Information Security Analyst

Description

The Information Security Analyst provides cyber security expertise in the analysis, assessment, development, and evaluation of security solutions and architectures to secure applications, operating systems, databases, and networks. Assists in the development of security requirements, conducts security risk assessments, evaluates security services and technologies, and reviews and documents information security policies and procedures. This role provides technical information security advice and guidance to project teams to assist in identifying, managing, and mitigating security risks for applications, networks, and systems across the company.

Primary Duties and Responsibilities

• Delivers security consulting services to internal clients in developing risk mitigation and security control recommendations for IT systems, applications, networks, and databases for the company's energy and utility businesses.
• Develops, revises, and reviews information security governance processes, including security policies, procedures, guidelines, and risk management practices.
• Develops, reviews, and maintains security risk management processes and documentation, including technical IT security standards for applications, web architectures, operating systems, databases, and networks.
• Performs security risk assessments, develops security risk mitigation recommendations, and defines security requirements for systems, applications, and networks.
• Conducts vendor security evaluations and defines security requirements in supporting the acquisition and deployment of service provider software, systems, and services.
• Develops and delivers security awareness content to support periodic awareness activities.
• Other duties as required.

SKILLS:

Bachelor's Degree in Computer Science, Information Technology (IT), or a related discipline.

• Minimum 4 - 7 years of cyber and information security experience.
• Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM), or other equivalent security certifications preferred.
• Demonstrated experience and subject matter knowledge in cyber and information security for applications, web architectures, operating systems, databases, and networks.
• Experience in security risk assessment, requirements development, secure design analysis, architecture assessment and development, and security testing of applications and systems.
• Must have experience reviewing, analysing and writing information security policies and procedures.
• Strong experience developing, evaluating, and implementing information security governance processes, including policies, standards, procedures and risk management practices.
• Knowledge and experience in the implementation of governance frameworks and security risk management processes, such as NIST, ISO, and COBIT guidelines and standards.
• Solid understanding and experience with security development life cycle (SDL) processes for internally developed applications, including the web-based and Internet facing components.
• Solid knowledge and experience with IT security aspects of operating systems, Active Directory, database (SQL) access, LDAP, Microsoft SharePoint, web server configurations, and networks.
• Ability to demonstrate analytical skills, technical knowledge, and practical application of cyber and information security principles to advise business leaders and technical staff.
• Ability to apply information security concepts across a range of information technology areas, such as data security, networking, databases, operating systems, and applications.
• Proven analytical and problem solving skills.
• Strong written and verbal communications skills
• Must meet the requirements of Company's candidate screening policies and/or regulations
• Some local travel to multiple sites may be required with periodic travel outside of the state.