Security Analyst III

About The Position

Requirements

• Bachelor's Degree in information technology, accounting, other related field, or an equivalent combination of formal education and the following job related experience
• Experience in information technology, including significant security activities
• Experience developing information security and technology roadmaps
• Experience in a regulated sector.
• Familiarity with gas / utilities business processes
• Experience with key information security frameworks and governing bodies such as the International Organization for Standardization (ISO) and the National Institute of Standards and Technology (NIST)
• Experience researching, preparing, composing, recommendations, security documentation, flowcharts, standards, procedures, reports, and correspondence
• Experience interacting, advising, and communicating effectively
• Experience analyzing information, conducting meetings, and making presentations
• Knowledge of: IT infrastructure environments, local and wide-area networks and application security needs
• Ability to: manage small to medium information security projects
• Ability to: develop consensus and facilitate decision-making among senior executives
• Ability to: communicate and/or exchange information; conduct oral presentations

Nice To Haves

• CISSP Certified Information Systems Security Professional preferred
• Certified Information Security Manager (CISM) preferred
• Certified Information Systems Auditor (CISA) preferred
• Certified Secure Software Lifecycle Professional (CSSLP) preferred
• Certified Information Privacy Professional (CIPP) preferred

Responsibilities

• Designs and refines certain functions within the information security framework that ensures confidentiality, integrity, and availability of information assets by protecting against unauthorized use, disclosure, modification, or loss.
• Provides guidance for certain information security functions including developing process/technology roadmaps, determining appropriate organizational awareness activities, and advising senior management on changes in the technical, legal and/or regulatory environments that may impact the security of information assets.
• Works with Director of Information Security to determine the appropriate levels of information risk for the enterprise and collaborates with affected business units and key stakeholders to ensure that exposure is minimized in accordance with applicable laws and regulations.
• Collaborate with appropriate personnel across certain areas of the company to ensure appropriate risk levels are identified for information assets and if applicable, physical security of facilities.
• Lead implementation of information security policies, standards, procedures and guidelines for certain security functions.
• Design and operate monitoring and improvement activities to ensure ongoing compliance with internal security policies and applicable laws and regulations.
• Define and implement an ongoing security risk assessment program, which will define, identify, and classify critical information assets, assess threats and vulnerabilities regarding those assets and implement remediation plans where appropriate in certain security functions.
• Provide guidance of security risk assessments of third party relationships and associated corrective actions.
• Assist in the information security incident response process and provide guidance to senior management related to incident escalation and resolution.
• Assist in the preventive monitoring of potential information security threats, investigation of alleged information security breaches and, if necessary, drive appropriate response to the breach.
• Design, develop, implement, and maintain the identity and access management procedures to ensure proper user account provisioning.
• Collaborate with other information technology personnel to ensure solution designs have appropriate information security controls.
• Assist in the information security awareness, training, and educational activities for all personnel who have access to information assets.
• Collaborate with delivery teams to design, develop, and implement secure solutions.

Benefits

• ONEOK is committed to making our workplace accessible to individuals with disabilities and will provide reasonable accommodations, upon request, for individuals to participate in the application and hiring process.