Cybersecurity Analyst II - Governance
Company: Ameren Services Company
Location: Saint Louis
Posted on: June 26, 2019
About The Position
The Cybersecurity Analyst II - Governance is responsible for
overseeing and carrying out the corporate cybersecurity program and
strategy, governance, risk management, cyber incident response,
policy, and cyber training, awareness, and outreach.
Key responsibilities include:
* Works with and supports the overall process for defining,
implementing, and enforcing cybersecurity policies, standards,
procedures and guidelines.
* Manages the SOX, PCI, and HIPAA compliance programs.
* Assists management with the overall cybersecurity strategy
development and socialization.
* Ensures that enterprise-wide security, privacy, and compliance
standards are enforced throughout the entire organization.
* Evaluates new and emerging products and technologies based on
security, compliance, and regulatory needs.
* Assists management with cybersecurity initiatives including
security, compliance, and regulatory consulting and subject matter
expertise support to Ameren business segments.
* Influences and supports the culture, values, and standards of the
* Initiates the development, modification, and retirement of
Cybersecurity policies and procedures.
* Supports annual re-certification of Policies.
* Reviews annually existing procedures for applicability.
* Supports discussions associated with Cybersecurity policies and
* Collaborates with internal and external parties that would
influence and/or impact existing policies. These include
Architects, Innovation Center, etc.
* Aligns policies to procedures. If procedures do not exist,
develop procedures. Newly developed procedures need to be
executable within a given period of time (18 months).
* Support the development of controls for cyber assets ensuring
applicability with the corporate policies and applicable
regulations in order to address active Cybersecurity risks
* Provide status updates for all activities for individual work
* Process the recurring residual risk assessments. Reviews and
processes residual risk forms and approvals.
* Assist in Cybersecurity risk assessments to monitor ongoing
maturity and capabilities.
* Performs cybersecurity risk management activities to include risk
modeling, analysis, and assessment.
* Support the risk management program to provide insight and data
to leadership to enable the prioritization of initiatives and
* Assist in IT Business Continuity program enhancement and
maintenance, which includes working with various stakeholders to
formalize and support the IT business continuity framework and
Bachelor's degree in Business, Computer Science, Management
Information Systems, Mathematics, Engineering other
computer-related degree from an accredited college or university
preferred. Professional certification, e.g. CISSP, GIAC, CISA,
preferred. Four or more years of experience in an enterprise
Information Technology department required. Three or more years of
experience in cybersecurity required. Experience with SCADA and/or
plant control systems preferred.
In addition to the above qualifications, the successful candidate
Proven analytical skills, able to make sound decisions with
ambiguous information and possess a high level of organizational
skills. Creative self-starter with strong interpersonal skills -
able to work effectively as a team and with various stakeholders at
all levels of the organization. Excellent communication skills,
including presentation, written and verbal.
Intermediate knowledge of managing and securing the following
technologies is preferred: Enterprise Windows and Linux clients,
servers, and networking, TCP/IP networking (routing, switching,
firewalling), Wireless security, Storage, database, and
virtualization security, Anti-virus, HIPS, Disk encryption, and
Data Loss Prevention, Network and endpoint security prevention and
detection, Vulnerability scanning and verification, and Log
collection and correlation. Intermediate knowledge in the following
areas is preferred: System policy and compliance verification
techniques, Auditing principles, Risk management concepts and
techniques, SOX, HIPAA,PCI, NERC CIP, TSA, and NRC cybersecurity
standards, Instructional design and training program development,
Assisting with incident response programs and activities, and
evaluating new and emerging technologies.
Ameren s selection process includes a series of interviews and may
include a leadership assessment process. Specific details will be
provided to qualified candidates.
All qualified applicants will receive consideration for employment
without regard to race, color, religion, sex, national origin,
disability or protected veteran status.
Keywords: Ameren Services Company, Florissant , Cybersecurity Analyst II - Governance, Professions , Saint Louis, Missouri
Didn't find what you're looking for? Search again!