NiSource IT Security Analyst - Job Family in Columbus, Ohio
The IT Security Analyst helps lead and manage the provision of outsourced security services and application of IT Security policies and procedures for all NiSource business units and control networks. This role works closely with the Director of IT Security and Manager IT Security to ensure that Security Services are provided within the scope of the Service contract as reflected by service levels, the statement of work and pertinent schedules/exhibits. This role also works closely with the Service Provider Delivery management team to track and monitor the overall progress of IT Security Operations processes and small- to medium-sized Security Services projects.Key outcomes for success include:
Supporting IT Security Operations processes to ensure effectiveness and efficiencies
Assist and support the ongoing assessment and improvement of the NiSource Security posture
Under the direction of the Director of IT Security or the Manager IT Security, performs routine assignments in the IT Analyst job band
Respond and participate in management of investigations related to security breaches, incidents and outbreaks in alignment with NiSource IT Management and Security Service provider
Participate in coordination of efforts of the Cyber Emergency Response Team (CERT)
Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk.
Work closely with other IT Departments, business partners, project managers, and Service Providers to perform and/or support operations processes.
Help drive resolution of security operational and service-based issues, reviewing, analyzing and reporting on Service Provider operations, as directed by the Manager IT Security Operations
Resolve or escalate issues related to security operations in a timely manner
Work with of legal hold/preservation order system coordinate with in-house counsel to collect electronic data for internal review as appropriate
Work closely with the IT Support Services to resolve Service Provider related issues and to help ensure accurate reporting related to Service Provider performance
Work closely with NiSource project managers and Service Provider personnel to help track and monitor projects that meet business needs and adhere to agreed-upon service levels (e.g., budget, schedule, quality)
Create and revise policies and procedures to ensure operating efficiency and regulatory compliance.
Facilitate audits of processes related to Security Services.
Assist in ensuring the Service Providers are adhering to NiSources defined policies, procedures and standards.
Confirm that Security Services supporting and procedures documentation is available and kept up-to-date
Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.
Maintain a solid understanding of the Service Providers security operations and service delivery capabilities and processes
Interact with Service Provider team members, helping to ensure they are properly qualified and staffed appropriately to meet NiSource business needs
Maintain a solid understanding of the scope of the Service contracts as reflected by service levels, statement of work and pertinent schedules/exhibits
Other duties as assigned.
Required for Selection:
Bachelors Degree or equivalent work experience that provides knowledge and exposure to fundamental theories, principles, and concepts of IT Security
2-3 years of experience in security services or security analysis, deployment and support
Working knowledge of LAN, WAN and VPN technologies
Understanding of OSI model and the role security plays within the stack
Broad understanding of IT Risks and Controls and ability to apply risk and control concepts.
Basic knowledge of the NIST Cybersecurity Framework.
Strong grasp of data privacy, protection, risks and controls.
Experience working closely with service providers, as directed by Management
Knowledge of IT security tools and components, trends and best practices
A strong understanding of the business impact of security tools, technologies and policies.
Solid skills with computer operating systems (Microsoft Windows, Unix, Macintosh and Mainframe) and software (MS Office Suite, MS Project, and other IT applications) and ability to learn new technical concepts quickly
Excellent analytical abilities, including process analysis and development, problem solving and root cause analysis
Strong teaming skills, collaboration, negotiation, communication, organizational, people management and conflict resolution skills
Ability to work in a confidential environment
Willing to travel to NiSource business unit or Service Provider locations, as needed
Willingness to be on call or respond to security situations as required by Management
Preferred for Selection:
NiSource business operations knowledge
Vulnerability scanning experience
Malware analysis and Threat analysis
Performing / managing Penetration Testing
General working knowledge of the gas and electric utility industry
Involvement with and comprehensive knowledge of networking fundamentals (routing, firewalls, load balancing, etc.) and network traffic analysis
Experience in viewing and interpreting Windows event log analysis as well as overall security log management
Knowledge of ITIL processes and metrics
Familiarity with applicable legal and regulatory requirements, including, but not limited to, the Sarbanes-Oxley Act, FERC, NERC/CIP.
4+ years of IT Security experience in varying support functions
Working experience with ITIL processes and metrics (ITIL V3 certification a plus)
Demonstrated skills in penetration testing, intrusion detection systems, firewall deployment and management, vulnerability assessments, incident response and/or patch management required
Effective written and verbal communication
Understands and applies Project Management Fundamentals
Proven track record in managing project (s)
Can work independently in the assigned functional domain
Subject matter expert in one or more of the following in an Enterprise Environment:
Operating systems Windows, Unix, Linux, etc.
Virtualization or Container technologies, VMware, Hyper-V, Citrix, VDI, Docker, etc.
Patch management tools and systems.
Networking including routers, switches, and firewalls
Active Directory, Network Access Control, IDS/IPS, HIDS, SIEM, MDM/EMM, etc.
6+ years of IT experience in varying support functions
Demonstrated experience in leading multiple process improvement initiatives
Experience Developing a security program and delivering security projects that address identified risks and business security requirements.
Excellent written and verbal communication
Understands Project Management Fundamentals (PMP certification is a plus)
Proven track record in leading successful delivery of technical projects
Can work independently in multiple functional domains
Possess and maintain at least one of the following certifications:
GIAC Security Essentials (GSEC)
Certified Information Systems Security Professional (CISSP)
Certified Ethical Hacker (CEH)
Systems Security Certified Practitioner (SSCP)
EC-Council Certified Security Analyst (ESCA)
CompTIA Security+ (Security+)
Cisco Certified Network Associate - Security (CCNA-S)
Value inclusion within your day to day responsibilities by respecting others perspectives/convictions, engaging others opinions, creating a safe environment where people, ideas, and opinions are valued within your Team/Customers and external partners.Respect and take into consideration diversity within your Team/Customers and external work partners by valuing different world views, challenges, and cultures that represent all walks of life and all backgrounds.Treat others with respect and consideration. Actively participate in creating and contributing to a positive work environment.
For immediate consideration, please apply on-line at careers.nisource.com on or before August 10th!
NiSource is committed to providing equal employment opportunities in each of its companies to all employees and applicants for employment without regard to race, color, religion, national origin or ancestry, veteran status, disability, gender, age, marital status, sexual orientation, gender identity, genetic information, or any protected group status as defined by law. Each employee is expected to abide by this principle.By applying, you may be considered for other job opportunities.
Job Family: Information Technology