Essential Utilities, Inc.

GRC Security Analyst II

Essential Utilities, Inc.$75K — $95K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in Information Technology, Cyber Security, or related field.
  • 3-5 years of experience in Governance & Risk roles.
  • Must obtain one of the specified security certifications within a year.
  • Experience with vulnerability management platforms, especially Qualys.
  • Strong analytical skills for assessing security risks.

Responsibilities

  • Manage enterprise-wide risk, threat, and vulnerability assessments.
  • Analyze risk findings to set remediation priorities collaboratively.
  • Lead the vulnerability management process and track remediation progress.
  • Develop and implement security compliance frameworks following industry standards.
  • Monitor compliance with security configuration standards.
  • Work alongside IT teams to integrate security practices into SDLC.
  • Lead vendor and third-party risk assessments.

Benefits

  • Opportunity to work with cross-functional teams.
  • Professional development through certification support.
  • Engagement in innovative security awareness programs.
  • Flexible working hours including off-hours maintenance opportunities.
Full Job Description
The primary responsibilities of the GRC Security Analyst II (Governance & Risk) are to ensure the security and integrity of the organization's information systems, with a specific focus on risk & vulnerability management as well as security compliance. The Security Analyst will frequently engage with both technical teams and business process owners to analyze risk, communicate risk posture, and develop effective remediation strategies. Ready to take your career to the next level? Let's talk!

Essential Duties:
  • Manage execution of both enterprise-wide and focused risk, threat, and vulnerability assessments, including but not limited to Security Awareness, Vulnerability, Configuration, and Third-Party Assessments.
  • Analyze and prioritize risk, vulnerability, and compliance findings to define remediation priorities considering all available data sources; partnering with technology and business stakeholders to socialize and implement remediation plans.
    Define and manage qualitative and quantitative metrics and reporting to measure the success of vulnerability, third party, security awareness, security awareness, configuration, and asset management remediations.
  • Ability to lead ongoing vulnerability management processes, including working with IT and business stakeholders to prepare vulnerability remediation plans, track progress, and reduce overall vulnerability exposures.
  • Participate in development, implementation and operation of control/compliance frameworks and security best practices based on ISO 27001/27002, NIST (800-30, Cyber Security Framework/CSF), COBIT, Critical Security Controls, CIS Configuration Benchmarks.
  • Monitor compliance with security configuration standards for servers, endpoints, software, and networking platforms based on CIS Benchmarks.
  • Work closely with IT, development, and operations teams to ensure the integration of security practices into the software development lifecycle (SDLC) and IT operations.
  • Lead or assist with vendor and 3rd party risk assessments.
  • Create/maintain documentation of security solutions, services, configurations, and processes.
  • Work closely with engineers focused on intrusion detection, incident response and security operations to manage risk related to existing and emerging threats.
  • Collaborate with other security engineers to analyze, process, integrate, communicate, and respond to threat intelligence.
  • Ability to participate in or lead development, improvements and updates to continually improve security controls, policies, guidelines, processes and procedures.
  • Develop and deliver security awareness training programs for employees to enhance their understanding of security best practice to ensure that security and risk management continue to be integrated into the corporate culture.
  • Lead development and operation of the security awareness program to ensure that security and risk management continue to be integrated into the corporate culture.
  • Implement and maintain controls for compliance and privacy. Act as liaison to internal and external audit teams as needed.
  • Provide escalation support for the Information Technology Help Desk as required.
  • Ability to work off hours maintenance windows and participate in rotating on call shift periodically.
  • Ability to work alone or function effectively as part of a team.
  • All other duties as assigned by management.


MINIMUM QUALIFICATIONS:

Bachelors in Information Technology, Computer Science, Cyber Security, Security and Risk Analysis, Information Assurance.

3-5 years of previous Governance & Risk experience

Candidates must have a minimum of one of the following certifications or will be required to obtain within the first 12 months: CISSP, GIAC (GSEC, GSNA), CRISC, CISA, CISM, CCSP, SSCP, CAP, CSSLP, CSX Practitioner

KNOWLEDGE, SKILLS, AND ABILITIES:

  • Experience working with assessment tools such as Qualys Policy Compliance and CIS-CAT.
  • Experience developing and using Qualys, or other vulnerability management, platforms with experience in multiple modules and/or areas: Vulnerability Management, Policy Compliance, Continuous Monitoring, Policy Compliance, Web Application Scanning and Asset Management.
  • Experience leading security awareness program development including:
    • Leading regular phishing assessment campaigns.
    • Creating innovative security awareness campaigns using solution provider and custom-developed tools/trainings designed to be flexible and adaptable across a diverse employee population (executives, engineering, marketing and communications, finance, customer service, etc.).
    • Participate in aligning the security awareness program with the enterprise's greatest risks and measure the impact in risk reduction from security awareness efforts.
  • GRC platform experience, with RSA Archer knowledge a strong positive.
  • Strong written and verbal communication skills are required as this position will be responsible for working directly with technical teams and business stakeholders.
  • Demonstrates strong organizational skills and the ability to multi-task, prioritize workload and delegate responsibilities.
  • Strong analytical skills for assessing and prioritizing security risks.
  • Ability to promote a security-conscious culture within the organization.
  • Ability to adapt to evolving threats, technologies, and organizational needs.
  • Ability to understand and integrate security into project and application lifecycles for enterprise IT systems.
  • Minimum of 3 to 5 years experience in Information Technology focusing on information security auditing, risk analysis and vulnerability management.
  • General knowledge of the following technologies from a security perspective: Active Directory, database platforms, web server platforms, Middleware, PKI, cloud computing, Office 365 and Azure.
  • Experience using statistical, quantitative, and qualitative analysis techniques.
  • Proactive approach to staying informed on the latest security threats, vulnerabilities, and industry best practices.


About Essential Utilities, Inc.

Essential Utilities, Inc. is a regulated utility holding company that provides water and wastewater services to more than 5 million people in 10 states across the United States. The company's subsidiaries include Aqua America, which provides water and wastewater services in Pennsylvania, Ohio, North Carolina, Illinois, Texas, New Jersey, Indiana, Virginia, and Georgia, and Peoples, which provides natural gas distribution services in Pennsylvania, West Virginia, and Kentucky. Essential Utilities was founded in 1886 and is headquartered in Bryn Mawr, Pennsylvania.
Learn more about Essential Utilities, Inc.
Size
2 employees
Market Cap
$12.5 billion
Industry
Net Income
$284.8 million
5 Year Trend
+18%
Revenue
$1.4 billion

Similar Jobs

More Jobs at Essential Utilities, Inc.

  • Essential Utilities, Inc.
    Construction Project Manager
    $80K — $110K *
    Pittsburgh, PA 15237 (Allegheny County)
    Real Estate & Construction
    In-Person
  • Essential Utilities, Inc.
    Attorney III
    $120K — $150K *
    Bryn Mawr, PA 19010 (Delaware County)
    Legal & Accounting
    In-Person
  • Essential Utilities, Inc.
    Human Resources Business Partner II
    $70K — $95K *
    Pittsburgh, PA 15237 (Allegheny County)
    Business Services
    In-Person
  • Essential Utilities, Inc.
    Total Rewards Analyst
    $70K — $95K *
    Bryn Mawr, PA 19010 (Delaware County)
    Finance & Insurance
    In-Person
  • Essential Utilities, Inc.
    Dam Safety Engineer
    $75K — $95K *
    Bryn Mawr, PA 19010 (Delaware County)
    Energy & Utilities
    In-Person

More Information Technology Jobs

Find similar GRC Security Analyst II jobs: