Organization is a major S&P 500 energy corporation, headquartered in the South, and is one of the country’s largest energy distributors. This company delivers reliable, affordable, and efficient energy to over 3 million customers across more than 1,400 communities in eight states, primarily located in the southern region. Committed to safety, innovation, and sustainability, the company is modernizing its business and infrastructure while continuously investing in its communities. It also manages proprietary pipeline and storage assets, including one of the largest intrastate pipeline systems in its region.
The team is a true leader in utilizing the latest in cyber security, intelligence, and InfoSec technology and is an industry recognized innovator in the space. Organization has continued to heavily invest in leveraging cyber intelligence and as they continue to grow their IT Security team, we're on the hunt for a Senior Cyber Security Analyst to join the team. This is a brand new role on the Cyber Security team and the primary focus each day will be:
- Lead Policy and Control Initiatives: Owns the development and implementation of company-wide security goals, policies, and procedures to maintain robust internal controls. Ensures the successful integration of information technology policies and control requirements.
- Oversee Compliance Reviews: Leads regular compliance audits, including user access reviews and security activity assessments, to ensure the effectiveness of controls and processes. Conduct ongoing reviews of elevated access accounts and maintain segregation of duties.
- Oversee and Monitor Control Effectiveness: Track, analyze, and report on key metrics related to compliance and control effectiveness, ensuring that all policies and procedures remain up-to-date and aligned with company goals.
- Identify and Address System Gaps: Collaborate with internal teams to identify potential system design or control weaknesses, providing clear recommendations for improvement and implementing appropriate remediation actions.
- Execute Regulatory Compliance Audits: Take an active role in compliance and audit activities related to Sarbanes Oxley (SOX), IT Control Frameworks, Payment Card Industry (PCI) standards, cybersecurity frameworks, and other regulatory requirements. Produce relevant documents, presentations, and remediation plans.
- Engage in Audit Reviews: Participate in internal and external audit engagements and third-party reviews, including vulnerability assessments, validating findings with security teams, and tracking remediation progress to closure.
- Support Incident and Problem Resolution: Review and respond to incidents and problems, gathering metrics and collaborating with teams to implement solutions and suggest process improvements. Conduct root cause analysis to help prevent future issues.
- Contribute to Security Projects and Operations: Preparation, collection, and analysis of documentation for various information security projects. Support daily security operations to ensure the organization remains compliant and secure.
Minimum Requirements:
Educational/Experience Level:
- Bachelor's degree in Computer Science or related field and four years of related experience in IT SOX compliance, audit or a related field; or equivalent.
Preferred Qualifications:
- Experience with TSA Security Directives
- Experience specific to the Energy industry