IT - Cyber Security Technology Business Risk Advisor/Analyst - Senior
San Francisco, CA 94105
Blackstone Technology Group, an award-winning technology consulting and talent agency is seeking a IT - Cyber Security Technology Business Risk Advisor/Analyst - Senior to join our team at our client s site in San Francisco, CA.
- Significant contributor to security vision, strategy, planning and leadership for the design, development, implementation and support of technology risk management framework for the Electric line of business to achieve its objectives.
- Contributes to successful implementation of security into new/enhanced systems to meet scope, schedule, and budget. Recommends risk-based prioritization for security within technology roadmaps.
- Scope the assessment of risks and the execution of plans to mitigate the risks.
- Proactively provides expert knowledge of industry trends and technologies as it relates to specific opportunities where security can enhance value to the business and/or addresses a specific business need.
- Contributes to technology risk-based investment planning through risk-integration with BTLs.
- Identifies risk opportunities to make IT and business processes more effective and efficient.
- May direct the implementation of improvement (mitigation) initiatives.
- Drive compliance to standards/regulations and governance processes as it relates to the line of business.
Core Responsibilities: Overall operations arm of the risk management function.
- Develops and operates enterprise technology risk dashboard.
- Analyzes supply & demand and for all risk assessment activities to develop schedule with A&V team.
- Accountable for development of security business (quality) requirements.
- Acts as a liaison to operations and CTO to drive improvement based on patterns.
- Drafts risk exception reporting, where applicable.
- Works with Risk Advisory team to develop mitigation plans.
- Establishes and maintains security metrics.
- Manages and accountable for the development of the risk scenario library.
- Supply and demand forecast.
- Security requirements
- Overall risk assessment master schedule.
- Reporting standards and templates.
- Risk mitigation plans and Security metrics.
- Excellent planning, organizational and project management skills; detail and process-oriented; able to juggle multiple priorities in a fast-paced environment
- Understanding of information security concepts and strategy
- Understands information security holistically and how it relates to business goals
- Understanding of risk assessment and risk analysis frameworks Outstanding problem-solving/decision making ability
- Excellent written and verbal communication skills, able to explain complex issues in clear and concise terms
- First class documentation skills
- Exceptional interpersonal skills, including teamwork, facilitation and negotiation
- Highly collaborative, able to work cross-functionally; possessing the ability to forge relationships and partner effectively
Experience with enterprise security in a complex, multi-platform environment including SCADA, ICS, and other complex technology platforms
Experience with regulatory requirements (Nerc-CIP, SOX, FCC, SB 1386/1746, etc.)
Utility industry and/or operational technology experience strongly preferred
Cyber/information security management policies, procedures, regulations and governance processes, Information Systems/Network Security, System Security Analysis, Information Assurance Compliance
Risk management techniques, technological trends and developments in cyber/information security, systems/software development, engineering, integration, testing and evaluation and operating systems Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), or equivalent
Mastery of Cybersecurity best practices and standards (e.g. NIST, ISO, etc.)
Mastery of computer networking concepts and protocols, and network security methodologies
Mastery of cloud security concepts, including experience with public cloud (e.g. AWS, Microsoft Azure, etc.) and implementation experience
- Minimum of 2 years of leading a team in an IT/OT function CISSP certification, or ability to obtain via self-study within one year of date of hire, other relevant IT or security certifications.
Blackstone is a global IT services and solutions firm that implements digital transformation solutions across commercial industry verticals and the US Federal Government. Blackstone was founded in 1998, and has offices in San Francisco, Denver, Houston, Colorado Springs, and Washington, DC. We specialize in IT staffing and place both technical and creative talent across a variety of industries and sectors.
EOE of Minorities/Females/Veterans/Disabilities