Duration: 12 months
Cyber and Information Security Analyst
100% Remote. Remote location cannot be in the states of California, Colorado, Illinois, Kentucky, Massachusetts, Montana, Nebraska, New York, Oregon or Washington at this time.
The Cyber and Information Security Analyst works closely with the Cyber Security teams and across the organization and its subsidiaries and business units to protect the cyber assets.
We seek an individual experienced with current cyber security regulatory compliance and information protection strategies with the skills to effectively apply such strategies to a large, dynamic, heterogeneous landscape, in support of compliance and regulatory requirements. A minimum of four years of experience is preferred.
• Act as a subject matter expert (SME) between Cyber Security Compliance, IT, and others business units in the development of appropriate policies, standards, and frameworks as relates to federal, state, and internal compliance requirements
• Support compliance with NERC CIP, protecting the Bulk Electric System.
• Follow all risk remediation protocols to ensure issues are mitigated, risks are accounted for, and exceptions are tracked in accordance with frameworks, policies and standards set by the organization
• Educate stakeholders on Cyber Security Compliance-related matters to increase awareness and improve culture
• Interpret new and modified regulatory standards and work with stakeholders to implement and maintain compliance programs
• Oversee and guide ongoing compliance, evidence collection, and audit support by business units
• Bachelor’s Degree in Computer Science, Information Security, Corporate Compliance, or similar discipline is preferred. A bachelor’s degree in another field with relevant industry experience in cyber/information security will be considered.
• Familiarity with the NERC CIP standards a plus
• Ability to identify and assess the severity and potential impact of risks. Communicate risk assessment findings to risk owners outside the cyber security program in a way that consistently drives objective, fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance.
• Effective communication skills which include creating and delivering reports, presentations, briefs, and training sessions. Must compose well-written, professional documents with minimal editorial and proofing support.
• Familiarity with web based GRC tools (ServiceNow IRM and GRC, AssurX CATSWeb, etc.) and related compliance processes a plus
• Previous compliance audit experience a plus
• Translate technical output from systems and assessment tools into understandable reports and action plans
• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate option
• An ability to work on several tasks simultaneously and pay attention to sources of information from inside and outside one’s network within an organization.
• An ability to effectively influence others to reassess their opinions, plans or behaviors.
• Ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative and actionable manner.