Electricenergyonline
6163 - IRM Cyber Security Analyst Portland General Electric Company Location: Or
Electricenergyonline, Portland, Oregon, United States, 97204
Job Function Information:
Risk Management Design information systems security infrastructure. Develop policies and procedures to prevent unauthorized access. Educate and communicate security requirements and procedures to users and new employees. Ensure compliance with regulations and privacy laws. May oversee internal or external systems security (i.e., cloud services). Needs may include performance in the capacity of analyst, auditor or consultant.
Key Responsibilities:
Develop and communicate policy and standards advises internal business and IT stakeholders on information security requirements, policies and standards.
Assists in promoting awareness of security issues among management and employees.
Explains the purpose of and provides advice and guidance on the application and operation of physical, procedural and technical security controls.
Contributes to the development and update of information security policies and processes.
Perform security risk, vulnerability assessments and business impact analysis for medium complexity information systems.
Identifies observed or emerging security exposures that create potential threats to infrastructure, systems or data.
Prepares reports of findings and monitors to ensure that appropriate mitigation and remediation actions have been taken on risk-assessment findings.
Gathers and creates information security metrics reports for management using appropriate visualization techniques.
Conducts technical and policy-based information security risk reviews of third-party vendors.
Reviews RFPs to ensure information security requirements are fully and correctly stated.
Education/Experience/Certifications:
Requires a bachelor's degree in computer science, information systems or other related field or equivalent experience preferred.
Typically five or more years in related field.
Competencies (Knowledge, Skills, Abilities):
Intermediate knowledge of information system risk management principles and best practices.
Intermediate knowledge of Windows, UNIX and network administration.
Intermediate knowledge of hardening systems.
Intermediate knowledge of network and communication systems and equipment.
Intermediate knowledge of PC and productivity software.
Working knowledge of the utility industry.
Intermediate knowledge of relevant technology standards (e.g., ISO, ITIL, OBIT, NIST).
Intermediate knowledge of security issues, techniques and implications across all existing computer platforms.
Intermediate knowledge of hardware and software products that enhance the security of systems, such as intrusion prevention systems (host and network based), firewalls, security event management systems, port scanning and vulnerability identification, monitoring and logging mechanisms.
Intermediate knowledge of security architecture models and principles.
Working skill in using a variety of visualization techniques to effectively present information.
Intermediate ability to communicate security and risk-related concepts to technical and nontechnical audiences, including all levels of management both orally and in writing.
Advanced customer focus skills.
Advanced accuracy skills.
Advanced oral and written communication skills.
Advanced interpersonal skills.
Advanced decision-making skills.
Advanced organization and prioritization skills.
#J-18808-Ljbffr
Risk Management Design information systems security infrastructure. Develop policies and procedures to prevent unauthorized access. Educate and communicate security requirements and procedures to users and new employees. Ensure compliance with regulations and privacy laws. May oversee internal or external systems security (i.e., cloud services). Needs may include performance in the capacity of analyst, auditor or consultant.
Key Responsibilities:
Develop and communicate policy and standards advises internal business and IT stakeholders on information security requirements, policies and standards.
Assists in promoting awareness of security issues among management and employees.
Explains the purpose of and provides advice and guidance on the application and operation of physical, procedural and technical security controls.
Contributes to the development and update of information security policies and processes.
Perform security risk, vulnerability assessments and business impact analysis for medium complexity information systems.
Identifies observed or emerging security exposures that create potential threats to infrastructure, systems or data.
Prepares reports of findings and monitors to ensure that appropriate mitigation and remediation actions have been taken on risk-assessment findings.
Gathers and creates information security metrics reports for management using appropriate visualization techniques.
Conducts technical and policy-based information security risk reviews of third-party vendors.
Reviews RFPs to ensure information security requirements are fully and correctly stated.
Education/Experience/Certifications:
Requires a bachelor's degree in computer science, information systems or other related field or equivalent experience preferred.
Typically five or more years in related field.
Competencies (Knowledge, Skills, Abilities):
Intermediate knowledge of information system risk management principles and best practices.
Intermediate knowledge of Windows, UNIX and network administration.
Intermediate knowledge of hardening systems.
Intermediate knowledge of network and communication systems and equipment.
Intermediate knowledge of PC and productivity software.
Working knowledge of the utility industry.
Intermediate knowledge of relevant technology standards (e.g., ISO, ITIL, OBIT, NIST).
Intermediate knowledge of security issues, techniques and implications across all existing computer platforms.
Intermediate knowledge of hardware and software products that enhance the security of systems, such as intrusion prevention systems (host and network based), firewalls, security event management systems, port scanning and vulnerability identification, monitoring and logging mechanisms.
Intermediate knowledge of security architecture models and principles.
Working skill in using a variety of visualization techniques to effectively present information.
Intermediate ability to communicate security and risk-related concepts to technical and nontechnical audiences, including all levels of management both orally and in writing.
Advanced customer focus skills.
Advanced accuracy skills.
Advanced oral and written communication skills.
Advanced interpersonal skills.
Advanced decision-making skills.
Advanced organization and prioritization skills.
#J-18808-Ljbffr