NiSource IT Security Analyst - Job Family in Columbus, Ohio

The IT Security Analyst helps lead and manage the provision of outsourced security services and application of IT Security policies and procedures for all NiSource business units and control networks. This role works closely with the Director of IT Security and Manager IT Security to ensure that Security Services are provided within the scope of the Service contract as reflected by service levels, the statement of work and pertinent schedules/exhibits. This role also works closely with the Service Provider Delivery management team to track and monitor the overall progress of IT Security Operations processes and small- to medium-sized Security Services projects.Key outcomes for success include:

Supporting IT Security Operations processes to ensure effectiveness and efficiencies

Assist and support the ongoing assessment and improvement of the NiSource Security posture

Essential Responsibilities:

Under the direction of the Director of IT Security or the Manager IT Security, performs routine assignments in the IT Analyst job band

Respond and participate in management of investigations related to security breaches, incidents and outbreaks in alignment with NiSource IT Management and Security Service provider

Participate in coordination of efforts of the Cyber Emergency Response Team (CERT)

Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk.

Work closely with other IT Departments, business partners, project managers, and Service Providers to perform and/or support operations processes.

Help drive resolution of security operational and service-based issues, reviewing, analyzing and reporting on Service Provider operations, as directed by the Manager IT Security Operations

Resolve or escalate issues related to security operations in a timely manner

Work with of legal hold/preservation order system coordinate with in-house counsel to collect electronic data for internal review as appropriate

Work closely with the IT Support Services to resolve Service Provider related issues and to help ensure accurate reporting related to Service Provider performance

Work closely with NiSource project managers and Service Provider personnel to help track and monitor projects that meet business needs and adhere to agreed-upon service levels (e.g., budget, schedule, quality)

Create and revise policies and procedures to ensure operating efficiency and regulatory compliance.

Facilitate audits of processes related to Security Services.

Assist in ensuring the Service Providers are adhering to NiSources defined policies, procedures and standards.

Confirm that Security Services supporting and procedures documentation is available and kept up-to-date

Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.

Maintain a solid understanding of the Service Providers security operations and service delivery capabilities and processes

Interact with Service Provider team members, helping to ensure they are properly qualified and staffed appropriately to meet NiSource business needs

Maintain a solid understanding of the scope of the Service contracts as reflected by service levels, statement of work and pertinent schedules/exhibits

Other duties as assigned.

Required for Selection:

Bachelors Degree or equivalent work experience that provides knowledge and exposure to fundamental theories, principles, and concepts of IT Security

2-3 years of experience in security services or security analysis, deployment and support

Working knowledge of LAN, WAN and VPN technologies

Understanding of OSI model and the role security plays within the stack

Broad understanding of IT Risks and Controls and ability to apply risk and control concepts.

Basic knowledge of the NIST Cybersecurity Framework.

Strong grasp of data privacy, protection, risks and controls.

Experience working closely with service providers, as directed by Management

Knowledge of IT security tools and components, trends and best practices

A strong understanding of the business impact of security tools, technologies and policies.

Solid skills with computer operating systems (Microsoft Windows, Unix, Macintosh and Mainframe) and software (MS Office Suite, MS Project, and other IT applications) and ability to learn new technical concepts quickly

Excellent analytical abilities, including process analysis and development, problem solving and root cause analysis

Strong teaming skills, collaboration, negotiation, communication, organizational, people management and conflict resolution skills

Ability to work in a confidential environment

Willing to travel to NiSource business unit or Service Provider locations, as needed

Willingness to be on call or respond to security situations as required by Management

Preferred for Selection:

NiSource business operations knowledge

Vulnerability scanning experience

Malware analysis and Threat analysis

Performing / managing Penetration Testing

General working knowledge of the gas and electric utility industry

Involvement with and comprehensive knowledge of networking fundamentals (routing, firewalls, load balancing, etc.) and network traffic analysis

Experience in viewing and interpreting Windows event log analysis as well as overall security log management

Knowledge of ITIL processes and metrics

Familiarity with applicable legal and regulatory requirements, including, but not limited to, the Sarbanes-Oxley Act, FERC, NERC/CIP.

Senior Analyst

4+ years of IT Security experience in varying support functions

Working experience with ITIL processes and metrics (ITIL V3 certification a plus)

Demonstrated skills in penetration testing, intrusion detection systems, firewall deployment and management, vulnerability assessments, incident response and/or patch management required

Effective written and verbal communication

Understands and applies Project Management Fundamentals

Proven track record in managing project (s)

Can work independently in the assigned functional domain

Subject matter expert in one or more of the following in an Enterprise Environment:

Operating systems Windows, Unix, Linux, etc.

Virtualization or Container technologies, VMware, Hyper-V, Citrix, VDI, Docker, etc.

Patch management tools and systems.

Networking including routers, switches, and firewalls

Endpoint Protection

Active Directory, Network Access Control, IDS/IPS, HIDS, SIEM, MDM/EMM, etc.

Lead Analyst

6+ years of IT experience in varying support functions

Demonstrated experience in leading multiple process improvement initiatives

Experience Developing a security program and delivering security projects that address identified risks and business security requirements.

Excellent written and verbal communication

Understands Project Management Fundamentals (PMP certification is a plus)

Proven track record in leading successful delivery of technical projects

Can work independently in multiple functional domains

Possess and maintain at least one of the following certifications:

GIAC Security Essentials (GSEC)

Certified Information Systems Security Professional (CISSP)

Certified Ethical Hacker (CEH)

Systems Security Certified Practitioner (SSCP)

EC-Council Certified Security Analyst (ESCA)

CompTIA Security+ (Security+)

Cisco Certified Network Associate - Security (CCNA-S)

Value inclusion within your day to day responsibilities by respecting others perspectives/convictions, engaging others opinions, creating a safe environment where people, ideas, and opinions are valued within your Team/Customers and external partners.Respect and take into consideration diversity within your Team/Customers and external work partners by valuing different world views, challenges, and cultures that represent all walks of life and all backgrounds.Treat others with respect and consideration. Actively participate in creating and contributing to a positive work environment.

For immediate consideration, please apply on-line at on or before August 10th!

NiSource is committed to providing equal employment opportunities in each of its companies to all employees and applicants for employment without regard to race, color, religion, national origin or ancestry, veteran status, disability, gender, age, marital status, sexual orientation, gender identity, genetic information, or any protected group status as defined by law. Each employee is expected to abide by this principle.By applying, you may be considered for other job opportunities.

Job Family: Information Technology