Cybersecurity Risk Analyst- CISSP-CISA-CIRSC-Onsite project

CSI Consulting - Houston, TX

posted 3 months ago

Full-time
Houston, TX
Professional, Scientific, and Technical Services

About the position

The Cybersecurity Risk Analyst role is a critical position that focuses on advising and implementing cybersecurity initiatives that align with the latest trends in Information Technology (IT) and Operational Technology (OT) security, risk management, and controls. This position is essential for maintaining robust cybersecurity documentation, including Business Continuity and Disaster Recovery Plans, which are vital for ensuring organizational resilience in the face of potential cyber threats. In this role, the analyst will facilitate risk assessment exercises and perform compliance and risk monitoring/validation, ensuring that the organization adheres to necessary compliance assurance exercises. A significant aspect of the job involves leading awareness and training programs related to the information technology risk program elements, ensuring that all stakeholders understand their responsibilities and execute them effectively. The Cybersecurity Risk Analyst will provide guidance to ensure adherence to specific policies, such as Policy 575 and Policy 564, which govern cybersecurity concurrence for new or upgraded solutions. Additionally, the analyst will coordinate both external and internal assurance or advisory audits, representing the information technology department throughout the audit lifecycle, from planning to remediation strategy. Monitoring, tracking, and reporting on the mitigation and resolution of IT risks is a key responsibility, as is facilitating compliance for all equipment utilized in the IT, Process Control Network (PCN)/Operational Technology (OT), and Demilitarized Zone (DMZ). This includes ensuring timely remediation of critical vulnerabilities. The analyst will also support and integrate cybersecurity standards into both IT and OT environments, serving as a site representative for internal and external cyber initiatives. Collaboration is crucial in this role, as the analyst will work closely with other technical, incident management, and forensic personnel to develop a comprehensive understanding of cyber threat actors' intent, objectives, and activities, thereby supporting the overall cyber defense program.

Responsibilities

  • Advises on Cybersecurity initiatives that support the latest trends in IT & OT security, risk, and controls.
  • Maintains cybersecurity documentation including Business Continuity and Disaster Recovery Plans.
  • Facilitates risk assessment exercises, perform compliance and risk monitoring/validation, and other compliance assurance exercises as required.
  • Leads awareness and training for the information technology risk program elements to ensure responsibilities are understood and executed.
  • Provides guidance to ensure adherence to Policy 575 and Policy 564 Cyber concurrence for new or upgraded solutions.
  • Coordinates external and internal assurance or advisory audits, representing information technology throughout the lifecycle of the audit (from planning through remediation strategy).
  • Monitors, tracks, and reports mitigation and resolution of IT risks.
  • Facilitates compliance of all equipment utilized in the IT, Process Control Network (PCN)/Operational Technology (OT) and Demilitarized Zone (DMZ), including timely remediation of critical vulnerabilities.
  • Supports and integrates cybersecurity standards into the IT and OT environments.
  • Serves as site representative for internal and external cyber initiatives.
  • Works closely with other technical, incident management, and forensic personnel to develop a broader understanding of the intent, objectives, and activities of cyber threat actors and supports the cyber defense program.

Requirements

  • Minimum 3-5 years related work experience in Information Technology field.
  • Work experience in Operational Technology/Industrial Controls Systems field.
  • Knowledge of and experience with Industry Policies, Standards and Controls (e.g., NIST 800-53, IEC-62443 in an ICS environment, ISO 27001, COBIT, ITIL, SOX, PCI-DSS, SANS, etc.).
  • Understanding of key technology/data concepts such as access control, confidential data, encryption, data privacy, information management, intellectual property, business continuity, disaster recovery, security scans, and 3rd party/vendor applications.
  • Strong knowledge of IT organization business processes and systems including (IT Security, data management, architectural and planning, technology life cycle management, regulatory concerns).

Nice-to-haves

  • Certifications in Industrial Control Systems Cybersecurity, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), or other Cybersecurity Certifications (e.g. GISCP, GCIP, or similar certifications).
  • Vendor-specific training on Operational Technology, ICS equipment manufacturers and internal network systems.
  • A self-starter that demonstrates One Team behaviors and demonstrated knowledge of effective influencing tactics and strategies.
  • Highly organized with ability to prioritize and multi-task, as well as able to thrive in a fast-paced environment.
  • Ability to impact decisions, influence and motivate teams, and work with a variety of disciplines, cultures, and environments.
  • Communicates in a clear, concise, understandable manner both orally and in writing.
  • Ability to explain detailed IT concepts and solutions in business terms and make complex materials clear and engaging.
  • Utilizes qualitative and quantitative risk analysis best practices to provide a clear decision-making framework for managing information risk.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service