Program Business Analyst
Northern Virginia Electric Cooperative (NOVEC) is currently looking for a Program Business Analyst to join our team in the Manassas, VA office. This role will be responsible for planning, establishing, documenting, leading and working with NOVEC IT in the implementation and ongoing oversight of the NOVEC Cyber Security and PMO related program audits to ensure compliance with the industry best practices.
ESSENTIAL DUTIES AND RESPONSIBILITIES will include, but are not limited to, the following:
- Develop “best practices” procedures, polices, standards and methods for Cyber Security Program in NOVEC IT including Cyber Security Audit procedures, checklist and metrics.
- Define documents and update NOVEC cyber assets and the associated electronic security perimeter (ESP) and physical security perimeter; manage technical and procedural controls to enforce and monitor electronic and physical access to cyber assets to ensure CIP compliance.
- Ensure controls are in place to monitor and control on-site and off-site contractor personnel with access to NOVEC cyber assets.
- Assist in NOVEC IT configuration management program and patch management hardware and software cyber assets; assist in the Change Control Board activities.
- Maintain security status monitoring program and incident response management. Update and conduct annual exercises for the NOVEC Incident Response Plan.
- Establish and execute cyber security employee awareness programs and training programs for high-end cyber asset users including Phishing test campaigns.
- Actively participate in auditing physical security controls and configuration of endpoint security controls and analyze and evaluate application and data security.
- Keep abreast of cyber security regulatory requirements, industry standards and cyber security threats.
EDUCATION AND/OR EXPERIENCE:
Bachelor’s degree in Computer Science, Information Systems, Cyber Security or a directly related technical field is required or equivalent combination of education and related experience. Experience with common NIST Cybersecurity Framework, ITIL, COBIT, etc. is desired. Any IT audit related professional certification is preferred. Knowledge in CIS (Center for Internet Security) practices is highly preferred.
Minimum one year of experience working with the area of IT audits is required. Experience and knowledge of cyber security planning and implementation of related activities is required. Progressive experience managing Cyber Security projects and familiarity with IT configuration management and software patch management processes and procedures is desired.
SKILLS AND ABILITIES:
- Demonstrated ability to apply analytical methodology to problem solving and decision making and relate theoretical and/or technical concepts to practical application.
- Demonstrated ability to anticipate and meet rapidly changing customer and business needs while motivating team members and stakeholders by focusing on the highest priority objectives.
- Demonstrated ability to communicate effectively and efficiently with all levels of staff and the general public both orally and in writing while maintaining professionalism under all circumstances.
- Sound problem resolution, judgment, business analysis, and decision-making skills.
- Demonstrated knowledge of IT and cyber security concepts and practices.
- Demonstrated ability to produce results in a data intensive environment. Demonstrated ability to quickly learn and understand information systems requirements to produce results.
- Demonstrated ability to handle and maintain integrity of sensitive material and confidential business data.
- Demonstrated organizational and analytical skills and abilities.
- Ability to perform job responsibilities in a timely and accurate manner within established guidelines under minimal supervision while providing superior customer service.
NOVEC does not provide sponsorship for this position.
To get started on this great opportunity, please send your resume with salary requirements to: email@example.com.
NOVEC is an equal opportunity provider and employer.