Jr. Cyber Security Governance and Risk Analyst

The Cyber Security Governance and Risk Analyst provides cyber security expertise in the analysis, assessment, development, and evaluation of security solutions and architectures to secure applications, operating systems, databases, and networks. Also assists in the development of security requirements, conducts security risk assessments, evaluates security services and technologies, and reviews and documents information security policies and procedures. This role supports the Security Governance, Risk and Controls team and IT project teams in identifying and mitigating management, operational, and technical security risks.

PRIMARY DUTIES AND RESPONSIBILITIES

- Handle tickets dealing with security exceptions, evaluate and work with clients and team members to find a solutions, provide a written assessment after completion, administrator for SharePoint '10 (changes, updates), perform risk assessments and evaluations
- Assists in developing risk mitigation and security control recommendations for IT systems, applications, networks, and databases for the company's energy and utility businesses.
- Develops, revises, and reviews information security governance processes, including security policies, procedures, guidelines, and risk management practices.
- Executes security risk processes, including the evaluation of security risk exception requests and service provider security assessments.
- Develops, reviews, administers, and maintains security risk management processes, documentation, and tools, including technical IT security standards.
- Performs security risk assessments, develops security risk mitigation recommendations, and defines security requirements for systems, applications, and networks.
- Conducts vendor security evaluations and defines security requirements in supporting the acquisition and deployment of service provider software, systems, and services.
- Researches and contributes to security awareness content to support periodic communications.
- Other duties as required.

SKILLS:

JOB SPECIFICATIONS

- Demonstrated experience and subject matter knowledge in cyber and information security for applications, operating systems, databases, and networks.
- Experience in security risk assessment, requirements development, secure design analysis, and service provider security evaluations.
- Experience developing, evaluating, and implementing information security governance processes, including policies, standards, procedures and risk management practices.
- Knowledge of governance frameworks and security risk management processes, such as NIST, ISO, and COBIT guidelines and standards.
- Experience administering IT technologies, such as operating systems, Active Directory, LDAP, web applications, network services, and Microsoft SharePoint.
- Ability to apply information security concepts across a range of information technology areas, such as data security, networking, databases, operating systems, and applications.
- Ability to demonstrate analytical and problem-solving skills, technical knowledge, and practical application of security principles in supporting security risk management activities.
- Strong written and verbal communications skills.

EDUCATION/EXPERIENCE

- Bachelor's Degree in Computer Science, Information Technology, or a related discipline.
- Minimum 2-5 years of cyber and information security experience.
- Global Information Assurance Certifications or other equivalent security certifications preferred.
- Needs experience in procedures, assessments, etc.
- OTHER
- Must meet the requirements of Company's candidate screening policies and/or regulations