Search Services
http://cdn.haleymarketing.com/templates/61960/logos/searchsvc-hml.png
http://www.searchsvc.com
http://www.searchsvc.com
true
Sr IT Security Analyst
Houston, TX 77002 US
2023-03-24
2023-07-07
Employment Type:
Direct
Category: Security
Job Number: 17981
Work Model: #LI-Hybrid
Internal Reference: #LI-SM1
Job Description
SUMMARY: Our Downtown Houston Energy client is looking for an experienced IT Security Analyst to join their team. In this role you will be responsible for the administration and design of the company’s IT Security program. You will lead the installation, administration and maintenance of the IT security solutions and partner with IT leadership to develop the security vulnerability mitigation strategies and remediation and recovery playbooks. This position will report to the IT Infrastructure Manager.
RESPONSIBILITIES: • Assess and coordinate IT-related security risks to the Company
• Assist with the design, documentation, recommendation, and deployment of IT security strategies and technology solutions for the organization
• Identify and address potential, successful, and unsuccessful intrusion attempts and compromises
• Perform thorough reviews and analyses of relevant security events
• Conduct regular audits (with 3rd party assistance, as needed) to ensure that systems are being operated securely, and information systems security policies and procedures are being implemented as defined in security plans
• Recommend security tools and associated budget requirements for the organization
• Perform vulnerability assessments and report on IT security risk levels to management
• Lead IT security efforts in Corporate, SCADA, mobile, and cloud environments
• Review security profiles for all endpoints including, but not limited to, server, client, mobile, and cloud
• Act as primary contact for third-party security operations center partners for all functions
• Assess and coordinate risk of third-party technologies as they relate to Company IT systems and data (Software-as-a-Service, Infrastructure-as-a-Services, consulting, new software and hardware solutions, etc.).
• Develop and lead regular table-top exercises focused on remediation and recovery of IT systems/data compromise
• Coordinate security incident management and remediation efforts
• Facilitate Company security training program and any remedial security process education for Company personnel
• Ensure IT personnel can assist with security program implementation and management of security solutions and tasks
• Coordinate with other IT teams and business groups to understand Company processes as they relate to IT security
• Act as a point of contact with the Company’s Enterprise Risk Management team
• Respond to IT security questions from both Internal and External Audit teams
• Document and manage IT Security Policies, with IT leadership oversight, to ensure the policies are accurate, effective, and current
• Promote awareness of applicable regulatory standards, risks, and industry best practices
• Lead projects, including solution validation, project definition, and deliverable implementation
• Adhere to and enforce Company security policies
• Ability to travel to field offices
• On call rotation
REQUIREMENTS: • Bachelor’s Degree, in Information Systems, Computer Science, or Information Security (or equivalent experience)
• 5 years IT security or information security experience with a proven ability to engage with Senior Management and regulators
• 3+ years of experience conducting IT compliance assessments (Sarbanes-Oxley, NIST, etc.)
• 3+ years of experience in administering IT security controls in an organization
• Knowledge of technical infrastructure, networks, databases and systems in relation to IT Security and IT Risks
• Experience with IPS/IDS, SIEM IAM and other IT security technologies
• Single Sign-On systems management experience
• Virtual environment experience required
• Certified Information Systems Security Professional (CISSP), or similar certification
• Prior experience working within a publicly traded organization
• Proficient communication skills at all levels
• Proficient time management skills
• Ability to learn new technical concepts quickly and readily
• Ability to work in a team environment, as well as on an individual, unsupervised basis
Preferred Qualifications
• Prior experience working within an upstream Oil and Gas organization
• Prior experience IOT and SCADA
• Knowledge of Sarbanes-Oxley guidelines
• Project management skills
• Windows workstation and server administration
• Prior experience performing security reviews and risk assessments
RESPONSIBILITIES: • Assess and coordinate IT-related security risks to the Company
• Assist with the design, documentation, recommendation, and deployment of IT security strategies and technology solutions for the organization
• Identify and address potential, successful, and unsuccessful intrusion attempts and compromises
• Perform thorough reviews and analyses of relevant security events
• Conduct regular audits (with 3rd party assistance, as needed) to ensure that systems are being operated securely, and information systems security policies and procedures are being implemented as defined in security plans
• Recommend security tools and associated budget requirements for the organization
• Perform vulnerability assessments and report on IT security risk levels to management
• Lead IT security efforts in Corporate, SCADA, mobile, and cloud environments
• Review security profiles for all endpoints including, but not limited to, server, client, mobile, and cloud
• Act as primary contact for third-party security operations center partners for all functions
• Assess and coordinate risk of third-party technologies as they relate to Company IT systems and data (Software-as-a-Service, Infrastructure-as-a-Services, consulting, new software and hardware solutions, etc.).
• Develop and lead regular table-top exercises focused on remediation and recovery of IT systems/data compromise
• Coordinate security incident management and remediation efforts
• Facilitate Company security training program and any remedial security process education for Company personnel
• Ensure IT personnel can assist with security program implementation and management of security solutions and tasks
• Coordinate with other IT teams and business groups to understand Company processes as they relate to IT security
• Act as a point of contact with the Company’s Enterprise Risk Management team
• Respond to IT security questions from both Internal and External Audit teams
• Document and manage IT Security Policies, with IT leadership oversight, to ensure the policies are accurate, effective, and current
• Promote awareness of applicable regulatory standards, risks, and industry best practices
• Lead projects, including solution validation, project definition, and deliverable implementation
• Adhere to and enforce Company security policies
• Ability to travel to field offices
• On call rotation
REQUIREMENTS: • Bachelor’s Degree, in Information Systems, Computer Science, or Information Security (or equivalent experience)
• 5 years IT security or information security experience with a proven ability to engage with Senior Management and regulators
• 3+ years of experience conducting IT compliance assessments (Sarbanes-Oxley, NIST, etc.)
• 3+ years of experience in administering IT security controls in an organization
• Knowledge of technical infrastructure, networks, databases and systems in relation to IT Security and IT Risks
• Experience with IPS/IDS, SIEM IAM and other IT security technologies
• Single Sign-On systems management experience
• Virtual environment experience required
• Certified Information Systems Security Professional (CISSP), or similar certification
• Prior experience working within a publicly traded organization
• Proficient communication skills at all levels
• Proficient time management skills
• Ability to learn new technical concepts quickly and readily
• Ability to work in a team environment, as well as on an individual, unsupervised basis
Preferred Qualifications
• Prior experience working within an upstream Oil and Gas organization
• Prior experience IOT and SCADA
• Knowledge of Sarbanes-Oxley guidelines
• Project management skills
• Windows workstation and server administration
• Prior experience performing security reviews and risk assessments