| Cybersecurity Risk Analyst || Onsite at Remote, Remote, USA |
| Email: [email protected] |
| From: JUNAID, Smartfolks [email protected] Reply to: [email protected] Job title: Cybersecurity Risk Analyst Location: Houston, San Ramon C2C Role Description: Responsibilities: Tracks portfolio of cybersecurity integrations and divestments. Identifies areas of concern or decision points for leadership awareness and support. Monitors, tracks, and reports mitigation and resolution of IT risks to Integration and Divestment Cyber Workstream Manager. Develops cybersecurity decision support packages to provide clearly stated risks and recommendations for leadership support to progress or pause integration or divestiture activity. Facilitates cyber risk assessment exercises, perform security compliance and risk validation, and other cyber assurance exercises as required. Coordinates external and internal assurance or advisory audits, representing information technology throughout the lifecycle of the audit (from planning through remediation strategy). Works across IT, Cybersecurity, and business units to develop fully aligned integration plans (program mgmt.) Develops and updates cybersecurity integration and divestment playbook based on established best practices on risk reduction and mitigation strategies. Align and incorporate additional risk analyst and risk managers required to support integration and/or divestment activities. Updates and Incorporates cybersecurity documentation to include Incident Response, Business Continuity and Disaster Recovery Plans to meet Chevron requirements. Facilitates identification of vulnerabilities in all equipment utilized in the IT, Process Control Network (PCN)/Operational Technology (OT) and Demilitarized Zone (DMZ), including timely remediation of critical vulnerabilities. Aligns Chevron cybersecurity standards into IT and OT environments being integrated. Addresses cybersecurity gaps in pre-integrated IT and OT environments through prioritization and tracking of remediation activities. Incorporates lessons-learned and best practices into integration playbooks. Serves as cyber integration representative for internal and external cyber initiatives. Works closely with other technical, incident management, and forensic personnel to develop a broader understanding of the intent, objectives, and activities of cyber threat actors and supports the cyber defense program. Required Qualifications/Skills: Minimum 3-5 years related work experience in Information Technology field. Knowledge of and experience with Industry Policies, Standards and Controls (e.g., NIST 800-53, IEC-62443 in an ICS environment, ISO 27001, COBIT, ITIL, SOX, PCI-DSS, SANS, etc.). Understanding of key technology/data concepts such as access control, confidential data, encryption, data privacy, information management, intellectual property, business continuity, disaster recovery, security scans, and 3rd party/vendor applications. Strong knowledge of IT organization business processes and systems including (IT Security, data management, architectural and planning, technology life cycle management, regulatory concerns). Certifications: Desired but not required - Certifications in Industrial Control Systems Cybersecurity, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager, (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), or other Cybersecurity Certifications (e.g. GISCP, GCIP, or similar certifications). Keywords: information technology Cybersecurity Risk Analyst || Onsite [email protected] |
| [email protected] View all |
| Fri Apr 05 02:26:00 UTC 2024 |