Share this Job

IT Systems Patch Mgr

Apply now

Apply for Job

Date: May 9, 2022

Location: San Antonio, TX, US, 78205

Company: CPS Energy

We are engineers, high line workers, power plant managers, accountants, electricians, project coordinators, risk analysts, customer service operators, community representatives, safety and security specialists, communicators, human resources partners, information technology technicians and much, much more. We are 3,300 people committed to enhancing the lives of the communities we serve.  Together, we are powering the growth and success of our community progress every day!

Position Summary

This position is responsible for the distribution of security releases (patches, updates, upgrades) to company owned assets, to include server infrastructure, (physical and virtual) supporting business operations and operational technology such as server operating systems of corporate and SCADA systems, and related third party software. Responsible for reviewing the systems vulnerability assessments for risk mitigation and reporting the status of distribution and compliance levels to management. Perform oversight of the assessment and change processes of critical security releases considered for incorporation in the previous 35-day period or as scheduled. Coordinate with business areas to develop mitigation plans for NERC systems or non-critical releases to be tested and implemented based on patch management strategies.   Perform activities required to support CPS Energy internal control and NERC regulatory audits. Assist business areas with the submission of mitigation plans.


GRADE:  15

DEADLINE TO APPLY:  Open Until Filled

Tasks and Responsibilities

  • Schedule and conduct patch management meetings every two weeks.
  • Coordinate with SME’s of Bulk Electric Systems (BES) Cyber Systems and associated Cyber Assets to determine if there were any security releases.
  • Ensure monthly service tickets and Requests for Change (RFC) are completed accurately and closed in a timely manner.
  • Document service ticket and RFC ticket numbers with dates as evidence of check for release, evaluation and implementation.
  • Condense, as necessary, the list of security releases to be reviewed at each meeting to save evaluation time. 
  • Coordinate with the support staff and application owners, to evaluate security releases and schedule for implementation or mitigation. 
  • Track and record the dates that security releases were received, assessed and implemented or mitigated.
  • Track mitigations to ensure security releases are implemented timely, or the mitigation plan is extended or updated in accordance with company policies and processes.
  • Ensure that patch management processes are documented accurately and actions taken are compliant with CPSE policies. 
  • Utilize automated software tools to evaluate applicable releases and report status. 
  • Work with SME’s to apply security releases to applicable devices consistent with procedures. 
  • Ensure patch management activities are tracked and approved within the configuration management and change control process. 
  • Ensure operational constraints are respected when conducting change activities. 
  • Escalate to IT Management and/or the CIP Senior Manager when security releases are in danger of missing the implementation deadline or mitigations need to be extended.
  • Serve as the subject matter expert for patch management assessments and audits. 
  • Plans, performs, and implements process improvement initiatives to include process modeling and flowcharts. 
  • Assists with the collection of information related to system outages to identify root cause of problems, and measures performance against process requirements. 
  • Serves as an author of knowledge management solutions, and other technical documentation as needed 
  • Assist in the development and application of production readiness checklist for new cyber assets
  • Resolve or escalate issues, assisting business areas with gap analysis 
  • Internal Audit liaison – monitor/action items, track RFI’s, working with the Enterprise Information Technology areas, ensuring that all actions are closed timely 
  • Assist with special reports and projects 
  • Attend regional Critical Infrastructure Protection Working Group (CIPWG) meetings, Texas Reliability Entity workshops and other related training to stay abreast of changes to regulatory requirements ensuring CPSE compliance.

Minimum Skills

Minimum Knowledge and Abilities

Extensive experience in a security role in support of a highly technical, complex environment
Demonstrated experience with engagement of and partnering with security stakeholders
Proven experience driving security programs across large diverse organizations
Experience with innovative security approaches in non-traditional IT environments
Familiarity generating automated metrics to measure service, program effectiveness and consistency
Knowledge of operationalizing security requirements
Ability to design and own product roadmap
Strong understanding of software development lifecycle
Excellent written and verbal communication skills with the ability to present complex technical information in a clear and concise manger to diverse audiences

Preferred Qualifications

  • Experience in North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) regulatory environment.
  • IT auditing and/or security background
  • Certified Information Systems Auditor or Manager (CISA/CISM), Certified Information Systems Security Professional (CISSP) or other security certification(s).
  • Cyber vulnerability management experience.


Communicates Effectively
Establishing Relationships
Coordinating Project Activities
Serving Customers
Acting Decisively
Working with Ambiguity

Minimum Education

Bachelor's Degree in Computer Science, Information Systems Management, Mathematics or other related fields from an accredited university

Required Certifications

Working Environment

Work is performed indoors & outdoors. Manual dexterity, talking, hearing, and repetitive motion. Use of computing equipment, telephone, & printer/copier. Ability to travel to and from business related events. After hours work may be required.

Physical Demands

Office Environment

CPS Energy does not discriminate against applicants or employees. CPS Energy is committed to providing equal opportunity in all of its employment practices, including selection, hiring, promotion, transfers and compensation, to all qualified applicants and employees without regard to race, religion, color, sex, sexual orientation, gender identity, national origin, citizenship status, veteran status, pregnancy, age, disability, genetic information or any other protected status. CPS Energy will comply with all laws and regulations.

Nearest Major Market: San Antonio

Job Segment: Information Systems, Power Plant Operator, Business Process, Computer Science, Power Plant, Technology, Energy, Management