Senior Information Assurance Analyst - Oahu

hawaiianel-posted 3 months ago
$107,700 - $139,800/Yr
Full-time • Manager
Honolulu, HI
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

The P EJ INFORMATION ASSURANCE Department of the P INFORMATION ASSURANCE Division at Hawaiian Electric Company has 1 Management vacancy available. This position oversees or performs the assessments of Company systems and networks and identifies where those systems/networks deviate from cybersecurity policies, acceptable configurations, or guidance. The role provides consulting-level knowledge and expertise for the Information Assurance (IA) division, which includes development and enforcement of cybersecurity policies & standards, cybersecurity risk management activities, information technology (IT) and operational technology (OT) compliance, and secure integration of grid technologies and cloud services. The position supports the development of detailed plans and provides requirements for information systems’ security controls and security monitoring solutions. It also performs security control reviews to validate the security controls as designed are operating effectively and develops policies, standards, and procedures to ensure that security controls are adequately designed.

  • Performs cybersecurity assessments and provides security control requirements for IT and OT projects, including externally hosted applications and grid technology projects.
  • Develops and manages programs and processes for privacy, e-discovery, security awareness training, digital forensics, patch management, vulnerability remediation, and other security and compliance programs.
  • Supports detailed review and approval processing for various policies, processes, and procedures necessary to support the Company’s cybersecurity security and compliance requirements.
  • Ensures that adequate and proper internal controls, processes, practices, and standards are developed, maintained, and tested in order to meet the Company’s policy and compliance requirements.
  • Supports the business continuity planning, disaster recovery planning, and the Company’s Cybersecurity Incident Management Team (CS-IMT), with occasional on-call support.
  • Participates in Company emergency response activities as assigned, including any activities required to prepare for such emergency response.
  • Advanced (7-10 years) analysis and/or leadership experience in a multi-level service or consulting organization, preferably in an information technology, application security, network security or quality assurance capacity.
  • Information security experience is required.
  • Knowledge of computer networking concepts and protocols, and network security methodologies.
  • Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
  • Knowledge of cyber threats and vulnerabilities.
  • Knowledge of cryptography and cryptographic key management concepts.
  • Knowledge of data backup and recovery concepts.
  • Knowledge of host/network access control mechanisms (e.g., access control list, capabilities list).
  • Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).
  • Knowledge of traffic flows across the network (e.g., TCP and IP, OSI, ITIL).
  • Knowledge of programming language structures and logic.
  • Knowledge of system and application security threats and vulnerabilities.
  • Knowledge of network attacks and their relationship to both threats and vulnerabilities.
  • Knowledge of system administration, network, and operating system hardening techniques.
  • Knowledge of different classes of attacks and cyber attackers.
  • Knowledge of different cyber-attack stages.
  • Knowledge of network security architecture concepts.
  • Knowledge of specific operational impacts of cybersecurity lapses.
  • Knowledge of security models.
  • Knowledge of ethical hacking principles and techniques.
  • Knowledge of penetration testing principles, tools, and techniques.
  • Conceptual knowledge of NIST Standards, ISO 27000 series, OWASP, and other security related frameworks and standards.
  • Conceptual knowledge of utility business and related Operational Technology Systems.
  • One or more of the following certifications: CISSP, CISM, CISA, GSLC, CCSP, Security +, SSCP.
  • Competitive compensation package.
  • Opportunities for challenge and advancement.
Track Jobs with Teal

Job Search Resources

Resume Builder
Resume Examples
Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service