PNM Resources
Sr Information Security Analyst Developer
PNM Resources, Texas City Terminal Junction, Texas, United States
Overview
Sr Information Security Analyst Developer Department: Information Security Posting deadline: This position is posted until filled. Responsibilities
Acts as an IT security subject matter expert and technical consultant for security initiatives. Functions as technical engineer, system architect and operational support for the Identity Management (IDM) suite of products. Analyzes the security of systems and applications, and develops security baselines to protect information against unauthorized access. Conducts forensic investigations including investigations done in coordination with other departments. Assesses, designs, and recommends security access requirements for systems and applications; creates ad hoc reports for review. Collaborates with enterprise architecture on the development of system and application security standards and baselines. Provisions electronic access for supported systems and applications in accordance with the Enterprise Access Provisioning Program. Ensures all access issues are handled in a timely manner and that supported systems are functioning properly. Creates, modifies and deletes profiles and other access controls as part of the RBAC program. Provides routine reaccreditation of existing users and associated entitlements. Produces evidence in support of Company policies and regulatory requirements, such as SOX and NERC CIP. Participates in projects as a subject matter expert in support of business initiatives; ensures project work is completed in a timely manner in accordance with Information Security policies, programs and standards; oversees and continuously improves the Enterprise Access Provisioning Program. Performs user access reviews supporting Company investigation needs; assists with data preservation requests for litigation holds; conducts digital forensics in support of the Information Security program. Ensures teamwork to reduce security exposures. Competencies
Strong knowledge of Company business practices and familiarity with Company products and services. Strong knowledge of digital forensic steps and incident response. Ability to develop and make recommendations for complex security processes, procedure improvements and management level security standards. Ability to identify best practices for security risk assessments, policies, standards and processes. Extensive policy, process, and standard development experience. Ability to demonstrate leadership skills and provide guidance to less experienced team members. Qualifications
Minimum Education and/or Experience:
Bachelor\'s degree from a four-year college or university in Information Resource Management, Business Computer Systems, Computer Science or Computer Security with five to seven years related experience, or equivalent combination of education and/or experience related to the discipline. Communication Skills:
Ability to maintain positive and productive working relationships with various individuals and groups; ability to recognize and initiate complex tasks without direction; ability to read and interpret technical manuals and reports, instructional documents, and procedure manuals; ability to write procedural documentation and user instructions; ability to speak effectively with various individuals, groups, and vendors. Mathematical Skills:
Ability to calculate figures and amounts such as discounts, interest, commissions, proportions, percentages, area, circumference, and volume; ability to apply concepts of basic algebra and geometry. Computer Skills:
In-depth knowledge and experience with Linux/UNIX servers, client & server applications and information security issues; in-depth knowledge of Microsoft, Linux and UNIX server security functionality; in-depth knowledge of related security software; in-depth knowledge of database product security technology, specifically Oracle and SQL, and general knowledge of physical security methods. Analysis and Problem-Solving:
Ability to understand and assimilate complex technical information; ability to solve partial problems and deal with a variety of concrete variables in situations where only limited standardization exists; ability to interpret a variety of instructions furnished in written, oral, diagram or schedule form. Decision Making:
Ability to make access management and provisioning decisions without direction, in accordance with Company policies and programs. Examines potential areas for service improvement and makes recommendations for changes to senior staff or management. Physical Demands and Work Environment
Physical Demands:
While performing the duties of this job, the employee is regularly required to sit up to 2/3 of the time and talk and listen for long periods of time. Work Environment:
Office environment. Safety and ADA Statement
Safety Statement:
Safety is a core value at (TXNM Energy/PNM/TNMP) and our vision, "everyone goes home safe", reflects our commitment to promoting an environment conducive to learning, improving and building safety practices. Our safety value is built upon the belief that every employee deserves to work in an environment free from harm. Americans with Disabilities Act (ADA) Statement:
If you require assistance with the job application process due to a disability, please contact HR ADA Analyst, at 505-241-4627. PI278368397
