NOVEC
Location
Manassas, VA | United States
Job description
OVERVIEW OF ROLE:
Join our team as a Cyber Security Business Analyst, where you will take on a pivotal role in planning, establishing, and documenting cyber security initiatives. Working collaboratively with NOVEC IT, you'll lead the implementation and ongoing oversight of the NOVEC cyber security and PMO-related program audits. Your expertise will be crucial in ensuring compliance with industry best practices, and you'll play a key role in developing and delivering employee cyber training programs. If you are a detail-oriented professional with a passion for cyber security and a knack for strategic planning, we invite you to apply and contribute to the enhancement of our organization's cyber resilience. Be part of a dynamic team dedicated to safeguarding our digital assets and ensuring the highest standards of security across our operations.
ESSENTIAL DUTIES AND RESPONSIBILITIES :
Develops "best practices" procedures, policies, standards, and methods for the Cyber Security Program in NOVEC IT, including Cyber Security Audit procedures, checklists, and metrics.
Defines documents and updates NOVEC cyber assets and the associated electronic security perimeter (ESP) and physical security perimeter; manages technical and procedural controls to enforce and monitor electronic and physical access to cyber assets to ensure CIP compliance.
Maintains security status monitoring program and incident response management. Updates and conducts annual exercises for the NOVEC Incident Response Plan.
Actively participate in various IT auditing security controls, including audits for the configuration of endpoint security controls and analyzing and evaluating the application and data security controls.
Keeps abreast of cyber security regulatory requirements, industry standards, and cyber security threats.
Establishes and executes cyber security employee awareness programs and training programs, including Phishing test campaigns.
Assists in NOVEC IT configuration management program and patch management of hardware and software cyber assets; assists in the Change Control Board activities.
Serves as a liaison between the cybersecurity team and other business units, facilitating effective communication and collaboration to align security measures with business objectives.
Assists in developing incident response plans and actively participating in incident response activities, including identifying root causes and suggesting improvements to prevent future incidents.
Regularly creates and submits monthly reports on various aspects, including SLA SD reports for executives, phish test reports, CCB (Change Control Board) reports, vulnerabilities reports, and quarterly cybersecurity training reports.
Manages various tasks within the cyber security team, such as tracking due dates and cyber-related projects for the year, working with the Senior Cyber Security Engineer, assisting with tracking action items, handling VPN approvals and training, managing USB access requests, vendor approvals, and tracking, renewing vendor VPN agreements, maintaining the Security Assessment tracker, maintaining email/domain block lists, and reviewing reports and tickets.
Handles Vulnerability Management tasks, including building and maintaining dashboards and reports, documenting risk-accepted vulnerabilities, and uploading monthly reports to the intranet.
Conducting staff meetings to develop and implement present and future cybersecurity plans and monitoring and revising strategies and programs.
Other related duties may be assigned.
EDUCATION AND/OR EXPERIENCE :
Bachelor's degree in computer science, information systems, cyber security, or a directly related technical field required or an equivalent combination of education and related experience.
A minimum of one year of experience working in IT audits is required. Experience and knowledge of cyber security planning and implementation of related activities are required. Progressive experience managing Cyber Security projects and familiarity with IT configuration management and software patch management processes and procedures is desired.
Knowledge of creating or automating reports using tools like Tableau or power BI will be extremely helpful in this job.
PROFESSIONAL SKILLS AND ABILITIES :
Demonstrated knowledge of IT and cyber security concepts and practices.
Ability to apply analytical methodology to problem-solving and decision-making and relate theoretical and/or technical concepts to practical application.
Demonstrated organizational and analytical skills and abilities. This includes technical skills for enhanced reporting metrics such as creating and maintaining dashboards.
Demonstrated ability to produce results in a data-intensive environment. Demonstrated ability to quickly learn and understand information systems requirements to produce results.
WHAT WE OFFER:
NOVEC is an equal opportunity employer and participates in E-Verify. We do not provide sponsorship for this position.
Job Posted by ApplicantProJob tags
Salary