Information Security Analyst

Information Security Analyst

Salary Grade: G07 •
Minimum: $73,060 •
Midpoint: $96,804 •
Maximum: $120,548

Security Compliance: Personnel may be covered by NERC CIP cyber security standards. The candidate must pass a Personnel Risk Assessment (identity verification and criminal background check) and attend pre‑employment, onboarding, and annual cyber security training.

Under general supervision, provisions electronic access to systems and applications. Acts as an IT security subject matter expert for supported systems and applications. Responsible for Identity and Access Management (IAM), access management, provisioning and compliance controls based on business need. Analyzes the security of systems and applications and develops security baselines to protect information against unauthorized access.

• Provisions electronic access for supported systems and applications in accordance with Access Management and Provisioning program.
• Ensures all access issues are handled in a timely manner and that supported systems are functioning properly.
• Creates, modifies, and deletes profiles and other access controls as part of Role Based Access Control (RBAC) program.
• Provides routine reaccreditation of existing users and associated entitlements.
• Produces evidence in support of Company policies and regulatory requirements, such as Sarbanes‑Oxley (SOX) and NERC CIP.
• Recommends security access requirements for systems and applications; creates ad hoc reports for review.
• Participates in major projects as needed to support business initiatives; ensures project work is completed in a timely manner in accordance with Information Security policies, programs and standards; recommends improvements to the Access Management and Provisioning program.
• Performs user access reviews supporting Company investigation needs; assists with data preservation requests for litigation holds; conducts digital forensics in support of the Security program.

• Knowledge of Company business practices and familiarity with Company products and services.
• Ability to develop and make recommendations for security processes, procedure improvements, and management‑level security standards.
• Ability to identify best practices for security risk assessments, policies, standards and processes.
• Policy, process, and standard development experience.

Minimum Education and/or

Experience:

Bachelor’s degree from a four‑year college or university in Information Resource Management, Business Computer Systems, Computer Science, or Computer Security with three to five years related experience, or equivalent combination of education and/or experience.

• Ability to maintain positive and productive working relationships with various individuals and groups.
• Ability to recognize and initiate tasks without direction.
• Ability to read and interpret technical manuals and reports, instructional documents, and procedure manuals.
• Ability to write procedural documentation and user instructions.
• Ability to speak effectively with various individuals, groups, and vendors.

• Ability to calculate figures and amounts such as discounts, interest, commissions, proportions, percentages, area, circumference, and volume.
• Ability to apply concepts of basic algebra and geometry.

• In‑depth knowledge and experience with IBM/UNIX servers, client/server applications and information security issues.
• In‑depth knowledge of Microsoft, IBM and UNIX server security functionality.
• Working knowledge of related security software.
• Working knowledge of database product security technology, specifically Oracle, SQL and DB2, and general knowledge of physical security methods for securing automated systems and network components.

• Ability to understand and assimilate complex technical information; solve partial problems and handle a variety of concrete variables in situations with limited standardization; interpret instructions furnished in written, oral, diagram or schedule form.

• Ability to make access management and provisioning decisions without direction, in…