job summary: Our client is currently seeking a Cyber Security Business Risk Analyst for a 2 year contract opportunity located in Sacramento, San Ramon, Concord, or San Francisco, CA. Comments/Special Instructions
- Local candidates only.
- Industrial control system/operational technology experience, security risk consulting experience, and operations or NERC CIP experience
location: Sacramento, California
job type: Contract
salary: $60 - 84 per hour
work hours: 8am to 5pm
? Excellent planning, organizational and project management skills; detail and process-oriented; able to juggle multiple priorities in a fast-paced environment
? Understanding of information security concepts and strategy
? Understands information security holistically and how it relates to business goals
? Understanding of risk assessment and risk analysis frameworks
? Outstanding problem-solving/decision making ability
? Excellent written and verbal communication skills, able to explain complex issues in clear and concise terms
? First class documentation skills
? Exceptional interpersonal skills, including teamwork, facilitation and negotiation
? Highly collaborative, able to work cross-functionally; possessing the ability to forge relationships and partner effectively
- Experience with enterprise security in a complex, multi-platform environment including SCADA, ICS, and other complex technology platforms
- Experience with regulatory requirements (Nerc-CIP, SOX, FCC, SB 1386/1746, etc.)
- Utility industry and/or operational technology experience strongly preferred
- Cyber/information security management policies, procedures, regulations and governance processes, Information Systems/Network Security, System Security Analysis, Information Assurance Compliance
- Risk management techniques, technological trends and developments in cyber/information security, systems/software development, engineering, integration, testing and evaluation and operating systems
- Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), or equivalent
- Mastery of Cybersecurity best practices and standards (e.g. NIST, ISO, etc.)
- Mastery of computer networking concepts and protocols, and network security methodologies
- Mastery of cloud security concepts, including experience with public cloud (e.g. AWS, Microsoft Azure, etc.) and implementation experience
? Minimum of 4 years of relevant technical experience
? Utility Experience
DESIRED:? Minimum of 2 years of leading a team in an IT/OT function CISSP certification, or ability to obtain via self-study within one year of date of hire, other relevant IT or security certifications.
? Significant contributor to security vision, strategy, planning and leadership for the design, development, implementation and support of technology risk management framework for the line of business to achieve its objectives.
? Contributes to successful implementation of security into new/enhanced systems to meet scope, schedule, and budget.
? Recommends risk-based prioritization for security within technology roadmaps.
? Scope the assessment of risks and the execution of plans to mitigate the risks.
? Proactively provides expert knowledge of industry trends and technologies as it relates to specific opportunities where security can enhance value to the business and/or addresses a specific business need.
? Contributes to technology risk-based investment planning through risk-integration with BTLs.
? Identifies risk opportunities to make IT and business processes more effective and efficient.
? May direct the implementation of improvement (mitigation) initiatives.
? Drive compliance to standards/regulations and governance processes as it relates to the line of business.
? Overall "operations" arm of the risk management function.
? Develops and operates enterprise technology risk dashboard.
? Analyzes supply & demand and for all risk assessment activities to develop schedule with A&V team.
? Accountable for development of security business (quality) requirements.
? Acts as a liaison to operations and CTO to drive improvement based on patterns.
? Drafts risk exception reporting, where applicable.
? Works with Risk Advisory team to develop mitigation plans.
? Establishes and maintains security metrics.
? Manages and accountable for the development of the risk scenario library.
? Supply and demand forecast.
? Security requirements
? Overall risk assessment master schedule.
? Reporting standards and templates.
? Risk mitigation plans and Security metrics.
Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.
Qualified applicants in San Francisco with criminal histories will be considered for employment in accordance with the San Francisco Fair Chance Ordinance.
We will consider for employment all qualified Applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws, including the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance.