Who ❤️ PJ →

Full Search

This job listing has expired and may no longer be relevant!
12 Apr 2021

Temporary (Agile1)IT – Cyber Security Controls Assessor – Senior (21-08113)

iris.chen@axelon.com – Posted by iris.chen@axelon.com Sacramento, California, United States

Job Description

Cyber Security Controls Assessor
Sacramento, CA
2 Years

Top Qualifications:
1. Knowledge of SCADA systems (very important) 2. Experience with cybersecurity risk practices 3. Experience with NIST CSF, cybersecurity framework, NIST SP-800 r4 or r5 4. Understanding of electrical transmission and distribution systems

Top traits:
1) Cybersecurity Risk Assessment/Management experience
2) Experience communicating and working with diverse organizations within a company or government organization
3) Utility or OT experience

Position Summary

This position will be responsible for engaging with the various Lines of Business and collaborating with other parts of the Cybersecurity group, Information Technology partners, and experts in the lines of business to identify threats through our Risk Consultation processes, create strategies to better protect technology assets, and deploy technologies and processes to put those strategies into action. This position will contribute to strategically manage risk and proactively adapt to evolving threats and business needs. This includes performing risk assessments, evaluating and assigning security controls, assisting with the development, design, LoB risk management, and technical experience are all important skill sets for this position.

Qualifications

Minimum:
• Bachelor’s Degree in job-related discipline or equivalent experience
• 5 years of combined IT, critical infrastructure, intelligence, and/or cyber/information security work experience

Desired:
• Experience with enterprise security in a complex, multi-platform environment including SCADA, ICS, and other complex technology platforms
• Experience with regulatory requirements (Nerc-CIP, SOX, FCC, SB 1386/1746, etc.)
• Utility industry and/or operational technology experience strongly preferred
• Cyber/information security management policies, procedures, regulations and governance processes, Information Systems/Network Security, System Security Analysis, Information Assurance Compliance
• Risk management techniques, technological trends and developments in cyber/information security, systems/software development, engineering, integration, testing and evaluation and operating systems
• Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), or equivalent
• Expert of Cybersecurity best practices and standards (e.g. NIST, ISO, etc.)
• Expert of computer networking concepts and protocols, and network security methodologies
• Expert of cloud security concepts, including experience with public cloud (e.g. AWS, Microsoft Azure, etc.) and implementation experience
• Utility industry experience
• Experience in IT-Information Technology security, multi-platform, or related
• Experience in Operational Technology security

Knowledge, Skills, and Abilities:
• Microsoft Office, Remedy, SharePoint, MS Teams, Security tools
• Self-motivated
• Able to follow Safety First principles
• Results driven and customer focused
• Attention to work quality and research driven.
• Effective communication to peers and clients.
• Abler to develop working relationships with LOB management and executives.
• Able to balance workload and priorities
• Able to balance the priorities of the business and maintain/stay customer focused
• Multi-Platform knowledge (UNIX/LINUX, Windows Servers/Desktops, Cisco hardware, etc.)
• Ability to influence and lead behavior change Competency in making sense of complex, high quantity, and sometimes contradictory information to effectively solve problems
• Competency in making good and timely decisions that keep the organization moving forward
• Competency in developing and delivering multi-mode communications that convey a clear understanding of the unique needs of different audiences
• Competency in building partnerships and working collaboratively with others to meet shared objectives
• Ability to energizes coworkers to maintain a positive attitude towards the team and the business directions
• Strong analytical, critical thinking and decision-making skills
• Ability to lead and manage cross-functional compliance projects and initiatives

Desired:
• Advanced knowledge of Cyber/information security management policies, procedures, regulations and governance processes, Information Systems/Network Security, System Security Analysis, Information Assurance Compliance
• Advanced knowledge of Risk management techniques, technological trends and developments in cyber/information security, systems/software development, engineering, integration, testing and evaluation and operating systems
• Advance working knowledge of applicable and accepted security standards and framework (NIST, ISO, etc.).
• Advance knowledge of information security laws, concepts, strategies, computer networking, and cyber security – including topologies, protocol as needed to perform at the job level
• Advanced knowledge and understanding of regulatory and compliance requirements such as SOX, NERC CIP, CCPA, HIPPA, NRC, etc.
• Advance knowledge and skillsets to develop and sustaining Cybersecurity solutions (tools, process, controls, etc.) to reduce risk across the entire land scape of the company.

Job Responsibilities
• Lead project and vendor engagements and technology assessments to understand capabilities of required systems or networks
• Identify and recommend cyber strategies for technology development based on stakeholder requirements
• Own and document the implementation of the security controls and creates auditable evidence of security measures
• Develop and recommend security controls, identifies key security objectives to maximize software and system security while minimizing disruption to plans and schedules
• Translate security controls into technical specifications and guidance to stakeholders to ensure common understanding across the stakeholders and enable adequate implementation
• Document and manage Cybersecurity process, procedures, policies, control documentation, etc.
• Develop effective metrics to track, report on and improve overall department performance.
• Assist in the development and implementation of guidelines and process documentation.
• Assist with the implementation of process improvements and efficiencies.
• Support relationships with business units.
• Assist in designing control risk mitigation plans and support business implementation.
• Monitor the IT regulatory landscape for emerging regulations and assesses impacts to Client control framework and risk strategy.
• Assist in the development and implementation of guidelines and process documentation.
• Provide guidance on the identification, documentation and testing of key controls for assigned complex business processes.
• Assist in the design of technology solutions supporting business requirements on projects.
• Assist in security reviews, identifies gaps in security architecture and designs and recommends necessary security controls to be integrated within the development lifecycle
• Assist in the implementation of process improvements and efficiencies
• Establish and implement strategic communication and messaging plans and ensures alignment and consistency with Client branding principles, strategies, and guidelines.
• Develop consulting practice documentation, identifies, and recommends process improvement, and provides guidance to other team members
• Design of technology solutions supporting business requirements on projects.
• Drive security reviews, identifies gaps in security architecture and designs and recommends necessary security controls to be integrated within the development lifecycle
• Actively engage with the IT methodology team to recommend and deploy process improvements to ensure that security requirements are incorporated in all technology projects
• Actively recommend engineering solutions in collaboration with Cybersecurity Architects and product owners to remediate inherent cyber security risks
• Lead implementation of process improvements and efficiencies.
• Provide peer review and support for organizational deliverables
• Facilitate / coordinate Cybersecurity activities associated with 3rd party and vendor work efforts

Share this role online (there may be a referral fee*)

How to Apply

Please send your updated resume to iris.chen@axelon.com

Job Types: Temporary.

801 total views, 0 today

Apply for this Job