Central Hudson Gas & Electric Information Security Risk and Compliance Analyst in Poughkeepsie, New York
- Competitive salaries
- Medical, Dental, and Vision insurance
- 401(k) Retirement Savings Plan
- Life Insurance
- Tuition Assistance
- Wellness reimbursement
- Travel Insurance
- Paid Holidays and Vacation
What is an Information Security Risk and Compliance Analyst?
This staff level role is within the Information Technology (IT) Technical Support’s Cyber Security group which conducts the company’s IT risk and compliance activities to protect the confidentiality, integrity, and availability of Central Hudson’s information and technical environments while also supporting enterprise goals and objectives.
What does an Information Security Risk and Compliance Analyst do?
Perform IT and critical application risk assessments while balancing business requirements against necessary security and process controls, including timely completion of risk mitigation action plans
Perform vendor security risk assessments to ensure proper security controls when providing company data to service organizations or cloud providers
Collaborate and coordinate with IT personnel in the documentation and performance of key processes and controls to meet SOX compliance requirements
Assist in performing or facilitating the performance of IT controls as part of SOX compliance requirements
Assist in the development and ongoing maintenance of security-related documentation including policies and procedures
Provide compliance support for all necessary regulatory requirements pertaining to IT and cyber security
Coordinate with internal auditors and outside consultants on control assessments, including gathering requested documentation for consultants and developing and implementing action plans to address any findings
Perform other duties as required and assigned
What does it take to be an Information Security Risk and Compliance Analyst?
An Associate’s Degree in Computer Information Systems, Computer Science, Information Security, Information Assurance, Management Information Systems or another relevant field, with at least 3 years of experience in IT Compliance, IT Risk Management, and/or IT Audit
In lieu of a degree, at least 5 years of experience in IT Compliance, IT Risk Management, and/or IT Audit
Familiarity with industry recognized best practices: NIST Cybersecurity Framework, NIST Special Publications, COBIT, ISO 27001, and/or Top 20 Critical Controls
Well-developed written/verbal communication and presentation skills, planning and organizational skills
Proven interpersonal, facilitation, negotiation, and problem/resolution skills
Must be able to work with minimal supervision and work well under pressure
Must have the ability to adapt to a variety of assignments
A Bachelor’s Degree in Computer Information Systems, Computer Science, Information Security, Information Assurance, Management Information Systems or another relevant field
One of the following certifications: CISA, CISM or CRISC
Please go to www.centralhudson.com/employment. Click the “Search Career Opportunities” button. Follow the directions to submit an application and upload your resume for the desired position. Applications sent via e-mail and US Mail will not be accepted. No phone calls or agencies, please. All replies will be held in strict confidence.
All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or protected veteran status. Central Hudson Gas & Electric Corporation takes affirmative action in support of its policy to employ and advance in employment individuals who are minorities, women, protected veterans, and individuals with disabilities.
VEVRAA FEDERAL CONTRACTOR
Location: Poughkeepsie, NY
Employment Duration: Full Time