Information Technology Security Analyst

The Information Technology Security Analyst is responsible for the assessment, design, development, deployment, monitoring, compliance and maintenance of the comprehensive information technology and cyber security programs across the technology ecosystem. Success in this role is defined by successfully identifying, planning for and mitigating the modern threat landscape, including identifying threat actors, attack vectors and threat techniques and then recommending and implementing effective protective and adaptive technologies, techniques and training to reduce overall risk and exposure, as well as the ability to recover quickly and completely from a successful attack incident.

What You’ll Do:

• Roll-up your sleeves and perform a hands-on role in all areas of information technology and cyber security management.
• Develop protocols, procedures, and training to protect all fleet assets. Implement the appropriate security framework for compliance requirements.
• Maintain records of systems and resources to ensure ongoing compliance.
• Adapt to competing demands, evolving threats, and new responsibilities.
• Assist with shipping and provisioning hardware.
• Additional duties as assigned.

Must Haves:

• Demonstrated capability to assist in developing information technology and cyber security programs based on accepted security frameworks.
• Understanding of Information Security frameworks ISO 27001, NIST 800-53 and NIST CSF.
• A minimum of 5 years of progressively responsible experience in hands-on application of information technology and cyber security.
• General knowledge of utility industry and the challenges facing the industry as well as an understanding of utility processes/programs and regulations including NERC CIP (preferred).
• Experience with operational technologies (SCADA, ADMS, DERMS, EAM, GIS) (preferred).
• Cybersecurity auditing experience (preferred).
• Microsoft 365 Admin/Azure experience.
• Strong customer service skills, capable of effectively addressing and resolving user inquiries and issues.

Education and Certifications:

• Bachelor’s degree in Computer Science, Computer Technology, Information Technology, Cybersecurity or a related field
• Advanced degree in Computer Science, Cybersecurity or related fields is a plus
• Required Certification: CISSP
• Desirable Certifications: CRISC, CISM, CCSP, CEH

Working Environment

• Preferred location Asheville, NC with monthly travel to asset locations 
• Remote with ability to travel once a month to office and asset locations