Security Analyst III

Basic Purpose

The general purpose of this job is to design, develop and coordinate implementation of both long-term and short-term IT security policies and procedures – including supporting technology - and monitor these policies, procedures and technologies, once implemented, to ensure compliance.  This job is responsible for envisioning and taking steps to implement the controls needed to protect Company information as well as information that has been entrusted to the Company by third parties. 

Duties and Responsibilities

Responds to alarms and other indications of cybersecurity incidents. Determines whether malicious activity has occurred, then evaluate, contain, eradicate, and report.

Provides assistance to implement, monitor, document and meet CSC Top 20 Critical Security Controls, ISO 27001 compliance and NERC CIP compliance.

Provides timely and accurately cross-platform collaborative support and communication regarding security threats posing a risk to systems across the company’s computing enterprise, including Team, Group, Company and Affiliates.

Interprets company information security and compliance requirements as they relate to specific circumstances and provide recommendations on resolving. Where appropriate, assists with the implementation of these recommendations.

Develops policies, procedures, training, outreach, white papers, presentations and other material to support the group’s goals and objectives. Supports continuous process improvement by constantly evaluating processes within the group and recommending and - where appropriate - implementing process streamlining initiatives.  Provides on-call IT Security support.  May be required to temporarily assume management duties or assists with other levels of security analyst on a temporary or permanent basis.

Ensures all compliance aspects of position are known and followed; understands and complies with all policies, codes and regulations applicable to position and company. 

Performs related duties as assigned. 

Essential Education, Skills, and Environment
Education and Work Experience

Bachelor’s Degree in Information Technology, Computer Science, or related field from an accredited school and 3 years of IT Security, Audit or Compliance experience.  

Candidates that do not possess a bachelor’s degree must have a minimum of 7 years of related work experience in Security Information and Event Management with associated incident response experience (or) information risk and security governance programs, e.g., ISO 27001, NERC CIP, and NIST 800-53.

Specialized Knowledge and Skills
Demonstrated knowledge of:

• Information technology terms, equipment, systems, functions and major vendors
• security principles are desired through achievement of advanced security certification including CISM or CISSP
• Windows and Active Directory from an audit and/or security perspective; familiarity with security and/or compliance concepts (especially Sarbanes-Oxley, HIPAA, and privacy laws).

Demonstrated skills such as:

• Analytical, interpersonal, presentation, customer relations, analytical, problem-solving, decision-making, and communication
• Project management, prioritization and handling multiple tasks and projects concurrently.

Equipment and Applications
PCs, word processing, spreadsheet, and database software. Familiarity with any of the following technologies: Unix, Linux, Windows Server, Active Directory, Oracle, SCADA, TripWire, Qradar, Nexpose and Carbon Black.

Work Environment and Physical Demands
General office environment.  May require some travel, moderate walking and standing such as generation plants, substations, warehouses and must be able to lift up to 50 pounds.

**NOTE: THE COMPANY MAY FILL THE POSITION(S) AT A LOWER LEVEL DEPENDING ON QUALIFICATIONS OF CANDIDATES**