Senior Information Assurance Analyst - Oahu

Senior Information Assurance Analyst - Oahu

Company: Hawaiian Electric Companies

We recognize our competitive advantage — our people. We believe in our people, who share our vision of meeting the needs of our employees, customers, and communities and who carry out the continued success of the company.

Our employees are committed to the company's foundational values: integrity, excellence, teamwork, environmental stewardship, and community commitment. In turn, we invest in our employees, providing opportunities for challenge and advancement and offering a competitive compensation package.

Posting End Date:
This position will remain open until filled. Early applications are highly encouraged.

Brief posting description

The P EJ INFORMATION ASSURANCE Department of the P INFORMATION ASSURANCE Division at Hawaiian Electric Company has 1 Management vacancy available. (Role: Professional)

• Oversees or performs the assessments of Company systems and networks and identifies where those systems/networks deviate from cybersecurity policies, acceptable configurations, or guidance.
• Provides consulting-level knowledge and expertise for the Information Assurance (IA) division, which includes development and enforcement of cybersecurity policies & standards, cybersecurity risk management activities, IT and OT compliance, and secure integration of grid technologies and cloud services.
• Supports development of detailed plans and provides requirements for information systems’ security controls and security monitoring solutions.
• Performs security control reviews to validate the security controls as designed are operating effectively.
• Develops policies, standards, and procedures to ensure that security controls are adequately designed.

• Performs cybersecurity assessments and provides security control requirements for IT and OT projects, including externally hosted applications and grid technology projects.
• Develops and manages programs and processes for privacy, e-discovery, security awareness training, digital forensics, patch management, vulnerability remediation, and other security and compliance programs.
• Supports detailed review and approval processing for various policies, processes, and procedures necessary to support the Company’s cybersecurity security and compliance requirements.
• Ensures that adequate and proper internal controls, processes, practices, and standards are developed, maintained, and tested in order to meet the Company’s policy and compliance requirements.
• Supports the business continuity planning, disaster recovery planning, and the Company’s Cybersecurity Incident Management Team (CS-IMT), with occasional on-call support.
• Participates in Company emergency response activities as assigned, including any activities required to prepare for such emergency response.

Knowledge Requirements

• Computer networking concepts and protocols, and network security methodologies.
• Risk management processes (e.g., methods for assessing and mitigating risk).
• Cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
• Cyber threats and vulnerabilities.
• Cryptography and cryptographic key management concepts.
• Data backup and recovery concepts.
• Host/network access control mechanisms (e.g., access control list, capabilities list).
• Network access, identity, and access management (e.g., public key infrastructure, OAuth, OpenID, SAML, SPML).
• Traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
• Programming language structures and logic.
• System and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
• Network attacks and a network attack’s relationship to both threats and vulnerabilities.
• System…