Vacancy expired!
Sr Analyst Cyber Security Risk
Next JobApply for JobJob ID295861
LocationOmaha, NE - Energy PlazaFull/Part TimeFull-Time
Regular/TemporaryRegularAdd to Favorite JobsEmail this JobResponsibilitiesThe Senior Cybersecurity Risk Analyst position provides specialized enterprise-wide cybersecurity risk management to assist with maintaining an acceptable level of security and privacy risk while ensuring cybersecurity resilience of OPPD’s Corporate and OT systems, information, and network infrastructure. The Senior Cybersecurity Risk Analyst is responsible for leading in the development and delivery of a comprehensive security and privacy risk management framework and the audit of defense-in-depth layering of security principles and controls to reduce and manage IT/OT risks and ensure the protection of OPPD’s people, processes, and technology. These efforts support OPPD’s Cybersecurity team and other business units by providing analysis and advice regarding cyber related business risks across OPPD. This work demands initiative, analytical skills, and technical expertise while working to maintain and broaden their professional expertise through approved training, collaboration with peers, and attendance at professional meetings/conferences.
Cybersecurity Risk Management:
Coordinate risk assessments and review reports to ensure accuracy and consistency.
Examine risk registry, assessments, and action plans to schedule follow-ups and evaluate potential conflicts.
Conduct formal risk assessments to identify, assess, and measure information security risks for systems, facilities, networks, projects.
Prepare risk assessment reports, to support management action, escalation and risk acceptance processes resulting from risk assessments.
Identify opportunities to improve risk posture, proposing solutions for remediating or mitigating risk and assessing the residual risk.
Manage relationships with security, technology, and business stakeholders to identify and communicate security risks and mitigation approaches.
Cybersecurity Governance:
Develop and maintain cybersecurity policies and supporting documentation (i.e., standards, procedures, etc.) and ensure control requirements and policy guidance remains current and applicable.
Develop strategies to share and socialize cybersecurity policies and supporting documentation across the organization.
Assist with the development and implementation of technology and process solutions to remediate policy gaps.
Oversee the team’s root cause analysis, corrective action plans, and investigative reports for privacy and cyber security incidents.
Conduct investigations, ensure proper documentation is maintained regarding privacy and information security incidents, and monitor key elements of the privacy and information program, including ensuring implementation of training programs.
Third Party Security:
Plan and execute the tasks necessary to ensure the services, provided by key third party vendors, suppliers and business partners do not pose a risk of OPPD’s business operations.
Project Risk Management:
Participate as a business partner liaison and information security subject matter expert to help functional teams, internal project teams, business stakeholders, and external partners understand policies and control requirements effectively implement and manage their risk mitigation safeguards.
Training and Awareness:
Supervise the continuous development, implementation, and ongoing maintenance of the security training and awareness education program.
Support creation and delivery of security and data protection awareness training content to end users.
QualificationsRequired:
Bachelor’s degree in a technical/engineering discipline; or equivalent experience required
At least 5 years of relevant work experience in IT risk management, Information Security, internal audit, Information Technology, risk management, compliance or other relevant field.
Knowledge and experience with Information Assurance (IA) technology, NIST standards, or other security risk frameworks (Experience with ISO 27001, PCI DSS, SOC 1, SOC 2)
CISSP or related information security certification
Third party, technology, and project risk assessment experience.
Experience with Governance, Risk, and Compliance tools
Knowledge of security methodologies, policies, standards and industry practices
Desired:
Master’s degree in a technical/engineering discipline
Must be able to gain NERC and nuclear unescorted access as needed and support vulnerability and account management programs in the following compliance areas (NERC, NRC (NEI 08-09), PCI).
Knowledge of key information technology systems, infrastructure and operations
Experience performing information security assessments and compliance audits in the global high-tech industry; demonstrable and deep understanding of common security controls, processes and technical solutions to safeguard network, system, application and data in on premise and cloud environments.
Experience in developing information security policies, standards and other forms of information security program documentation.
Knowledge of training and development best practices
Closing StatementSalary: S5Minimum: $83,593Midpoint: $104,491Vision Leading the way we power the future. Mission To provide affordable, reliable and environmentally sensitive energy services to our customers. Values We have a PASSION to serve – We HONOR our community – We CARE about each other. Org Marketing StatementEOE: Protected Veterans/DisabilityHow To ApplyApply online at www.oppd.com on or before September 13, 2019.Recruiter: Laura Fritson - lmfritson@oppd.com PLEASE NOTE - Your application has not been submitted unless you have applied for a specific requisition. If you have not chosen a specific opening, your application will remain in 'DRAFT' form and will not be viewed by our Human Capital staff.
