Hawaiian Electric
Overview
Senior Information Assurance Analyst – Oahu. Posting End Date: This position will remain open until filled. Early applications are encouraged. Job Function
Oversees or performs the assessments of Company systems and networks and identifies where those systems/networks deviate from cybersecurity policies, acceptable configurations, or guidance. Provides consulting-level knowledge and expertise for the Information Assurance (IA) division, including development and enforcement of cybersecurity policies and standards, cybersecurity risk management activities, IT and OT compliance, and secure integration of grid technologies and cloud services. Supports development of detailed plans and provides requirements for information systems’ security controls and security monitoring solutions. Performs security control reviews to validate that controls are designed and operating effectively. Develops policies, standards, and procedures to ensure that security controls are adequately designed. Essential Functions
Performs cybersecurity assessments and provides security control requirements for IT and OT projects, including externally hosted applications and grid technology projects. Develops and manages programs and processes for privacy, e-discovery, security awareness training, digital forensics, patch management, vulnerability remediation, and other security and compliance programs. Supports detailed review and approval processing for policies, processes, and procedures necessary to support the Company’s cybersecurity and compliance requirements. Ensures adequate internal controls, processes, practices, and standards are developed, maintained, and tested to meet the Company’s policy and compliance requirements. Supports business continuity planning, disaster recovery planning, and the Company’s Cybersecurity Incident Management Team (CS-IMT), with occasional on-call support. Participates in Company emergency response activities as assigned, including activities required to prepare for such response. Basic Qualifications
Knowledge Requirements Computer networking concepts and protocols, and network security methodologies. Risk management processes and methods for assessing and mitigating risk. Cybersecurity and privacy principles and organizational requirements (confidentiality, integrity, availability, authentication, non-repudiation). Laws, regulations, policies, and ethics related to cybersecurity and privacy. Cyber threats and vulnerabilities. Cryptography and cryptographic key management concepts. Data backup and recovery concepts. Host/network access control mechanisms (e.g., ACLs). Network access, identity, and access management (e.g., PKI, OAuth, OpenID, SAML). Traffic flows across networks (TCP/IP, OSI, ITIL). Programming language structures and logic. System and application security threats and vulnerabilities (e.g., XSS, injections, malware). Network attack concepts and their relation to threats and vulnerabilities. System administration, network, and operating system hardening techniques. Various attack types and attacker profiles (e.g., insider threats, nation-sponsored attacks). Cybersecurity frameworks and standards (NIST, ISO 27000 series, OWASP). Concepts of OT/SCADA security within utility environments. Skills Requirements Conducting vulnerability scans and recognizing vulnerabilities in security systems. Assessing the robustness of security systems and designs. Detecting host and network-based intrusions via IDS (e.g., Snort). Modeling threat behaviors and using penetration testing tools and techniques. Using social engineering techniques (phishing, baiting, tailgating). Using network analysis tools to identify vulnerabilities (e.g., fuzzing, Nmap). Reviewing logs to identify evidence of past intrusions. Conducting application vulnerability assessments and impact/risk assessments. Developing insights about an organization’s threat environment. Collaborating with teammates and communicating effectively in writing and verbally. Analyzing highly complex systems with analytical rigor and independent judgment. Operating autonomously with minimal direction. Experience Requirements
Advanced (7-10 years) analysis and/or leadership experience in a multi-level service or consulting organization, preferably in IT, application security, network security or quality assurance; information security experience is required. One or more of the following certifications (others may be considered): CISSP CISM CISA GSLC CCSP Security+ SSCP Role
Professional Number of Vacancies
1 Location
Honolulu – Oahu Hiring Range
The hiring range for the Senior Information Assurance Analyst [Req ID 9985] position is $107,700.00 to $139,800.00. The person selected will be placed according to skills and qualifications. About Hawaiian Electric Companies
Hawaiian Electric Companies provide electricity and services to 95 percent of the state’s 1.4 million residents. The company is a leading employer and supports community and educational programs. Applicant Certification
By submitting an application, candidates authorize the company to confirm statements contained in the application and related materials and to share information with the hiring department or subsidiary companies as permitted by law. They also authorize background investigations and release of personnel records for inter-company transfers as applicable. EEO Statement
Hawaiian Electric Companies are an equal opportunity employer, including disability and protected veteran status. Reasonable accommodation requests during the application process should be directed to the HR Service Center at (808) 543-4848.