#J-18808-Ljbffr
Sr Information Security Analyst Developer Department: Information Security Posting deadline: This position is posted until filled. Responsibilities
Acts as an IT security subject matter expert and technical consultant for security initiatives. Functions as technical engineer, system architect and operational support for the Identity Management (IDM) suite of products. Analyzes the security of systems and applications, and develops security baselines to protect information against unauthorized access. Conducts forensic investigations including investigations done in coordination with other departments. Assesses, designs, and recommends security access requirements for systems and applications; creates ad hoc reports for review. Collaborates with enterprise architecture on the development of system and application security standards and baselines. Provisions electronic access for supported systems and applications in accordance with the Enterprise Access Provisioning Program. Ensures all access issues are handled in a timely manner and that supported systems are functioning properly. Creates, modifies and deletes profiles and other access controls as part of the RBAC program. Provides routine reaccreditation of existing users and associated entitlements. Produces evidence in support of Company policies and regulatory requirements, such as SOX and NERC CIP. Participates in projects as a subject matter expert in support of business initiatives; ensures project work is completed in a timely manner in accordance with Information Security policies, programs and standards; oversees and continuously improves the Enterprise Access Provisioning Program. Performs user access reviews supporting Company investigation needs; assists with data preservation requests for litigation holds; conducts digital forensics in support of the Information Security program. Ensures teamwork to reduce security exposures. Competencies
Strong knowledge of Company business practices and familiarity with Company products and services. Strong knowledge of digital forensic steps and incident response. Ability to develop and make recommendations for complex security processes, procedure improvements and management level security standards. Ability to identify best practices for security risk assessments, policies, standards and processes. Extensive policy, process, and standard development experience. Ability to demonstrate leadership skills and provide guidance to less experienced team members. Qualifications
Minimum Education and/or Experience:
Bachelor\'s degree from a four-year college or university in Information Resource Management, Business Computer Systems, Computer Science or Computer Security with five to seven years related experience, or equivalent combination of education and/or experience related to the discipline. Communication Skills:
Ability to maintain positive and productive working relationships with various individuals and groups; ability to recognize and initiate complex tasks without direction; ability to read and interpret technical manuals and reports, instructional documents, and procedure manuals; ability to write procedural documentation and user instructions; ability to speak effectively with various individuals, groups, and vendors. Mathematical Skills:
Ability to calculate figures and amounts such as discounts, interest, commissions, proportions, percentages, area, circumference, and volume; ability to apply concepts of basic algebra and geometry. Computer Skills:
In-depth knowledge and experience with Linux/UNIX servers, client & server applications and information security issues; in-depth knowledge of Microsoft, Linux and UNIX server security functionality; in-depth knowledge of related security software; in-depth knowledge of database product security technology, specifically Oracle and SQL, and general knowledge of physical security methods. Analysis and Problem-Solving:
Ability to understand and assimilate complex technical information; ability to solve partial problems and deal with a variety of concrete variables in situations where only limited standardization exists; ability to interpret a variety of instructions furnished in written, oral, diagram or schedule form. Decision Making:
Ability to make access management and provisioning decisions without direction, in accordance with Company policies and programs. Examines potential areas for service improvement and makes recommendations for changes to senior staff or management. Physical Demands and Work Environment
Physical Demands:
While performing the duties of this job, the employee is regularly required to sit up to 2/3 of the time and talk and listen for long periods of time. Work Environment:
Office environment. Safety and ADA Statement
Safety Statement:
Safety is a core value at (TXNM Energy/PNM/TNMP) and our vision, "everyone goes home safe", reflects our commitment to promoting an environment conducive to learning, improving and building safety practices. Our safety value is built upon the belief that every employee deserves to work in an environment free from harm. Americans with Disabilities Act (ADA) Statement:
If you require assistance with the job application process due to a disability, please contact HR ADA Analyst, at 505-241-4627. PI278368397
#J-18808-Ljbffr