Job Summary (Why does job exist?)
This position is responsible for actively protecting Longview Power’s technology assets and financial data from external and internal threats. Responsibility includes planning, implementing, overseeing and maintaining networks and security-related projects.
ESSSENTIAL DUTIES AND RESPONSIBILITIES
- Develop and implement an information security program for Longview Power in coordination with the Managers and Netserve.
- Develop and maintain a working relationship with 3rd Party service providers responsible for providing technology consulting. Work with business unit executives and service providers to introduce required Cyber Security functionalities into the environment.
- Establish, review and edit security strategy, standards, processes, procedures, policies, guidelines, etc. as needed.
- Maintains compliance with the applicable Reliability Standards developed by NERC (North American Reliability Corporation), in particular those pertaining to Critical Infrastructure Protection (CIP).
- Interpret and recommend changes on security policies and procedures as warranted.
- Evaluate the cyber security environment including access controls, assessments, mitigation detection, responses, training and awareness.
- Participate in the InfraGard group discussions, eISAC association monthly meetings, NERC alerts group, and the Reliability First Compliance Forum Calls.
- Review and analyze all project plans to insure proper cyber security measures and standards are included. Recommend and develop appropriate secure solutions based on the cyber security needs and requirements.
- In conjunction with the IT department, protect Longview Power against cyber threats that could inflict significant damage through interruption of service, intellectual property theft, network viruses, data mining, financial theft and theft of sensitive data.
- Keep cybercrime at bay by using proficiency in analysis, forensics and reverse engineering to monitor and diagnose events and vulnerability issues.
- Proactively mitigate, detect, report, and investigate suspicious activity.
- Serve as a first responder for cyber security incidents, NERC alerts, events and incidents identified through security event management tools and confirm validity of identified incidents.
- Coordinate and validate results from contracted cyber security vendors.
- Assist in the continuous improvement of business continuity and disaster recovery.
- Contribute proactively to company’s data and network security by keeping current on developments in cyber security, evaluating and recommending emerging security products and technologies.
- Monitor the key card security, fiber security, control system and camera system.
- Successfully complete required compliance training annually.
- Report any breaches or potential breaches of Longview Power compliance and ethics commitments of which you become aware, whether these related to yourself or others.
- Participate in and contribute to other areas within the department as needed.
- Perform additional duties as assigned.
Job Requirements (Education, Experience, Knowledge, Skills)
- Minimum of three (3) years of cyber security experience, preferably supporting power generation facilities.
- Continuous alertness, precision, and concentration to ensure accuracy and thoroughness of documents and transactions.
- Continuous alertness of surroundings for security purposes.
- Frequent use of judgment, reasoning, patience, and negotiating.
- Experience working with regulatory programs such as SOX, NERC, CIP, ETC.
- Continuous memory demands in recalling Longview Power policies, services, and state and federal regulations.
- Length of workday is unpredictable. May have to work long hours because of computer failure, unusually activity or extended business meetings.
- Ability to effectively manage multiple tasks and deadlines simultaneously.
- Ability to make decisions, takes action, and accepts responsibility for results.
- Ability to act appropriately in a business-like manner in any situation.
- Ability to analytically audit system logs and records.
- Proven track record of acting in an ethical way.
- Travel to all Longview Power facilities will be required.
Does this job have supervisory responsibilities? No
Direction: receives guidance with respect to general objectives; in the majority of tasks and projects assigned, determines methods, work sequences, scheduling, and methods to achieve objectives of assignments; operates within specific policy guidelines.
Are there non-supervisory employees who report directly to this job? No
Are there subordinate supervisors reporting to this job? No
OTHER DUTIES AND RESPONSIBILITIES
- Comply with all safety policies, practices and procedures.
- Participate in proactive team efforts to achieve departmental and company goals.
- Perform other duties as assigned.
- Provide leadership to others through example and sharing of knowledge/skill.
EDUCATION and EXPERIENCE
Level of education and experience needed to successfully accomplish the essential duties of this job.
Bachelor's degree (B. A.) from four-year college or university in Management
Information System (MIS), Computer Science, or related field.
Level of language (ability to read, write, and speak) needed to successfully accomplish the essential duties of this job.
- Ability to read, analyze and interpret technical data, make sound recommendations, work in a team environment and possess the ability to be a self-starter with little supervision.
- Ability to exercise discretion and independent judgment in interpreting policies and procedures, making exceptions as required.
- Must have excellent communication skills (oral and written).
Level of mathematical skills and abilities needed to successfully accomplish the essential duties of this job.
Ability to work with mathematical concepts such as basic numeric calculations, as well as writing, reading, comparing, and analyzing.
Level of reasoning skills and abilities needed to successfully accomplish the essential duties of this job.
Ability to define problems, collects data, establishes facts, and draw valid conclusions. Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and concrete variables.
Strong personal computer skills including networking, hardware, and software skills.
Handles multiple projects simultaneously.
CERTIFICATES, LICENSES, REGISTRATIONS
Licenses, certificates, or registrations that are required to perform the essential duties of this job.
Current Cyber Security certifications e.g. Certified Information Systems Security Professional (CISSP) from International Information System Security Certification Consortium (ISC)², Global Information Assurance Certification (GIAC) Gold, Certified Ethical Hacker, Information Systems Audit and Control Association (ISACA) Certifications, and vendor specific security certifications.
How much on-the-job time is spent in the following physical activities?
Using hands to finger, handle or feel
Reaching with hands and arms
Climbing or balancing
Stooping, kneeling, crouching, or crawling
Talking or hearing
Tasting or smelling
Does this job require that weight be lifted or force be exerted? If so, how much and how often?
Up to 10 lbs
Up to 25 lbs
Up to 50 lbs
Well-lighted, heated and/or air-conditioned indoor office/production setting with adequate ventilation.
Wet or humid conditions (non-weather)
Work near moving mechanical parts
Work in high precarious places
Fumes or airborne practices
Toxic or caustic chemicals
Outdoor weather conditions
Extreme cold (non-weather)
Extreme heat (non-weather)
Risk of electrical shock
How much noise is typical for the work environment of this job?
Moderate noise (examples: business office with computers and printers, light traffic)
Occasional overnight travel (up to 10%) by land and/or air.