pplweb
Senior Director Cyber Operations & Threat Intelligence
Job description
Company Summary Statement
As one of the largest investor-owned utility companies in the United States, PPL Corporation (NYSE: PPL), is committed to creating long-term, sustainable value for our 3.5 million customers, our shareowners and the communities we serve. Our high-performing regulated utilities — PPL Electric Utilities, Louisville Gas and Electric, Kentucky Utilities and Rhode Island Energy — provide an outstanding experience for our customers, consistently ranking among the best utilities in the nation. PPL’s companies are also addressing challenges head-on by investing in new infrastructure and technology that is creating a smarter, more reliable and resilient energy grid. We are committed to doing our part to advance a cleaner energy future and drive innovation that enables us to achieve net-zero carbon emissions by 2050 while maintaining energy reliability and affordability for the customers and communities we serve. PPL is a positive force in the cities and towns where we do business, providing support for programs and organizations that empower the success of future generations by helping to build and maintain strong, diverse communities today. Overview
NOTE: This is a hybrid role requiring 3 days onsite at one of our local offices: Allentown, PA; Providence, RI or Louisville, KY. #INDPPL #LI-Hybrid
The Senior Director of Cyber Operations leads PPL’s enterprise cyber defense organization, responsible for Security Operations (SOC), Threat Intelligence, Detection Engineering, Security Engineering, and Security Orchestration, Automation, and Response (SOAR). This role oversees the day-to-day protection of a critical infrastructure environment and leads the ongoing transformation to a modern, intelligence-driven and automation-first cyber program. The leader will integrate emerging capabilities such as Agentic SOC architectures, Machine-driven Cyber Platforms (MCP), Attack Surface Management (ASM), and risk-based Vulnerability Management, while aligning operations to industry frameworks including NIST Cybersecurity Framework (CSF), NIST AI Risk Management Framework (AI RMF), and NERC CIP.
Responsibilities
Enterprise Cyber Operations Leadership
- Lead and evolve PPL’s 24x7 SOC operations, including monitoring, detection, and incident response
- Direct cyber operations across:
- Security Operations Center (SOC)
- Threat Intelligence
- Detection Engineering
- Security Engineering
- SOAR / automation platforms
- Drive operational maturity aligned to NIST CSF domains (Detect, Respond, Recover)
- Maintain executive-ready visibility into cyber risk, operational performance, and incident posture
Incident Response & Crisis Management
- Lead enterprise cyber incident response and coordination, including high-impact events
- Establish and mature playbooks, escalation models, and executive communication protocols
- Partner with legal, compliance, and business leadership during cyber events
- Ensure readiness through exercises aligned to NERC CIP and resilience requirements
Threat Intelligence & Detection Engineering
- Operationalize intelligence-led defense by integrating threat intelligence into detection use cases
- Lead detection engineering program to improve fidelity, reduce noise, and expand coverage
- Advance proactive threat hunting capabilities across enterprise and critical systems
Security Engineering & Automation
- Own design, implementation, and optimization of cyber tooling and platforms
- Lead transition toward automation-first and Agentic SOC capabilities
- Deploy and scale:
- Advanced SIEM and XDR capabilities
- SOAR platforms and playbook automation
- MCP / AI-enabled cyber decision support systems
- Ensure secure adoption and governance of AI in cyber operations aligned to NIST AI RMF
Attack Surface & Vulnerability Management
- Establish integrated Attack Surface Management (ASM) across enterprise and external footprint
- Lead risk-based vulnerability management program prioritizing remediation based on threat context and business criticality
- Integrate asset, exposure, and threat data to drive measurable risk reduction
Critical Infrastructure & Regulatory Alignment
- Ensure cyber operations align with NERC CIP requirements and broader regulatory obligations
- Partner with compliance teams to support audits, evidence collection, and continuous improvement
- Coordinate with OT/IT teams to protect grid operations and critical systems
Team Leadership & Culture
- Lead a multi-disciplinary team spanning SOC, engineering, and threat intelligence functions
- Develop talent, succession pipelines, and leadership bench strength
- Foster a culture of accountability, innovation, and continuous improvement
- Drive alignment with enterprise cybersecurity strategy and “Guardians of the Grid” mission
Qualifications
Required Education
- Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field; Master’s degree preferred but not required
Required Experience
- 20+ years of experience in cybersecurity or a related field, with demonstrated experience in a senior leadership role.
