Qualifications: The Information Technology Planning Section is looking for a dynamic
individual to join its Information Security department. To be eligible, the selected
candidate must have High School Diploma/GED with 3 to 5 years Information
Security work experience, Associate’s Degree or equivalent technical certification
preferred, (Computer Science or Engineering with 2 years equivalent work
experience). Must be well organized and detail oriented. Must be flexible to handle
multiple assignments and deadlines and adapt to changing priorities. The candidate
must possess strong technical skills across cyber security technologies including;
scripting skills and an understanding of network traffic flows, and vulnerability
management. Excellent written and verbal communication skills. Strong presentation
skills. Computer literacy with proficiency in Windows Server, Windows 7/8/10,
Microsoft Office Suite is required, especially Word, Excel and PowerPoint. Intrusion
detection/prevention systems, web application/database firewall systems experience
preferred. Understand Critical Infrastructure Protection (CIP) regulatory
requirements desirable. Must have the ability to effectively interact with customers,
support staff, outside vendors and various levels of management. Must demonstrate
ability to work in teams in a manner consistent with Company objectives. Must be
available 24/7 and available to be on call and/or participate in off-hour emergency
response activities as required. Participate in the Company’s emergency
management processes and storm plans. Must have a valid driver’s license and the
ability and willingness to travel within the O&R and CECONY service territory as
required.
Responsibilities: • Provide cybersecurity policy and technical advisory services to
internal business process area project teams. • Perform vendor risk assessments in
support of internal business process area project teams. • May be required to
support Critical Infrastructure Protection (CIP) readiness and compliance activities. •
Generate regular risk management reports using various security technologies. •
Perform internal vulnerability assessments and ensure remediation of vulnerabilities
for business process area infrastructure and web applications. • May be requested to
perform internal penetration testing. • Support incident response activities. • Assist
on RFP specifications, participate in the technical evaluation of contractor proposals,
software, hardware or services. Conduct field investigations, prepare analysis, and
provide solutions to cyber security concerns and requests. Willing to be flexible and
take on technically challenging and complex assignments when requested to do so. •
Performs other related assignments as required.