Job Profile Summary Responsible for the design of certain security functions within the overall information security strategy, management system processes, programs, communications, and activities throughout the organization.
Essential Functions and Responsibilities Designs and refines certain functions within the information security framework that ensures confidentiality, integrity, and availability of information assets by protecting against unauthorized use, disclosure, modification, or loss Provides guidance for certain information security functions including developing process/technology roadmaps, determining appropriate organizational awareness activities, and advising senior management on changes in the technical, legal and/or regulatory environments that may impact the security of information assets Works with Director of Information Security to determine the appropriate levels of information risk for the enterprise and collaborates with affected business units and key stakeholders to ensure that exposure is minimized in accordance with applicable laws and regulations Collaborate with appropriate personnel across certain areas of xx to ensure appropriate risk levels are identified for information assets and if applicable, physical security of facilities Lead implementation of information security policies, standards, procedures and guidelines for certain security functions.
Design and operate monitoring and improvement activities to ensure ongoing compliance with internal security policies and applicable laws and regulations Define and implement an ongoing security risk assessment program, which will define, identify, and classify critical information assets, assess threats and vulnerabilities regarding those assets and implement remediation plans where appropriate in certain security functions.
Provide guidance of security risk assessments of third party relationships and associated corrective actions Assist in the information security incident response process and provide guidance to senior management related to incident escalation and resolution.
Assist in the preventive monitoring of potential information security threats, investigation of alleged information security breaches and, if necessary, drive appropriate response to the breach Design, develop, implement, and maintain the identity and access management procedures to ensure proper user account provisioning.
Collaborate with other information technology personnel to ensure solution designs have appropriate information security controls Assist in the information security awareness, training, and educational activities for all personnel who have access to information assets Collaborate with delivery teams to design, develop, and implement secure solutions Education Bachelor’s Degree in information technology, accounting, other related field, or an equivalent combination of formal education and the following job related experience Work Experience Experience in information technology, including significant security activities Experience developing information security and technology roadmaps Experience in a regulated sector.
Familiarity with gas / utilities business processes Experience with key information security frameworks and governing bodies such as the International Organization for Standardization (ISO) and the National Institute of Standards and Technology (NIST) Experience researching, preparing, composing, recommendations, security documentation, flowcharts, standards, procedures, reports, and correspondence Experience interacting, advising, and communicating effectively Experience analyzing information, conducting meetings, and making presentations Knowledge, Skills and Abilities Knowledge of: IT infrastructure environments, local and wide-area networks and application security needs Ability to: manage small to medium information security projects Ability to: develop consensus and facilitate decision-making among senior executives Ability to: communicate and/or exchange information; conduct oral presentations Licenses and Certifications CISSP Certified Information Systems Security Professional preferred Certified Information Security Manager (CISM) preferred Certified Information Systems Auditor (CISA) preferred Certified Secure Software Lifecycle Professional (CSSLP) preferred Certified Information Privacy Professional (CIPP) preferred Strength Factor Rating
– Physical Demands/Requirements Sedentary Work
– Exerting up to 10 pounds of force occasionally (Occasionally: activity or condition exists up to 1/3 of the time) and/or a negligible amount of force frequently (Frequently: activity or condition exists from 1/3 to 2/3 of the time) to lift, carry, push, pull, or otherwise move objects, including the human body.
Sedentary work involves sitting most of the time, but may involve walking or standing for brief periods of time.
Jobs are sedentary if walking and standing are required only occasionally and all other sedentary criteria are met.
Strength Factor Description
– Physical Demands/Requirements Standing: Remaining on one’s feet in an upright position at a work station without moving about (Occasionally) Walking: Moving about on foot (Frequently) Sitting: Remaining in a seated position (Constantly) Lifting: Raising or lowering an object from one level to another (includes upward pulling) (Occasionally) Carrying: Transporting an object, usually holding it in the hands or arms, or on the shoulder (Occasionally) Pushing: Exerting force upon an object so that the object moves away from the force (Occasionally) Pulling: Exerting force upon an object so that the object moves toward the force (includes jerking) (Occasionally) Climbing: Ladders, Stairs (Occasionally) Balancing: Maintaining body equilibrium to prevent falling (Occasionally) Stooping: Bending the body downward and forward by bending the spine at the waist (Occasionally) Kneeling: Bending the legs at the knees to come to rest on the knee or knees (Occasionally) Crouching: Bending the body downward and forward by bending the legs and spine (Occasionally) Crawling: Moving about on the hands and arms in any direction (Occasionally) Reaching: Extending hands and arms in any direction (Constantly) Handling: Seizing, holding, grasping, turning or otherwise working with the hand or hands (Manual Dexterity) (Constantly) Fingering: Picking, pinching or otherwise working with the fingers primarily (Finger Dexterity) (Constantly) Feeling: Perceiving such attributes of objects/materials as size, shape, temperature, texture, movement or pulsation by receptors in the skin, particularly those of the finger tips (Constantly) Talking: Expressing or exchanging ideas/information by means of the spoken word (Frequently) Hearing: Perceiving the nature of sound by the ear (Frequently) Tasting/Smelling: (Occasionally) Near Vision: Clarity of vision at 20 inches or less (Constantly) Far Vision: Clarity of vision at 20 feet for more (Frequently) Depth Perception: Three-dimensional vision; ability to judge distances and spatial relationships so as to see objects where and as they actually are (Frequently) Vision: Color
– The ability to identify and distinguish colors (Constantly) Working Conditions/Environment Employee is subject to inside environmental conditions Working Conditions Well lighted, climate controlled areas (Constantly) Frequent repetitive motion (Constantly) CRT (Computer Monitor(s)) (Constantly) Travel Travel in and around plant and office facilities and around job sites out-of-doors.
Driving Based on assigned tasks, employee may be assigned a company vehicle requiring the applicable driver’s license All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.