Vacancy expired!
Local candidates preferred, we want to think if they were to be good and there is an opportunity for conversion, but nonlocal can be considered as well. The role is remote until further guidelines Equipment requirement: candidate should have a working computer. (They will be connected via Citrix) TOP THINGS:
- Someone with at least 3.5 year experience, Third-party security experience,
- Ability to own and document the implementation of the security controls and creates auditable evidence of security measures TECH SKILLS REQUIRED:
- Cybersecurity Risk Assessment- in depth security solution deployment.
-Multiple 3rd party Vendors Assessment
CERTIFICATIONS: (see JD): CISSP, CISA, ISM, Security+ JOB DESCRIPTION
Job Family Summary:
This position will be responsible for engaging with project teams, and collaborate with other parts of the Cybersecurity group, Information Technology partners, and experts in the lines of business to identify threats, create strategies to better protect technology assets, and deploy technologies and processes to put those strategies into action. This position will contribute to strategically manage risk and proactively adapt to evolving threats and business needs. This includes performing risk assessments, evaluating and assigning security controls, assisting with the development, design, vendor risk management, implementation of security architectures, project security support, and technical experience are all important skill sets for this position. Job Responsibilities:
• Lead project and vendor engagements and technology assessments to understand capabilities of required systems or networks
• Identify and recommend cyber strategies for technology development based on stakeholder requirements
• Own and document the implementation of the security controls and creates auditable evidence of security measures
• Develop and recommend security controls, identifies key security objectives to maximize software and system security while minimizing disruption to plans and schedules
• Translate security controls into technical specifications and guidance to stakeholders to ensure common understanding across the stakeholders and enable adequate implementation
• Document and manage Cybersecurity process, procedures, policies, control documentation, etc.
• Develop effective metrics to track, report on and improve overall department performance.
• Assist in the development and implementation of guidelines and process documentation.
• Assist with the implementation of process improvements and efficiencies.
• Support relationships with business units.
• Assist in designing control risk mitigation plans and support business implementation.
• Monitor the IT regulatory landscape for emerging regulations and assesses impacts to Client control framework and risk strategy.
• Assist in the development and implementation of guidelines and process documentation.
• Provide guidance on the identification, documentation and testing of key controls for assigned complex business processes.
• Assist in the design of technology solutions supporting business requirements on projects.
• Assist in security reviews, identifies gaps in security architecture and designs and recommends necessary security controls to be integrated within the development lifecycle
• Assist in the implementation of process improvements and efficiencies
• Establish and implement strategic communication and messaging plans and ensures alignment and consistency with Client branding principles, strategies, and guidelines.
• Develop consulting practice documentation, identifies and recommends process improvement, and provides guidance to other team members
• Design of technology solutions supporting business requirements on projects.
• Drive security reviews, identifies gaps in security architecture and designs and recommends necessary security controls to be integrated within the development lifecycle
• Actively engage with the IT methodology team to recommend and deploy process improvements to ensure that security requirements are incorporated in all technology projects
• Actively recommend engineering solutions in collaboration with Cybersecurity Architects and product owners to remediate inherent cyber security risks
• Lead implementation of process improvements and efficiencies.
• Provide peer review and support for organizational deliverables
• Facilitate / coordinate Cybersecurity activities associated with 3rd party and vendor work efforts Education Minimum (required at least 1, max 3): B.S. degree in Computer Science, Information Systems, or other related field, or equivalent experience Education Desired (max 3): Master’s Degree in Computer Science or job-related discipline or equivalent experience License/Certification Minimum (max 5): ComITIA Security +, SANS, Cisco, GIAC, Microsoft Security, or equivalent Certificates License/Certification Desired (max 5): Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), or equivalent Experience Minimum (max 5): 5 years of combined IT, critical infrastructure, intelligence, and/or cyber/information security work experience Experience Desired (max 5):
• Utility industry experience
• Experience in IT-Information Technology security, multi-platform, or related
• Experience in Operational Technology security
Knowledge, Skills, Abilities and (Technical) Competencies (max 8) Minimum:
• Microsoft Office, Remedy, SharePoint, Security tools
• Self-motivated
• Able to follow Safety First principles
• Results driven and customer focused
• Attention to work quality and research driven.
• Effective communication to peers and clients.
• Able to balance workload and priorities
• Able to balance the priorities of the business and maintain/stay customer focused
• Ability to influence and lead behavior change Competency in making sense of complex, high quantity, and sometimes contradictory information to effectively solve problems
• Competency in making good and timely decisions that keep the organization moving forward
• Competency in developing and delivering multi-mode communications that convey a clear understanding of the unique needs of different audiences
• Competency in building partnerships and working collaboratively with others to meet shared objectives
• Ability to energizes coworkers to maintain a positive attitude towards the team and the business directions
• Strong analytical, critical thinking and decision-making skills
• Ability to lead and manage cross-functional compliance projects and initiatives
• Ability to guide and direct junior team members Desired:
• Advanced knowledge of Cyber/information security management policies, procedures, regulations and governance processes, Information Systems/Network Security, System Security Analysis, Information Assurance Compliance
• Advanced knowledge of Risk management techniques, technological trends and developments in cyber/information security, systems/software development, engineering, integration, testing and evaluation and operating systems
• Advance working knowledge of applicable and accepted security standards and framework (NIST, ISO, etc.).
• Advance knowledge of information security laws, concepts, strategies, computer networking, and cyber security - including topologies, protocol as needed to perform at the job level
• Advanced knowledge and understanding of regulatory and compliance requirements such as SOX, NERC CIP, CCPA, HIPPA, NRC, etc.
• Advance knowledge and skillsets to develop and sustaining Cybersecurity solutions (tools, process, controls, etc.) to reduce risk across the entire land scape of the company.
