Oversees the development and delivery of a comprehensive cyber security program and compliance function. Communicates cyber security strategies, measures, policies, practices and standards to ensure that station assets are secure. Develops standards, policies, procedures, and guidelines which provide guidance and control of cyber security.
- Provides cyber security technical and operational guidance for the station to assure new business functionalities have the proper security controls and objectives identified, implemented, verified, and tested.
- Identifies, evaluates, conducts, schedules and leads cyber security functions to ensure all applicable cyber security requirements are met.
- Reviews, recommends, implements, and maintains all security technology products within the security domain.
- Monitors and evaluates vulnerability information from various sources, security trends, best practices and effectively articulates mitigation guidance.
- Develops and implements Disaster Recovery (DR) strategies for Critical Digital Assets. Conducts cyber security investigations.
- Reviews hardware and software audits for compliance with established regulation, standards, policies, and procedures.
- Understands the cyber security aspects of the architecture of plant networks, operating systems, hardware platforms, software platforms, operating systems, and applications, plant-specific applications.
- Designs and deploys enterprise cyber security monitoring, detection and incident response systems.
- Provides analysis and/or reverse engineering of suspect source code including Trojans, Virus, back doors, and other known and previously unknown Malware.
- Monitors Cyber Security systems as assigned.
- Installs, configures, operates and maintains cyber security equipment and log sources and logging technologies.
- Bachelor’s degree in computer science, mathematics, or engineering preferred; or five years of comparable work experience
- 5 Years + experience in cyber security administration and risk management.
- Expertise and knowledge of NIST 800-53 (Recommended Security Controls for Federal Information Systems and Organizations)
- Knowledge and understanding of security principles such as; hardened/bastioned system builds, network separation, secure coding standards, and wireless security.
- Knowledge and understanding of as a System Admin. with knowledge in DS/IPS/Web Security Gateways, firewalls, networking multiple Operating Systems, risk assessments, vulnerability management and network security.
- Knowledge and understanding in creating conceptual, logical and physical security diagrams, identifying technology-based security tools, and inserting info. security controls and checkpoints into the application design process.
- Configuring and Managing Firewalls (Specifically Palo Alto and Cisco)
- Configuring and Managing Network Switches
- Configuring and Managing AV and endpoint security
- Configuring and Managing SIEMs
- Vulnerability Management
Preferred Certifications (not required)
- Certified Information Systems Security Professional
- Microsoft Certified Solutions Expert
- Cisco Certified Network Professional
- Certified Ethical Hacker (Preferred)
- Must be able to pass background investigation
- Must be forward thinking and passionate problem solver able to work in a group environment that contributes to global client and company mission and culture
- Able to take on new challenges and professionally communicate and collaborate with peers and executive client and corporate leadership