#J-18808-Ljbffr
Senior Information Assurance Analyst – Oahu. Posting End Date: This position will remain open until filled. Early applications are encouraged. Job Function
Oversees or performs the assessments of Company systems and networks and identifies where those systems/networks deviate from cybersecurity policies, acceptable configurations, or guidance. Provides consulting-level knowledge and expertise for the Information Assurance (IA) division, including development and enforcement of cybersecurity policies and standards, cybersecurity risk management activities, IT and OT compliance, and secure integration of grid technologies and cloud services. Supports development of detailed plans and provides requirements for information systems’ security controls and security monitoring solutions. Performs security control reviews to validate that controls are designed and operating effectively. Develops policies, standards, and procedures to ensure that security controls are adequately designed. Essential Functions
Performs cybersecurity assessments and provides security control requirements for IT and OT projects, including externally hosted applications and grid technology projects. Develops and manages programs and processes for privacy, e-discovery, security awareness training, digital forensics, patch management, vulnerability remediation, and other security and compliance programs. Supports detailed review and approval processing for policies, processes, and procedures necessary to support the Company’s cybersecurity and compliance requirements. Ensures adequate internal controls, processes, practices, and standards are developed, maintained, and tested to meet the Company’s policy and compliance requirements. Supports business continuity planning, disaster recovery planning, and the Company’s Cybersecurity Incident Management Team (CS-IMT), with occasional on-call support. Participates in Company emergency response activities as assigned, including activities required to prepare for such response. Basic Qualifications
Knowledge Requirements Computer networking concepts and protocols, and network security methodologies. Risk management processes and methods for assessing and mitigating risk. Cybersecurity and privacy principles and organizational requirements (confidentiality, integrity, availability, authentication, non-repudiation). Laws, regulations, policies, and ethics related to cybersecurity and privacy. Cyber threats and vulnerabilities. Cryptography and cryptographic key management concepts. Data backup and recovery concepts. Host/network access control mechanisms (e.g., ACLs). Network access, identity, and access management (e.g., PKI, OAuth, OpenID, SAML). Traffic flows across networks (TCP/IP, OSI, ITIL). Programming language structures and logic. System and application security threats and vulnerabilities (e.g., XSS, injections, malware). Network attack concepts and their relation to threats and vulnerabilities. System administration, network, and operating system hardening techniques. Various attack types and attacker profiles (e.g., insider threats, nation-sponsored attacks). Cybersecurity frameworks and standards (NIST, ISO 27000 series, OWASP). Concepts of OT/SCADA security within utility environments. Skills Requirements Conducting vulnerability scans and recognizing vulnerabilities in security systems. Assessing the robustness of security systems and designs. Detecting host and network-based intrusions via IDS (e.g., Snort). Modeling threat behaviors and using penetration testing tools and techniques. Using social engineering techniques (phishing, baiting, tailgating). Using network analysis tools to identify vulnerabilities (e.g., fuzzing, Nmap). Reviewing logs to identify evidence of past intrusions. Conducting application vulnerability assessments and impact/risk assessments. Developing insights about an organization’s threat environment. Collaborating with teammates and communicating effectively in writing and verbally. Analyzing highly complex systems with analytical rigor and independent judgment. Operating autonomously with minimal direction. Experience Requirements
Advanced (7-10 years) analysis and/or leadership experience in a multi-level service or consulting organization, preferably in IT, application security, network security or quality assurance; information security experience is required. One or more of the following certifications (others may be considered): CISSP CISM CISA GSLC CCSP Security+ SSCP Role
Professional Number of Vacancies
1 Location
Honolulu – Oahu Hiring Range
The hiring range for the Senior Information Assurance Analyst [Req ID 9985] position is $107,700.00 to $139,800.00. The person selected will be placed according to skills and qualifications. About Hawaiian Electric Companies
Hawaiian Electric Companies provide electricity and services to 95 percent of the state’s 1.4 million residents. The company is a leading employer and supports community and educational programs. Applicant Certification
By submitting an application, candidates authorize the company to confirm statements contained in the application and related materials and to share information with the hiring department or subsidiary companies as permitted by law. They also authorize background investigations and release of personnel records for inter-company transfers as applicable. EEO Statement
Hawaiian Electric Companies are an equal opportunity employer, including disability and protected veteran status. Reasonable accommodation requests during the application process should be directed to the HR Service Center at (808) 543-4848.
#J-18808-Ljbffr