Central Hudson Gas & Electric Information Security Risk and Compliance Analyst in Poughkeepsie, New York

Benefits:

  • Competitive salaries
  • Medical, Dental, and Vision insurance
  • 401(k) Retirement Savings Plan
  • Life Insurance
  • Tuition Assistance
  • Wellness reimbursement
  • Travel Insurance
  • Paid Holidays and Vacation

What is an Information Security Risk and Compliance Analyst?

This staff level role is within the Information Technology (IT) Technical Support’s Cyber Security group which conducts the company’s IT risk and compliance activities to protect the confidentiality, integrity, and availability of Central Hudson’s information and technical environments while also supporting enterprise goals and objectives.

What does an Information Security Risk and Compliance Analyst do?

  • Perform IT and critical application risk assessments while balancing business requirements against necessary security and process controls, including timely completion of risk mitigation action plans

  • Perform vendor security risk assessments to ensure proper security controls when providing company data to service organizations or cloud providers

  • Collaborate and coordinate with IT personnel in the documentation and performance of key processes and controls to meet SOX compliance requirements

  • Assist in performing or facilitating the performance of IT controls as part of SOX compliance requirements

  • Assist in the development and ongoing maintenance of security-related documentation including policies and procedures

  • Provide compliance support for all necessary regulatory requirements pertaining to IT and cyber security

  • Coordinate with internal auditors and outside consultants on control assessments, including gathering requested documentation for consultants and developing and implementing action plans to address any findings

  • Perform other duties as required and assigned

What does it take to be an Information Security Risk and Compliance Analyst?

Required:

  • An Associate’s Degree in Computer Information Systems, Computer Science, Information Security, Information Assurance, Management Information Systems or another relevant field, with at least 3 years of experience in IT Compliance, IT Risk Management, and/or IT Audit

  • In lieu of a degree, at least 5 years of experience in IT Compliance, IT Risk Management, and/or IT Audit

  • Familiarity with industry recognized best practices: NIST Cybersecurity Framework, NIST Special Publications, COBIT, ISO 27001, and/or Top 20 Critical Controls

  • Well-developed written/verbal communication and presentation skills, planning and organizational skills

  • Proven interpersonal, facilitation, negotiation, and problem/resolution skills

  • Must be able to work with minimal supervision and work well under pressure

  • Must have the ability to adapt to a variety of assignments

Preferred:

  • A Bachelor’s Degree in Computer Information Systems, Computer Science, Information Security, Information Assurance, Management Information Systems or another relevant field

  • One of the following certifications: CISA, CISM or CRISC

Please go to www.centralhudson.com/employment. Click the “Search Career Opportunities” button. Follow the directions to submit an application and upload your resume for the desired position. Applications sent via e-mail and US Mail will not be accepted. No phone calls or agencies, please. All replies will be held in strict confidence.

All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or protected veteran status. Central Hudson Gas & Electric Corporation takes affirmative action in support of its policy to employ and advance in employment individuals who are minorities, women, protected veterans, and individuals with disabilities.

VEVRAA FEDERAL CONTRACTOR

Location: Poughkeepsie, NY

Employment Duration: Full Time