Tuesday, June 13, 2017

Senior Information Security Analyst

Position: Senior Information Security Analyst
Location: San Jose, CA
Duration: Contract to Hire

About the Role:
The Senior Information Security Analyst plays a pivotal role in securing and protecting the Company’s Industrial Control Systems (ICS) and corporate network that are responsible for providing drinking water to approximately two million customers. This position is part of the I.T. Security and Compliance team and will work closely with the Network Architecture and Engineering teams to ensure the proper detective, incident response, and recovery controls are in place to protect the Company’s infrastructures. In addition, the position will act as the project manager and/or technical lead on initiatives related to software/hardware implementation, security audit, training, and policy/procedure definition. This position is located in San Jose, California and will require some travel.

Responsibilities:
  • Define requirements, implement and maintain National Institute of Standards and Technology (NIST) compliance for all applicable systems 
  • Define logging aggregation, alerting, patching, backup and restoration capabilities for Industrial Control Systems (ICS), and the corporate network 
  • Performs threat hunting, triaging, and reporting information security events
  • Define and implement privacy and protection of personally identifiable information         
  • Assists with maintenance of IT General Controls (ITGC) SOX and Payment Card Industry (PCI) Data Security Standard (DSS) compliance efforts                      
  • Assists with ISO27002 compliance certification efforts            
  • Documents security procedures and train users on such procedures          
  • Conducts annual table top exercise and provide user security awareness training 
  • Implement and manage Data Loss Protection (DLP) and vulnerability management program            
  • Performs information security policy review for third party/vendor relationships and monitor the service level agreements per agreed upon terms   
  • Leads the security incident response team through all remediation and recovery phases include working with law enforcement    
  • Assess and implement physical security perimeter and entry controls
  • Assists with IT Operations request as necessary
  • Participates in and supports the Company’s Continuous Improvement program and projects
  • Performs other similar duties as assigned
Qualifications:
  • Bachelor’s degree in Computer Science or equivalent relevant experience
  • Strong understanding of enterprise, network, system, and application level security principles
  • Working knowledge of NIST, ISO 27002, and/or other security frameworks 
  • Familiarity with Industrial Control Systems in relation to utility practices for operational technologies and service delivery
  • Excellent troubleshooting skill 
  • Solid written and verbal communication skills 
  • Ability to project manage and can successfully complete projects from inception to closure
  • Global Industrial Cyber Security Professional (GICSP) or Certified Information Systems Security Professional (CISSP) certification is highly desirable
  • Valid California Driver License

​Sarah Nullas 
​Sr. Technical Recruiter
sarah@ursusinc.com
415-766-9051 
​Ursus Inc. | http://ursusinc.com