The Senior Cybersecurity Risk Analyst position provides specialized enterprise-wide cybersecurity risk management to assist with maintaining an acceptable level of security and privacy risk while ensuring cybersecurity resilience of Corporate and OT systems, information, and network infrastructure. The Senior Cybersecurity Risk Analyst is responsible for leading in the development and delivery of a comprehensive security and privacy risk management framework and the audit of defense-in-depth layering of security principles and controls to reduce and manage IT/OT risks and ensure the protection of people, processes, and technology. These efforts support Cybersecurity team and other business units by providing analysis and advice regarding cyber related business risks. This work demands initiative, analytical skills, and technical expertise while working to maintain and broaden their professional expertise through approved training, collaboration with peers, and attendance at professional meetings/conferences.
Position Specific Responsibilities/Accountabilities:
1. Cybersecurity Risk Management:
Coordinate risk assessments and review reports to ensure accuracy and consistency.
Examine risk registry, assessments, and action plans to schedule follow-ups and evaluate potential conflicts.
Conduct formal risk assessments to identify, assess, and measure information security risks for systems, facilities, networks, projects.
Prepare risk assessment reports, to support management action, escalation and risk acceptance processes resulting from risk assessments.
Identify opportunities to improve risk posture, proposing solutions for remediating or mitigating risk and assessing the residual risk.
Manage relationships with security, technology, and business stakeholders to identify and communicate security risks and mitigation approaches.
2. Cybersecurity Governance:
Develop and maintain cybersecurity policies and supporting documentation (i.e., standards, procedures, etc.) and ensure control requirements and policy guidance remains current and applicable.
Develop strategies to share and socialize cybersecurity policies and supporting documentation across the organization.
Assist with the development and implementation of technology and process solutions to remediate policy gaps.
Oversee the team s root cause analysis, corrective action plans, and investigative reports for privacy and cyber security incidents.
Conduct investigations, ensure proper documentation is maintained regarding privacy and information security incidents, and monitor key elements of the privacy and information program, including ensuring implementation of training programs.
3. Third Party Security:
Plan and execute the tasks necessary to ensure the services, provided by key third party vendors, suppliers and business partners do not pose a risk of OPPD s business operations.
4. Project Risk Management:
Participate as a business partner liaison and information security subject matter expert to help functional teams, internal project teams, business stakeholders, and external partners understand policies and control requirements effectively implement and manage their risk mitigation safeguards.
5. Training and Awareness:
Supervise the continuous development, implementation, and ongoing maintenance of the security training and awareness education program.
Support creation and delivery of security and data protection awareness training content to end users.
1. Safety: Promotes and adheres with the District s Safety Manual. Performs all work in the safest manner and stops work if safety related issues exist to people, equipment and plant/department. Analyze, report, and recommend solutions for all safety concerns to appropriate leadership.
2. Compliance: Understands, maintains knowledge, and complies with all policies, procedures, and applicable Federal and State laws and regulations.
3. Communication: Promptly review and apply Corporate, Business Unit, departmental and team specific communications. Design, deliver and reinforce effective communications as required by role.
4. Continuous Improvement: Research and identify improvement opportunities related to work practices, procedures, documentation, tools or equipment. Applies improved work methods in the execution of work. 5. Fiscal Accountability: Adheres to all budget and expense policies and procedures. Provide input to Manager on budget design as necessary. Effectively cares for all corporate property, tools and equipment in order to minimize cost.
6. Cross Functional Working Relationships (CFWR): Identify opportunities to work collaboratively with peers and other work groups, exhibit professional behavior, and promote positive working relationships.
7. Work Assignment: Nothing in this job description restricts management s rights to assign or reassign duties and responsibilities at any time.
Minimum Qualifications: Required:
Bachelor s degree in a technical/engineering discipline; or equivalent experience required
At least 5 years of relevant work experience in IT risk management, Information Security, internal audit, Information Technology, risk management, compliance or other relevant field.
Knowledge and experience with Information Assurance (IA) technology, NIST standards, or other security risk frameworks (Experience with ISO 27001, PCI DSS, SOC 1, SOC 2)
CISSP or related information security certification
Third party, technology, and project risk assessment experience.
Experience with Governance, Risk, and Compliance tools
Knowledge of security methodologies, policies, standards and industry practices
Master s degree in a technical/engineering discipline
Must be able to gain NERC and nuclear unescorted access as needed and support vulnerability and account management programs in the following compliance areas (NERC, NRC (NEI 08-09), PCI).
Knowledge of key information technology systems, infrastructure and operations
Experience performing information security assessments and compliance audits in the global high-tech industry; demonstrable and deep understanding of common security controls, processes and technical solutions to safeguard network, system, application and data in on premise and cloud environments.
Experience in developing information security policies, standards and other forms of information security program documentation.
Knowledge of training and development best practices
Data Resource Technologies Inc. is an Information Technology Staffing Firm serving the markets of the United States of America; the greatest country in the world. We work with Direct Clients Only and do not participate in multi layer contracts. Earn The Most Possible and put over 60 years of Information Technology Industry experience to work for you today, Call or Apply NOW!!!
12020 Shamrock Plaza, Suite 200 Omaha, NE, 68154Contact