Cyber Security Governance and Risk Analyst

The Cyber Security Governance and Risk Analyst provides cyber security expertise in the analysis, assessment, development, and evaluation of security solutions and architectures to secure applications, operating systems, databases, and networks. Also assists in the development of security requirements, conducts security risk assessments, evaluates security services and technologies, and reviews and documents information security policies and procedures. This role provides technical information security advice and guidance to project teams to assist in identifying, managing, and mitigating security risks for applications, networks, and systems across the company.

PRIMARY DUTIES AND RESPONSIBILITIES

- Delivers security consulting services to internal clients in developing risk mitigation and security control recommendations for IT systems, applications, networks, and databases for the company's energy and utility businesses.
- Develops, revises, and reviews information security governance processes, including security policies, procedures, guidelines, and risk management practices.
- Develops, reviews, and maintains security risk management processes and documentation.
- Performs security risk assessments, develops security risk mitigation recommendations, and defines security requirements for systems, applications, and networks.
- Conducts vendor security evaluations and defines security requirements in supporting the acquisition and deployment of service provider software, systems, and services.
- Develops and delivers security awareness content to support periodic awareness activities.
- Other duties as required.
- Some local travel to multiple sites may be required with periodic travel outside of the state.

SKILLS:

JOB SPECIFICATIONS

- Demonstrated experience in security for applications, web architectures, operating systems, databases, and networks.
- Experience in security risk assessment, requirements development, secure design analysis, architecture assessment and development, and security testing of applications and systems.
- Strong experience developing, evaluating, and implementing information security governance processes, including policies, standards, procedures and risk management practices.
- Knowledge and experience in the implementation of governance frameworks and security risk management processes.
- Security development life cycle experience, including the Internet facing and web based components.
- Experience with security for LDAP, Active Directory, operating systems, SharePoint, SQL, networks and web server configurations.
- Advise business leaders and technical staff by demonstrating analytical skills, technical knowledge, and practical application of cyber and information security principles.
- Ability to apply information security concepts across a range of information technology areas, such as data security, networking, databases, operating systems, and applications.
- Proven analytical and problem solving skills.
- Strong written and verbal communications skills
- Background in project management and awareness would be beneficial.

EDUCATION/EXPERIENCE

- Bachelor's Degree in Computer Science, Information Technology, or a related discipline.
- 5-7 years of experience, preferably in a Commercial and/or Utilities environment. Should have experience reviewing, analysing and writing information security policies and procedures.
- Minimum 4 -5 years of cyber and information security experience.
- Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM), or other equivalent security certifications preferred.