Description of Position:
The CSS is part of a team responsible for maintaining the confidentiality, integrity and availability of our systems, data and services and assists other security team members with their assigned responsibilities as necessary and appropriate. The CSS will execute on planned CIP strategies, policies, and documentation efforts and is responsible for managing projects and tasks within their areas of responsibility, developing and coordinating work plans and schedules dependent upon available resources. The Cyber Security Specialist reports to Information Security Manager.
Scope of the Role:
Performance Outcome 1: Audit and Compliance
- Maintaining the operational integrity and availability of systems is paramount to the cooperative being able to conduct its business.
- Monitors company systems, networks and data for indicators of abnormal or suspicious activity
- Handling of Cyber Security incidents, investigations, and analysis.
- Produces policies, procedures, and other documentation in support of strategy and audit requirements to include:
- Corporate Polices
- NERC CIP Policies
- Standard Operating Procedures (SOPs)
- Provides real-time response and cybersecurity actions.
- Produces reports and provides real-time status on open incident, vulnerabilities and cyber posture.
Performance Outcome 2: Continuous Monitoring and Vulnerability Identification
- Ensure that appropriate controls exist, that processing is efficient and accurate, and that information systems procedures are in compliance with regulations and standards including NERC-CIP.
- Research and understand the direction that the federal government and other regulatory bodies are going, in terms of audit and technical requirements, to ensure future compliance.
- Conduct regular cyber security audits for both best practice and NERC CIP requirements.
- Develop into a Subject Matter Expert (SME) to support the Cyber Security, Network, and Systems areas of NERC CIP.
- Develop and implement a project management template to facilitate Cyber Security projects and deadlines and ensure deadlines are met.
Performance Outcome 3: Training and Awareness
- Leverage our suite of tools to Identify, Protect, Detect, Respond, and Recover from cybersecurity incidents.
- Monitor daily reports to the SOC each day. Triage these reports and update the IT Security Manager and identified IT members as to any anomalies, incidents, or failures that have taken place which helps satisfy numerous NERC CIP requirements and is part of day-to- day operations in the SOC.
- Evaluate and recommend security products, services and/or procedures to enhance productivity and effectiveness of continuous monitoring.
- Regularly assess and inventory the current technology assets to ensure that each are deployed and maintained in accordance with policies and industry best practices.
Performance Outcome 4: Reporting
- Assist with the development and execution of the cyber security awareness program to ensure staff and members across the organization understand the trade-off between risk and return.
- Assist with the completion and maintenance of an Audit of NERC CIP Training and Awareness requirements for those who have access to CIP Restricted Information
- Assist the SOC Manager with assessing and creating a better awareness of the cyber security training areas of improvement within the staff.
- Create education opportunities for interested staff to increase their knowledge of cyber security. This includes quarterly cyber security bulletins.
- Push for cyber security best practices to be institutionalized within technical and non- technical staff alike.
- Educates decision makers on the cyber security risks that a new technology, application, or system introduces to the cooperative.
- Provide expertise with regards to the latest trends, attack vectors, and mitigation tools and technologies to ensure proper security controls are in place for access management.
Performance Outcome 5: Policy/Procedure
- Establish security metrics and provide scheduled reports.
- Ensure that all SOC Reporting satisfies the NERC CIP requirements.
- Assist the SOC Manager with creating after-action-reports following live incidents and exercises.
- Assist with the design, development, editing and dissemination of timely and actionable cybersecurity information to diverse communities and audiences, such as cross-cooperative committees.
- Facilitate the rapid and secure exchange, preservation and analysis of cybersecurity information used to identify, respond to, and prevent information system compromises.
- Lead an effort to participate in information awareness through incident reporting agencies such as US-CERT, and other critical infrastructure cyber incident reporting organizations.
Performance Outcome 6: Technology
- Assistance with the development and implementation of policies, plans, and procedures to ensure the reliable, safe, and secure operation of information systems and networks in the delivery of all digital services within the Corporate and NERC CIP environments to include:
- Security Operations Center (SOC) Concept of Operations (CONOPs)
- Cyber Security Policy
- Patch Management Plan
- Visitor Access Control Plan
- Physical Security Management Plan
- Information Protection Plan
- Reuse and Disposal Plan
- Change and Configuration Management Plan
- Recovery Plans
- Incident Response Plan for CIP and Corporate environments
- Ports and Services Management Plan
- System Access Control Plan
- Malicious Code Policy
- Electronic Access Plan
- Cyber Security Awareness and Training
- Access Management documents
- Regular audit assistance ensuring these plans are implemented properly and are compliant with the latest NERC CIP guidance.
Complexity of Problems:
- Evaluate and recommend security products, services and/or procedures to enhance productivity and effectiveness.
- Regularly assess and inventory the current technology assets to ensure that each are deployed, maintained, and backed up with a security mindset.
- Assist with implementation, upgrade, and maintenance of SOC tools and technology.
- Recommend mitigation strategies and alarm rules for SOC monitoring.
Internal and External Contacts
- Must have the ability to work both independently or as part of a group with diverse backgrounds, skills, and have strong, positive interpersonal communication ability.
- Strong time management and organizational skills are essential.
- Must have the ability to handle multiple tasks and projects while meeting deadlines.
- Must be able to accurately analyze complex technical issues and provide recommendations that could impact the strategic direction.
- Must be able to present in front of small and large groups of people in person and online.
- Must be able to work logically under pressure.
Required Skills, Abilities, and Certifications:
- Internal contacts will include participation in teams with employees across multiple departments.
- External contacts will include outside consultants, vendors, contractors, and federal assessment teams.
- Bachelor’s degree in Cyber Security, or a related field.
- Six or more years of relevant experience.
- Certified IT Security professional certificate(s) or relative experience.
- Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA) or equivalent (recommended).
- Experience with NERC CIP or other federal audits.
- Ability to communicate effectively, both in writing and verbally with internal employees, external consultants, and vendors.
- Experience in law enforcement and/or national security is highly relevant.
- Knowledge of national and international regulatory compliances and frameworks such as the NIST Cybersecurity Framework, NIST 800-53, ISO, COBIT, and NERC CIP.
- Professional experience working in a Security Operations Center or as part of a Cyber Incident Response Team (CIRT).
- Demonstrated ability to develop IT security standards and procedures.
- Collaboration – Core Competency – 20%
- Ethics & Integrity – Core Competency – 20%
- Deliver Results – Core Competency – 20%
- Initiative – 20%
- Attention to Detail – 20%