The Senior Security Analyst works closely with the other members of the team to analyze, develop, implement and maintain a comprehensive information security program. Areas of responsibility include selecting and deploying technical controls for specific security requirements, and defining processes and standards that ensure security configurations are maintained appropriately. This position may provide task direction for others on assigned projects of any complexity and scope.

POSITION DIMENSIONS

This position may have up to four direct reports, which may include any combination of exempt and non-exempt positions. This position is not responsible for budgets. The incumbent frequently exchanges information with senior management, division management, Information Services support staff, vendors and consultants.

QUALIFICATIONS

There are clear policies and procedures that the incumbent uses to determine how this job is performed. This position requires five years of relevant work experience and a Bachelor of Science degree in Information Systems, Management Information Systems, Computer Science or equivalent combination of education and experience sufficient to successfully perform the essential job responsibilities.

Audit, risk, compliance or governance experience is preferred with technical knowledge of mainstream operating systems and a wide range of security technologies, such as network security appliances, identity and access management (lAM) systems, anti-malware solutions, automated policy compliance tools, desktop security tools, and cloud. CISSP or CRISC similar certification is preferred.

ESSENTIAL JOB RESPONSIBILITIES

• Perform qualitative and quantitative risk analysis
• Analyze security controls and systems policy configurations
• Evaluate and coordinate security best practices
• Identify security requirements, using methods that may include risk and business impact assessments when working with business units and other risk functions
• Investigate and report to management concerning risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance. May coordinate and/or perform control, penetration and vulnerability assessments to identify control weaknesses and assess the effectiveness of existing controls, with recommendation of remedial action
• Collaborates on critical IT projects to ensure that security issues are addressed throughout the project life cycle
• Works with the Information Services department and members of the information security team to identify, select and implement technical controls
• Develops and documents security processes and procedures, and supports service-level agreements (SLAs) to ensure that security controls are managed and maintained
• Leads the execution of risk assessment activities, analyzing the results of audits (performed by other groups) to produce recommendations of acceptable risk and risk mitigation strategies
• Assists with the definition of security configuration and operations standards for security systems and applications networking and telecommunications equipment based security systems
• Assists in the development and validation of baseline security configurations
• Provides second- and third-level support and analysis during and after a security incident
• Develops standards and department procedures
• Provides input/oversight in the department’s activities/responsibilities including planning, scheduling, staffing, monitoring, traveling and reporting
• Participates in security investigations and compliance reviews, as requested by internal, external auditors or compliance/regulatory agencies
• Monitors daily or weekly reports and security logs for unusual events and acts as a liaison between incident response leads and subject matter experts
• Works with the information security governance process to define control recommendations that are both efficient and effective
• Maintains an awareness of existing and proposed security-standard-setting groups, state and federal legislation and regulations pertaining to information security
• Identifies regulatory changes that will affect information security policy, standards and procedures, and recommends appropriate changes
• Assists in the development of security architecture and security policies, principles and standards
• Participates and provides guidance for security activities in the system development life cycle (SDLC) and application development efforts
• Participates in organizational projects, as required
• Perform related duties and responsibilities as assigned
• Regular and predictable attendance is a condition of employment and is an essential function of the job

SALARY DETAILS

$96,400 - $144,600

At Southwest Gas, attracting the best talent is key to our strategy and success as a company. We use flexibility to develop competitive compensation offers to ensure we are able to hire the best candidates. The quoted salary range represents the minimum and maximum of the pay range for the position. It is provided as a good faith estimate as to what our ideal candidates are likely to expect, as we tailor our offers within the range based on the selected candidate's experience, industry knowledge, location, technical and communication skills and other factors that may prove relevant during the interview and selection process.

Looking for more jobs near me. Find your favorite job now by visiting our jobs page.