Senior Manager, Security Governance

COMPANY OVERVIEW

Pattern Energy is a leading renewable energy company that develops, constructs, owns, and operates high-quality wind and solar generation, transmission, and energy storage facilities. Our mission is to transition the world to renewable energy through the sustainable development and responsible operation of facilities with respect for the environment, communities, and cultures where we have a presence.

Our approach begins and ends with establishing trust, accountability, and transparency. Our company values of creative spirit, pride of ownership, follow-through, and a team-first attitude drive us to pursue our mission every day. Our culture supports our values by fostering innovative and critical thinking and a deep belief in living up to our promises.

Headquartered in the United States, Pattern has a global portfolio of more than 35 power facilities and transmission assets, serving various customers that provide low-cost clean energy to millions of consumers.

JOB PURPOSE

The Sr. Manager, Enterprise Technology Security & Governance is responsible for leading, governing, and maturing the organization’s enterprise security, cyber risk management, and critical infrastructure compliance capabilities. This role provides end to end ownership of security operations, identity governance, vulnerability and patch management, and NERC CIP compliance governance, ensuring alignment between regulatory obligations, cyber risk posture, and operational continuity across IT, OT, and cloud environments aligned to industry-standard frameworks such as NIST Cybersecurity Framework (CSF) and NIST 800-53/800-82 where applicable.

This is a hands-on senior leadership role requiring a blend of deep technical expertise, regulatory knowledge, and the ability to establish strong governance, policy, and accountability frameworks. The role operates at the intersection of cybersecurity, critical infrastructure operations, and compliance, serving as a key advisor to executive leadership on security risk and NERC CIP readiness. The ideal candidate has experience operating in regulated, mission critical environments—preferably energy, utilities, or renewables—and can balance security rigor with business and operational realities.

Key Accountabilities

• Security & compliance governance
• Establish and operate enterprise governance aligned to nist cybersecurity framework (csf) and nerc cip, including control mapping, maturity assessment, and consistent execution across it, ot, and cloud environments develop and maintain a nist-aligned security maturity roadmap, using nist csf or 800-53 to assess current state, define target state, and prioritize risk-based improvements
• Oversee and continuously improve incident response and cyber crisis management capabilities, including tabletop exercises and post-incident reviews
• partner with security operations to ensure detection and response capabilities align with enterprise risk tolerance
• Define, maintain, and enforce security, access control, patching, and vulnerability management policies, standards, and procedures
• Serve as a primary security and compliance authority during nerc cip audits, assessments, and regulatory engagements
• Ensure audit readiness through strong documentation, logging, evidence collection, and control validation
• Develop and execute a multi-year security and compliance roadmap aligned with business priorities, regulatory requirements, and risk posture
• Track compliance risks, remediation commitments, and control effectiveness, escalating issues as needed
• Establish and govern third-party cyber risk management, including vendor assessments, access controls, and ongoing monitoring
• Identity & access governance
• Own iam and identity governance programs, including rbac, least privilege enforcement, separation of duties, and periodic access certifications
• Ensure access control processes integrate with compliance, audit, and security monitoring requirements
• Partner with hr, infrastructure, ot, and cloud teams to ensure secure and compliant onboarding, offboarding, and role changes
• Cross functional leadership
• Collaborate closely with infrastructure, ot, cloud, security operations, legal, compliance, and internal audit teams to reduce cyber and compliance risk
• Act as a bridge between technical execution teams and executive leadership
• Translate technical vulnerabilities and compliance gaps into clear, business focused risk narratives
• People & capability development
• Coach, mentor, and develop a high performing team through clear goals, feedback, and career development
• Identify capability gaps and build sustainable processes rather than single point technical dependencies
• Evaluate and implement tools and technologies that improve security posture, compliance maturity, and operational efficiency

Experience/Qualifications/Education Required

• 10+ years of experience across cybersecurity, enterprise IT, infrastructure, or OT environments, with demonstrated management of one or more of the following:
• Security operations, vulnerability management, and patching
• Identity and access management (IAM) and privileged access management
• Governance, Risk, and Compliance (GRC)
• 5+ years of people leadership experience, including hiring, performance management, and development of technical teams
• Demonstrated experience supporting and governing NERC CIP compliance, including:
  • Asset and system classification
  • Patch management and vulnerability remediation
  • Access control, identity governance, and evidence management
  • Audit preparation, regulatory inquiries, and remediation tracking
• Familiarity with and practical application of NIST Cybersecurity Framework (CSF), NIST 800-53, and/or NIST 800-82 in enterprise or critical infrastructure environments
• Demonstrated experience mapping regulatory requirements (e.g., NERC CIP) to NIST frameworks and using NIST to drive control maturity and risk-based prioritization
• Strong technical and governance knowledge of:
  • Cybersecurity governance, risk management, and compliance frameworks
  • Patch management tools and enterprise remediation programs
  • Vulnerability assessment, risk scoring, and remediation lifecycle
  • Identity and access management (IAM), RBAC, and least privilege models
  • Logging, monitoring, and control evidence collection
• Experience working in regulated or critical infrastructure environments
• Proven ability to translate regulatory and technical risk into business and operational impact
• Strong communication and stakeholder management skills across technical, operational, and executive audiences

The expected starting pay range for this role is $118,000 - $160,000 USD. This range is an estimate and base pay may be above or below the ranges based on several factors including but not limited to location, work experience, certifications, and education. In addition to base pay, Pattern’s compensation program includes a bonus structure for full-time employees of all levels. We also provide a comprehensive benefits package which includes medical, dental, vision, short and long-term disability, life insurance, voluntary benefits, family care benefits, employee assistance program, paid time off and bonding leave, paid holidays, 401(k)/RRSP retirement savings plan with employer contribution, and employee referral bonuses.

Pattern Energy Group is an Equal Opportunity Employer.

#LI-JH1 LI-Hybrid