personal growth and career planning of staff.  Motivate, recognize and reward, coach, counsel, train; provide feedback to employees during performance reviews.   Participates in Leadership Development programs.
  • Addresses disciplinary and/or performance issues, according to company policy, and communicates effectively with employees regarding corrective action. Has input into the adjustment of grievances and administration of discipline.
  • Plans day-to-day operations, estimates personnel needs and schedules and assigns work.  Evaluate the structure and team plan for continual improvement of the efficiency and effectiveness of the group.

Knowledge, Skills & Abilities

(Equivalent combination of education and experience will be considered.)

Minimum Qualifications

·  Bachelor’s degree in Information Security, Computer Science, Engineering, Business, or related field (or equivalent experience).

·  8+ years of progressive leadership experience in enterprise security, risk, technology, or critical infrastructure roles, including experience leading cross-functional security programs.

·  Strong understanding of regulated environments and audit programs.

·  Experience working across both IT and OT environments.

·  Proven executive communication and stakeholder engagement skills.

Preferred Qualifications

·  Experience functioning as the senior‑most security leader

Experience in utilities, energy, or critical infrastructure industries.

·  Demonstrated success with cloud security and Zero Trust transformations.

·  Deep experience implementing integrated GRC programs.

·  SOC and incident response modernization experience.

·  Relevant certifications (preferred): CISSP, CISM, CRISC, CCSP, GIAC (GICSP), PMP.

·  Master’s degree (MBA, MS Cybersecurity, or related).

ADA Requirements and Physical Demands: Update below to match physical demands of the role.

The physical demands as described are representative of those that must be met by the person in this position to successfully perform the essential functions of the job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

  • Office Work:
    • Sit, Stand, Walk and Bend: This position regularly requires prolonged periods of sitting. Occasionally requires standing, walking, or bending for short periods of time.
    • Use of Hands/Fingers: To operate a computer, keyboard, mouse, and other office equipment.
    • Speech/Hearing: This position frequently communicates with others via phone and in-person.
    • Visual Acuity: For reviewing detailed operational reports.
  • Lifting: Ability to lift and carry items weighing up to 15 pounds, as needed.
  • Safety Sensitive: This position does not perform safety sensitive functions.
  • Travel: Regular travel to operational sites, industry events, and stakeholder meetings.
Director, Enterprise Security at Tep | Renata