Advisor IT Security Analyst #45804

JOB SUMMARY: Puget Sound Energy’s (PSE) IT Security and Risk department is looking for an IT Security Analyst to join our team. This position will be filled as an Advisor Security Analyst, Senior Security Analyst, Security Analyst, or Associate Security Analyst, depending on the qualifications of the selected candidate.

This role will develop, deliver, maintain and monitor IT security policies, standards, and best practices. The ideal candidate will implement, integrate, maintain, report or monitor security and compliance risk management procedures to reduce financial loss and critical business services. There will also be opportunities to perform security, vulnerability and threat assessments and security incident management.

• Develops, delivers, maintains or monitors IT security policies, standards, and best practices.
• Implements, integrates, maintains, reports or monitors security and compliance risk management procedures to reduce financial loss and critical business failures.
• Performs security, vulnerability and threat assessments and security incident management.
• Oversees security compliance requirements and other IT audit responsibilities.
• Upholds the safety compliance standards inherent in PSE’s operating and/or field procedures related to work responsibilities. Promotes and supports a culture of total safety.

Families and businesses depend on PSE to provide the energy they need to pursue their dreams. Our steadfast commitment to serving Washington communities with safe, dependable and efficient energy started in 1886. Today we’re building the Northwest’s energy future through efforts like our award winning energy efficiency programs and our leadership in renewable energy.

At PSE all employees are valued, respected and provided with the opportunity to excel professionally. We offer an expansive pay package that includes competitive compensation, annual goals-based incentive bonuses, comprehensive cafeteria-style benefits, 401(K), a company paid retirement pension plan, and an employee assistance and wellness program.

JOB REQUIREMENT:
JOB RESPONSIBILTY: • Manages the enforcement of corporate, regulatory, and risk management policies and assists in developing, maintaining, and publishing corporate information security standards, procedures, and guidelines for enterprise computing platforms.

• Provides subject matter expertise to departments on issues of Information Security, including technical guidance and training, and designs and implements programs for user awareness, compliance monitoring, and security compliance.
• Creates and maintains security reporting to facilitate logical security event monitoring.
• Researches, evaluates, designs, tests, recommends, and plans implementation of new or improved information security software or devices.
• Analyzes new/enhanced software applications or tool implementations for implications to existing security software and devices.
• Possesses and applies broad knowledge of security, risk or compliance principles, practices and procedures in at least one process area.
• May confer with superiors on unusual security or compliance matters.
• Drafts new processes, procedures and policies as necessary.
• Defines, implements, and enforces security and compliance controls.
• Facilitates the development and implementation of security systems.
• May act as member of IT security incident response team.
• Serves as lead resource for dealing with highly complex technical and/or business issues.
• Applies advanced knowledge in a primary team and general knowledge in multiple relevant teams to create solutions for highly complex business situations.
• Demonstrates success leading teams or collaborating with business partners and peer-level professionals from other IT teams from PSE, vendors or consulting organizations.
• Mentors peers to acquire fine points of professional practice.
• Operates under limited direction.
• May manage up to two direct reports.
• Resolves highly complex problems, often collaborating with other experts to do so.
• Recognizes subtle changes or problems in the design or performance of highly complex applications or systems, and intervenes flexibly / creatively to improve performance.
• Updates or creates documentation in collaboration with others from within or across teams.
• Works with IT professionals and managers across multiple segments.
• Defines project scope, objectives, and client requirements. Creates project schedule, cost/financial plan, risk mitigation plan, communication plan, quality plan, change control plan, and resource plan to meet project goals within the project scope, timeline, and budget.
• Estimates resource requirements for large projects involving multiple departments, platforms, technologies, executive sponsors, or particularly high-risk business problems.
• Performs other duties as assigned. MINIMUM QUALIFICATIONS:
• Bachelor’s degree and 8 years of experience or combination of specialized training/experience and 8 years of directly relevant experience.
• Technical proficiency in security-related hardware and software; ability to function as a consultant to other IT groups on security matters as a recognized technical expert and to lead teams.
• Knowledge of security controls for servers and workstations.
• Understanding of various operating environments, e.g. UNIX, Windows, Linux, Cisco IOS, AIX, Cisco UCS, VMWare.
• Hands-on knowledge of working with network routers, LAN bridges, and the communication architectures that link them together.
• Understanding of security ‘firewall’ gateways and their designs, configuration and management.
• Knowledge of security and internal control frameworks such as: ISO 27001, NIST 800-53, COBIT and COSO.
• Experience with implementation and management of compliance requirements such as NERC and SOX.
• Understanding and experience with security products and techniques such as token-based dialup authentication, modem callback and password management.
• Ability to effectively adapt to and apply rapidly changing technology to business needs.
• Strong knowledge and understanding of business needs, with the ability to establish and maintain a high level of customer trust and confidence.
• Proven ability to work under stress in emergencies; flexibility to handle pressure coming from all directions at one time.
• Strong analytical and problem-solving skills.
• Strong customer focus and ability to manage client expectations.

DESIRED QUALIFICATIONS:

• Experience in various database design technique.
• Highly desirable are certifications in one or more of the following: Certified Information Security Manager (CISM); Certified Information Systems Auditor (CISA); Certified Information Systems Security Professional (CISSP); SANS-GIAC certifications family; or Security Plus.