Information Security GRC Analyst

About The Position

Requirements

• Bachelor's degree in a related field or equivalent education and/or experience.
• 2-4 years of job-related experience or equivalent education and/or experience.
• OT/ICS cybersecurity relevant accreditations such as ISA/IEC62443 or SANS or other internationally recognized certifications are preferred.
• Experience in Information Technology (IT), Operational Technology (OT), or related field focused on designing, building, and managing cybersecurity for industrial control systems and networks.
• Knowledge and understanding of controls systems (SCADA/DCS/PLCs, etc.) and relevant protocols (Modbus TCP, Ethernet/IP, PROFINET, DNP3, IEC61850, etc.).
• Working knowledge of key technologies including Firewalls, IDS, Anti-Virus, Vulnerabilities assessments, etc., in the ICS/OT networks.
• At least one of the following certifications from a nationally recognized organization is preferred: CRISC, CISSP, CISM, CISA, CCSP, or certifications in OT/ICS cybersecurity like ISA/IEC62443 or SANS.

Nice To Haves

• In-depth conceptual and practical knowledge in cybersecurity and GRC disciplines.
• Demonstrates strong knowledge of technical, process, and business principles as well as industry practices and standards.
• Excellent communication, problem solving, and organizational skills.
• Able to multitask, prioritize, and manage time effectively.
• High level of integrity and discretion in handling sensitive and confidential data.
• Proficient using Microsoft Office Suite products.
• Proficiency using GRC programs such as AuditBoard, Archer, and ServiceNow.

Responsibilities

• Perform security assessments and deliver new security detection rules to enhance our existing testing capabilities.
• Document network and system specification deliverables to address cybersecurity vulnerabilities and the security controls necessary to mitigate the vulnerabilities to an acceptable level of risk.
• Develop and maintain security policies, standards, procedures, and processes for various IT frameworks, including CIS, ISO 27001/2, COBIT, ITIL, NIST, and PCI-DSS.
• Create detailed asset lists, including software and firmware specifications, in support of cybersecurity assessments.
• Perform governance and oversight functions by evaluating requirement document categorization, control alignment, and minimizing redundancy in the security policy and standard portfolio.
• Participate in cross-functional project teams (internal and external) of Process Control, Safety, IT, and Cyber Security engineers, assisting with design, implement, and test cybersecurity standards, regulatory requirements and technologies, processes/procedures, and specs during engineering, construct, and commissioning phases projects.
• Continuously monitor, identify, and report control gaps in IT and cybersecurity programs, contributing to ongoing improvements in security practices.
• Support development of architecture, FAT/SAT procedures for project execution.
• Collaborate with stakeholders to draft, review, and publish internal security policies and standards, providing guidance and expertise throughout the process.
• Collaborate to interpret cyber security program policy and support procedure development.
• Participate in the development of enterprise architecture by collaborating with Enterprise Architecture COE.
• Perform other duties as needed.