Dieses Stellenangebot ist nicht mehr verfügbar
GRC Security Analyst II
Dormont Manufacturing Company
- Bryn Mawr, Pennsylvania, United States
- Bryn Mawr, Pennsylvania, United States
Über
The primary responsibilities of the Security Analyst II (Governance & Risk) are to ensure the security and integrity of the organization’s information systems, focusing on risk and vulnerability management as well as security compliance. The Analyst frequently engages with technical teams and business process owners to analyze risk, communicate risk posture, and develop effective remediation strategies.
Essential Duties:
Manage execution of enterprise-wide and focused risk, threat, and vulnerability assessments, including Security Awareness, Vulnerability, Configuration, and Third-Party Assessments.
Analyze and prioritize risk, vulnerability, and compliance findings to define remediation priorities, partnering with technology and business stakeholders to implement remediation plans.
Define and manage qualitative and quantitative metrics and reporting to measure the success of vulnerability, third‑party, security awareness, configuration, and asset‑management remediations.
Lead ongoing vulnerability management processes, including preparing remediation plans, tracking progress, and reducing overall vulnerability exposures.
Participate in development, implementation, and operation of control and compliance frameworks based on ISO 27001/27002, NIST 800‑30, Cyber Security Framework/CSF, COBIT, Critical Security Controls, and CIS Configuration Benchmarks.
Monitor compliance with security configuration standards for servers, endpoints, software, and networking platforms based on CIS Benchmarks.
Work closely with IT, development, and operations teams to integrate security practices into the software development lifecycle (SDLC) and IT operations.
Lead or assist with vendor and third‑party risk assessments.
Create and maintain documentation of security solutions, services, configurations, and processes.
Collaborate with intrusion detection, incident response, and security operations teams to manage risk related to existing and emerging threats.
Analyze, process, integrate, communicate, and respond to threat intelligence.
Participate in or lead development, improvements, and updates to continually enhance security controls, policies, guidelines, processes, and procedures.
Develop and deliver security awareness training programs for employees to embed security best practices in corporate culture.
Lead the operation of the security awareness program to ensure ongoing integration of security and risk management into corporate culture.
Implement and maintain controls for compliance and privacy; act as liaison to internal and external audit teams as needed.
Provide escalation support for the Information Technology Help Desk as required.
Work off‑hour maintenance windows and participate in rotating on‑call shifts periodically.
Work independently or as part of a team.
All other duties as assigned by management.
Minimum Qualifications:
Bachelor’s degree in Information Technology, Computer Science, Cyber Security, Security and Risk Analysis, or Information Assurance.
3–5 years of Governance & Risk experience.
Minimum of one of the following certifications or requirement to obtain within 12 months: CISSP, GIAC (GSEC, GSNA), CRISC, CISA, CISM, CCSP, SSCP, CAP, CSSLP, CSX Practitioner.
Knowledge, Skills, and Abilities:
Experience with assessment tools such as Qualys Policy Compliance and CIS‑CAT.
Experience with vulnerability management platforms (Qualys or others) across multiple modules: Vulnerability Management, Policy Compliance, Continuous Monitoring, Web Application Scanning, and Asset Management.
Experience leading security awareness program development.
GRC platform experience and RSA Archer knowledge are strong positives.
Strong written and verbal communication skills; works directly with technical teams and business stakeholders.
Demonstrated organizational skills, multi‑tasking, prioritization, and delegation.
Strong analytical skills for assessing and prioritizing security risks.
Ability to foster a security‑conscious culture.
Adaptability to evolving threats, technologies, and organizational needs.
Understanding of integrating security into project and application lifecycles for enterprise IT systems.
3–5 years of experience in IT focusing on information security auditing, risk analysis, and vulnerability management.
General security knowledge of Active Directory, database platforms, web server platforms, middleware, PKI, cloud computing, Office 365, and Azure.
Experience with statistical, quantitative, and qualitative analysis techniques.
Proactive approach to staying informed on security threats, vulnerabilities, and industry best practices.
Equal Employment Opportunity/Affirmative Action Employer
Essential Utilities, Inc. is an Equal Opportunity/Affirmative Action employer. Equal employment opportunity is provided to all employees and applicants without regard to the following legally protected characteristics: race, color, religion, sex, national origin, age, pregnancy (including childbirth and related medical conditions, including medical conditions related to lactation), physical or mental disability, covered‑veteran status, genetic information, sexual orientation, gender identity or expression, or any other characteristic protected by applicable local, state or federal law. Essential Utilities is committed to providing reasonable accommodation to individuals with disabilities. If you have a condition that may prevent you from applying for a job online or need to request an accommodation during the interview process, please call (1-877-271-9012). To maintain the integrity of the recruitment process and avoid real or perceived conflicts of interest, specific guidelines apply to the hiring and assignment of family members and personal referrals, including but not limited to: Family members cannot result in a supervisor/subordinate reporting relationship; family members cannot work in the same department.
#J-18808-Ljbffr
Sprachkenntnisse
- English
Hinweis für Nutzer
Dieses Stellenangebot wurde von einem unserer Partner veröffentlicht. Sie können das Originalangebot einsehen hier.