Sr Information Compliance Analyst, Portland, OR #109827

$85,500 - $133,000/Yr

PacificCorp - Portland, OR

posted 4 months ago

Full-time - Mid Level
Portland, OR
Utilities

About the position

The Sr Information Compliance Analyst at PacifiCorp plays a crucial role in supporting the implementation and maintenance of information security systems, particularly in alignment with ISO 27001 and ISO 27019 certification standards. This position is responsible for managing change management processes related to information security policies and procedures, as well as overseeing IT controls. The analyst will also lead continuous improvement initiatives for cyber security across one or more BHE US Affiliates, ensuring that the organization remains compliant with industry standards and best practices. In this role, the analyst will conduct risk assessments and manage the remediation of identified risks. They will research, analyze, and develop new strategies and processes to adapt to evolving internal and external conditions. The analyst will coordinate and execute IT controls, ensuring that the organization meets compliance requirements and effectively manages cyber security risks. Key responsibilities include identifying and implementing key cyber security initiatives, supporting the development and maintenance of the Information Security Management System (ISMS), and coordinating interactions with internal and external cyber security auditors. The analyst will also lead activities related to cyber security maintenance and continuous improvement, consult with management on enterprise information security requirements, and oversee the assessment and mitigation of cyber security risks and threats. Additionally, the analyst will support business continuity planning and incident response management, acting as a subject matter expert in information security.

Responsibilities

  • Identify, prescribe, and implement key cyber security initiatives in support of ISO 27001 and ISO 27019 controls for the pipeline group.
  • Support the development and maintenance of Information Security Management System (ISMS) for one or more BHE US affiliates.
  • Support the development and maintenance of information security policies, procedures, standards, controls, and other related documents.
  • Coordinate and lead interactions with internal and external cyber security auditors.
  • Execute control activities to evidence compliance with IT controls.
  • Lead cyber security maintenance and continuous improvement activities identified through internal processes or cyber security-related audits.
  • Support the development and documentation of BHE USAffiliate third-party services and service levels for ISO 27001 and ISO 27019 scoping for the affiliates.
  • Consult with management, teams, and individuals to provide strategic and tactical direction regarding enterprise information security requirements, policies, procedures, and standards.
  • Coordinate updates to training materials that support the information security policies and procedures.
  • Oversee and coordinate efforts to assess and mitigate cyber security risks and threats.
  • Coordinate with BHE IT and information security staff as well as BHE chief security officer staff to share best practices and cyber security initiatives.
  • Support reporting related to information security key performance indicators and status reporting.
  • Support business continuity planning, cyber security incident response, and management. Coordinate incident response plan creation and updates.
  • Support the enterprise as an information security subject matter expert.
  • Manage and coordinate forensic and investigation activities.
  • Perform other duties as assigned.

Requirements

  • Bachelor's degree in business, information systems, computer science, or a related technical field; or equivalent work experience.
  • Two years of progressively advanced technical experience in an information security role.
  • Demonstrated knowledge of information security best practices as evidenced through achievement or pursuit of one or more advanced certifications, such as CISM or CISSP.
  • Technical knowledge of operating systems, databases, networks, and disaster recovery practices.
  • Excellent oral and written communication skills, including presentation skills.
  • Ability to recognize, respond, escalate, and manage complex technical problems.
  • Effective interpersonal and customer relationship skills.
  • Effective analytical, problem-solving, and decision-making skills.
  • Ability to prioritize and handle multiple enterprise-level assignments.

Nice-to-haves

  • Four years of progressively advanced technical experience in an information security role, including three years supervisory/management responsibilities.
  • Deep technical knowledge of operating systems, databases, networks, and disaster recovery practices.
  • Eight years of progressively advanced technical experience in an information security role, including three years supervisory/management responsibilities.

Benefits

  • Health care
  • Retirement
  • Paid time off
  • Tuition assistance
  • Paid short-term and long-term disability
  • Paid bereavement leave

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service