This position is an experienced senior level security analyst responsible for for performing assessments of systems, networks, and applications within the organizational environment and identifies where those systems/networks/applications deviate from acceptable security configurations, New Jersey State information security policies and standards, or other statutory, regulatory, or contractual security requirements. Performs cyber security risk assessment of organizations; makes recommendations to mitigate risk. The analyst is the cyber risk subject matter expert providing support to stakeholders; assumes appropriate administrative, project management, team lead, and/or supervisory responsibilities as delegated by superiors; and performs other related duties as assigned. The position requires excellent communication skills and the ability to confidently interact with all levels, from executive and business unit leadership to staff.
- Provides technical expertise in threat/risk assessments
- Maintains cyber policies, regulations, and compliance documents
- Performs security reviews on new technologies and changes to existing technologies
- Analyses operational reports and proposes remediation actions
- Supports audit and penetration testing operations
- Manage ServiceNow VRM module
- Perform vendor risk analysis (e.g., threat, vulnerability, and probability of occurrence).
- Prepare vendor assessment reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions.
- Make recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems and processes).
- Ensure all systems security operations and maintenance activities are properly documented and updated as necessary.
- Manage and/or assist with protective or corrective measures when a vendor cybersecurity incident or vulnerability is discovered.
- Identify and recommend cybersecurity hardening measures and procedures within the organization and across the enterprise in consultation with relevant stakeholders.
- Participate in industry groups such as EI-ISAC, MS-ISAC, US-CERT, DHS, FBI, NJSP, and other industry peers and partners to gain and understand security threats and intelligence.
- Verify minimum security requirements are in place for all applications.
- Provide cybersecurity recommendations to leadership based on significant threats and vulnerabilities.
- Perform other cybersecurity-related and administrative duties as assigned
Job Specific Qualifications
- Bachelor's degree in STEM, Computer Science, Information Systems or Cyber Security
- 6 or more years of experience in Information Security
- Experience with cloud computing and can implement strong security to protect cloud first environment.
- Works independently with little or no supervision.
- Excellent oral and written communication skills.
- Excellent leadership, technical teamwork, and interpersonal skills.
- Willing to work in strong team environment, constantly teaching and learning from other team members.
- Ability to foster working relationships with the team, IT Management and Client departments.
- Ability to explain technical concepts to the business users in the context of business requirements.
- Technical experience includes: information / data / network / computer security design, administration and/or assessment.
- Broad knowledge of information systems including Windows security, network security, systems development, communication networks, security software/hardware and operating systems.
- Experience with key information security technologies such as SIEM, firewalls, intrusion detection/prevention systems, vulnerability assessment, encryption, identity and access control systems, anti-malware, and security event analysis.
- Leadership, planning and organizing, results orientation, technical/professional knowledge.
- Excellent interpersonal, organizational, managerial, financial management and leadership skills.
- Communicates effectively with both technical and non-technical individuals.
- Maintains a solid working knowledge of Information Security principles and practices.
- Candidate must foster an inclusive work environment and respect all aspects of diversity. Successful candidate must demonstrate and value differences in others' strengths, perspectives, approaches, and personal choices.
- Promote awareness of security issues among constituencies.
- Please Note the Following
- Approximately 5% Travel required
- NERC CIP position, requires NERC CIP background investigation prior to start
- ISC2 Certified Information Systems Security Professional (CISSP), or equivalent
- At least 5 years’ experience as a Cyber Security Engineer, or comparable role.
- Certifications in one or more areas or willingness to obtain: CISSP, a GIAC certification (GSEC, GCIH, or other), CEH,ECSA, CompTIA Security+, or comparable.
- Experience with ServiceNow VRM module
Minimum Years of Experience
6 years of experience