Cyber Security Risk Analyst
REQUIRED: Extensive experience in Plblic Cloud Foundation, AWS, F5, Palo Alto, Jenkins, AWS Automation? Excellent planning, organizational and project management skills; detail and process-oriented; able to juggle multiple priorities in a fast-paced environment ? Expert understanding of information security concepts and strategy ? Understands information security holistically and how it relates to business goals ? Understanding of risk assessment and risk analysis frameworks ? Demonstrated strategic planning and road mapping ability ? Outstanding problem-solving/decision making ability ? Strong leadership skills; able to manage, mentor and motivate ? Excellent written and verbal communication skills, able to explain complex issues in clear and concise terms ? First class documentation skills ? Exceptional interpersonal skills, including teamwork, facilitation and negotiation ? Highly collaborative, able to work cross-functionally; possessing the ability to forge relationships and partner effectively ? Resourceful and self-motivated, able to work independently when required ? Credible and persuasive; able to present often complex information in an accessible fashion to a non-technical audience DESIRED: ? Experience with enterprise security in a complex, multi-platform environment including SCADA and other complex technology platforms ? Experience with regulatory requirements (Nerc-CIP, SOX, FCC, SB 1386/1746, etc.) ? Experience with SmartMeter and SmartGrid architectures, technologies and standards ? B.A./B.S. degree or equivalent work experience in computer science, business administration or other relevant field required. REQUIRED: ? Minimum of 6 years of relevant technical experience ? Utility Experience DESIRED: ? experience within the related line of business. ? Minimum of 2 years of leading a team in an IT function CISSP certification, or ability to obtain via self-study within one year of date of hire, other relevant IT or security certifications.
? Expert contributor to security vision, strategy, planning and leadership for the design, development, implementation and support of technology risk management framework for a line of business to achieve its objectives. ? Ensures successful implementation of security into new/enhanced systems to meet scope, schedule, and budget. ? Develops risk-based prioritization for security within technology roadmaps. ? Scope the assessment of risks and the execution of plans to mitigate the risks. ? Proactively provides expert knowledge of industry trends and technologies as it relates to specific opportunities where security can enhance value to the business and/or addresses a specific business need. ? Establishes technology risk-based investment planning through risk-integration with BTLs. ? Identifies risk opportunities to make IT and business processes more effective and efficient. ? Directs the implementation of improvement (mitigation) initiatives. ? Drive compliance to standards/regulations and governance processes as it relates to the line of business. Core Responsibilities: ? Responsible for overall business relationship. ? Overall translation of risk from A&V, T&I, and BC/DR teams into consistent format. ? Accountable for communication of risk posture to business units. ? Accountable for overall risk calculation reporting to CISO, CIO, and Board. ? Development of risk-based portfolio management. ? Establishes and updates system inventory for LOB. ? Partners closely and aligns to Business Technology Leads (BTLs). ? Evaluates portfolio risk as part of the annual IT planning process with BTLs and LOBs. ? Engages in project governance stage gate reviews. ? IT representative for each LOB’s Enterprise Risk Management Committee. ? Prioritizes mitigation activities. ? Conducts Enterprise Risk Management (ERM) related activities across IT. Key Outputs: ? LOB risk portfolio. (Production and project based view). ? Business engagement and relationship heat-maps. ? Periodic risk measurement. ? System risk assessments. ? ERM IT Risk Register