- Proven experience in managing cybersecurity operations and incident response
- Strong leadership and project management skills
- Excellent communication and collaboration abilities
- In-depth knowledge of cybersecurity frameworks and best practices
- Proficiency in security tools and technologies
- Experience managing large, diverse teams and leading complex projects
- Understanding of Agile principles and methods
- Strong communication and collaboration skills with technical and non-technical stakeholders
- Ability to adapt to new technologies and methodologies
- Ability to align IT transformation initiatives with the overall business strategy
Preferred Qualifications
- Advanced degree or relevant certifications (e.g., CISSP, CISM, would be a plus)
- Utilities industry experience
Enterprise Cyber Operations Leadership
- Lead and evolve PPL's 24x7 SOC operations, including monitoring, detection, and incident response
- Direct cyber operations across:
- Security Operations Center (SOC)
- Threat Intelligence
- Detection Engineering
- Security Engineering
- SOAR / automation platforms
- Drive operational maturity aligned to NIST CSF domains (Detect, Respond, Recover)
- Maintain executive-ready visibility into cyber risk, operational performance, and incident posture
Incident Response & Crisis Management
- Lead enterprise cyber incident response and coordination, including high-impact events
- Establish and mature playbooks, escalation models, and executive communication protocols
- Partner with legal, compliance, and business leadership during cyber events
- Ensure readiness through exercises aligned to NERC CIP and resilience requirements
Threat Intelligence & Detection Engineering
- Operationalize intelligence-led defense by integrating threat intelligence into detection use cases
- Lead detection engineering program to improve fidelity, reduce noise, and expand coverage
- Advance proactive threat hunting capabilities across enterprise and critical systems
Security Engineering & Automation
- Own design, implementation, and optimization of cyber tooling and platforms
- Lead transition toward automation-first and Agentic SOC capabilities
- Deploy and scale:
- Advanced SIEM and XDR capabilities
- SOAR platforms and playbook automation
- MCP / AI-enabled cyber decision support systems
- Ensure secure adoption and governance of AI in cyber operations aligned to NIST AI RMF
Attack Surface & Vulnerability Management
- Establish integrated Attack Surface Management (ASM) across enterprise and external footprint
- Lead risk-based vulnerability management program prioritizing remediation based on threat context and business criticality
- Integrate asset, exposure, and threat data to drive measurable risk reduction
Critical Infrastructure & Regulatory Alignment
- Ensure cyber operations align with NERC CIP requirements and broader regulatory obligations
- Partner with compliance teams to support audits, evidence collection, and continuous improvement
- Coordinate with OT/IT teams to protect grid operations and critical systems
Team Leadership & Culture
- Lead a multi-disciplinary team spanning SOC, engineering, and threat intelligence functions
- Develop talent, succession pipelines, and leadership bench strength
- Foster a culture of accountability, innovation, and continuous improvement
- Drive alignment with enterprise cybersecurity strategy and "Guardians of the Grid" mission
Required Education
- Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field; Master's degree preferred but not required
Required Experience
- 20+ years of experience in cybersecurity or a related field, with demonstrated experience in a senior leadership role.
- Proven experience in managing cybersecurity operations and incident response
- Strong leadership and project management skills
- Excellent communication and collaboration abilities
- In-depth knowledge of cybersecurity frameworks and best practices
- Proficiency in security tools and technologies
- Experience managing large, diverse teams and leading complex projects
- Understanding of Agile principles and methods
- Strong communication and collaboration skills with technical and non-technical stakeholders
- Ability to adapt to new technologies and methodologies
- Ability to align IT transformation initiatives with the overall business strategy
Preferred Qualifications
- Advanced degree or relevant certifications (e.g., CISSP, CISM, would be a plus)
- Utilities industry experience


