Description of Position: This is an experienced senior level security analyst responsible for performing assessments of systems, networks, and applications within the organizational environment and identifies where those systems/networks/applications deviate from acceptable security configurations, New Jersey State information security policies and standards, or other statutory, regulatory, or contractual security requirements. The analyst is the ServiceNow SecOps and Vendor Risk Management (VRM) risk subject matter expert providing support to stakeholders; assumes appropriate administrative, project management, team lead, and/or supervisory responsibilities as delegated by superiors; and performs other related duties as assigned. The position requires excellent communication skills and the ability to confidently interact with all levels, from executive and business unit leadership to staff.
Manage and develop ServiceNow SecOps and VRM module.
Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing.
Make recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems and processes).
Ensure all systems security operations and maintenance activities are properly documented and updated as necessary.
Manage and/or assist with protective or corrective measures when a vendor cybersecurity incident or vulnerability is discovered.
Identify and recommend cybersecurity hardening measures and procedures within the organization and across the enterprise in consultation with relevant stakeholders.
Participate in industry groups such as EI-ISAC, MS-ISAC, US-CERT, DHS, FBI, NJSP, and other industry peers and partners to gain and understand security threats and intelligence.
Collaborate on cyber privacy and security policies and procedures.
Collaborate with key stakeholders to establish a cybersecurity vendor risk management program.
Verify minimum security requirements are in place for all applications.
Perform other cybersecurity-related and administrative duties as assigned.
Bachelor’s degree in Computer Science, Information Systems, Cyber Security, Engineering plus 4 or more years of experience in information security, cyber security or related field i.e. Information Technology.
Or associate degree with 8 or more years of experience in information security, cyber security or related field i.e. Information Technology.
Experience with cloud computing and can implement strong security to protect cloud first environment.
Experience with key information security technologies such as SIEM, firewalls, intrusion detection/prevention systems, vulnerability assessment, encryption, identity and access control systems, anti-malware, and security event analysis.
Job Specific Qualifications This is a multi-level position and placement is dependent upon skills, knowledge and experience, scope and number of products managed by the selected candidate. For a Cyber Security Analyst must have at least 4 or more years of experience in Information Security or related field. For a Sr. Cyber Security Analyst, must have at least 6 years or more years of experience in Information Security or related field. Please note this is a NERC CIP position and requires NERC CIP background investigation prior to start. In addition to the requirements listed below, this position also requires:
Experience managing and developing in ServiceNow SecOps and VRM module.