The Systems Security Analyst ensures that systems security & controls requirements and specifications are adequately defined to eliminate and/or reduce risks, and that security features are sufficiently rigorous to protect managed service environment, systems, and company information contained therein. Respond to environment, systems and network security incidents, e.g., system compromise, loss of confidentiality, authentication problems, etc. by analyzing incident reports, interviewing managed service provider(s), end-users, system owners as needed, working with managed service provider(s) to isolate potential sources and implement solutions.
Essential Duties / Functions
1. Stay abreast of current IT security developments and trends as a subject matter expert in IT security & controls.
2. Monitors managed service provider(s) performance in regards to security of environment, systems, network and protection of company information contained therein; work with managed service provider(s) to ensure remediation of vulnerabilities as appropriate.
3. Champions cybersecurity awareness culture throughout the company; key resource on GPLNG cybersecurity team.
4. Assists operations and engineering with security & controls pertaining to process control network.
5. Assesses the security posture, develops risk profile, specify security requirements, and identify mitigation measures necessary to safeguard systems and network.
6. Assists with risk based security & controls assessment for new and existing systems, networks, Web applications, databases and various operating systems. Recommends new or revised security measures and countermeasures for current security challenges.
7. Validates security scans for applications to ensure there are no open vulnerabilities requiring mitigation.
8. Evaluates new and improved security technologies and recommends adoption of new technologies that have the potential to enhance current capabilities.
9. Develop organization wide best practices for IT security & controls in order to protect company’s digital assets from unauthorized access.
10. Maintains information systems security documentation, such as system security plans, risk assessments, disaster recovery plans, IT business continuity plans, and checklists to meet appropriate system and regulatory compliance.
11. Continuously assesses the effectiveness of security controls on installed systems based on analysis of reported security violations/breaches and implements modifications to enhance effectiveness.
Minimum Education Requirements of the position:
- Bachelor's Degree in Information Technology or Cybersecurity
Minimum Experience required of the position:
- 5-8 years of relevant experience
- Experience identifying cybersecurity threats and applying controls to mitigate any threats
- Experience with security management and data loss prevention
- Energy industry background preferred
Minimum knowledge, skills and abilities required of the position:
- Excellent communication and presentation skills
- Strong operational knowledge of IT Security to solve business requirements
- Strong communication skills and ability to related to customers of all levels
- Customer centric orientation with an "own the problem" mindset
- Ability to prioritize and execute tasks as appropriate
Any certificates, licenses, etc. required for the position:
- Relevant certification preferred (Certified Information Systems Security Professional, Certified Information Security Manager, Certified Information Systems Auditor)
- Typical office environment with occasional visits to terminal and pipelines
- Not all aspects of the job are covered by the description – may require “other duties as assigned.”
- Job may change over time in accordance with business needs.
- Job description does not guarantee employment.