Req Number: 17569BR
We are seeking an Information Security Analyst to join the Technical Support Division (TSD) of Domestic Refining & NGL Fractionation Admin Area (DR&NGLF).
The TSD Division is responsible to provide multidisciplinary subject matter technical support to DR&NGLF, through the application of various management systems, standards, benchmarking and best practices. TSD applies an operational excellence approach to achieve and sustain industry-leading performance in terms of reliability, asset integrity, efficiency, cost effectiveness, profitability, process automation and network security while maintaining the highest levels of performance in health, safety and environmental stewardship.
The Information Security Analyst is assigned to company organizations to develop and manage data protection programs, conduct risk assessments, identify risks, and implement proper information security controls to safeguard organization information assets. The Information Security Analyst handles all information security matters, and is assigned as the local point of contact for information security related activities.
As the successful candidate you will have:
A bachelor’s degree in Computer Science, Computer Engineering, Management Information Systems, Information Technology, Information Assurance, Information Security, or related.
Minimum five years of experience in computer systems analysis, at least two years of which are in information security.
Certification as ISO27001 Lead Auditor, or Certified Information System Auditor (CISA), or an equivalent certification is preferred.
Ability to communicate effectively with excellent command of oral and written English.
Duties & Responsibilities:
You will be required to perform the following:
Develop, manage, and update Data Protection Program ensuring compliance with the company's information security policies, standards and guidelines.
Identify, classify, and establish inventory of information assets within organization.
Ensure that effective controls are implemented to eliminate or minimize the impact and probability of the risks associated with information assets.
Coordinate and execute IT security projects as directed.
Perform risk assessment to identify business risks, threats, and vulnerabilities related to information assets.
Coordinate with the information assets owner to identify and document adequate controls using risk based and business impact assessment to mitigate risks.
Ensure that appropriate awareness techniques for the awareness programs are selected, and perform regular awareness events during the operational year.
Communicate data protection policies and requirements to external 3rd parties and vendors.
Participate in the performance of internal data protection reviews to assess the completeness and compliance of the critical functions and controls implemented as part of the Data Protection Program, such as information asset management, risk assessment and risk treatment.
Ensure regular compliance checks to verify the level of awareness, compliance, and effectiveness of implemented data protection program.
Analyze violations of computer security procedures and provide recommendations to management to mitigate such violations.
Enforce and administer that best practices for Access Control are implemented to safeguard information and computing resources, such as least privilege, need to know, limited time access, access review, SAP role certification, use of Active Directory and HR Security groups.
Promote information/computing security awareness and training to users.
Participate in investigations of breaches of company policies and standards.
Report and encourage reporting of Information Security Observations, system misuse, or security breach, or other irregularities.
Identify and document the business data that require backup to support business continuity and ensure that critical data is stored on IT provided storage systems to protect the confidentiality, integrity, and availability of critical data.
Enforce the guidelines for Physical Security in the organization to secure information processing/storage sites and information Processing/storage hardware from physical and environmental threats.
Manage IT assets under area of responsibility.
Verify that all software and data stored on all IT equipment are sanitized prior to removal from organization using company-authorized software to comply with the requirements.
Ensure that data protection controls are applied as appropriate for non-IT managed software.
Act as the focal point for external compliance checks and audits related to data protection.
Ensure that proper corrective and preventive actions are executed on a timely basis to ensure proper resolution of the identified information protection observations.
Review violations and monitoring reports provided by IT.