Location: Snoqualmie, WA
Date Posted: 01-04-2018
Job Description:
Principal Analyst, Critical Infrastructure Cyber Security, Enterprise Info Security
Responsible for partnering with Internal Our Company teams and 3rd parties for the integration of the Critical Security Controls (CSC) as part of the Critical Infrastructure (CI) program. Assure CI cyber readiness by recommending plans, compensating controls, updating policy or exploring remediation’s as appropriate. Generate consensus and supporting the deployment of those plans. Serve as the central resource for subject matter expertise for Corporate Information Security in all aspects of CI application and infrastructure design for assigned areas. The will be the principal security advisor to cross-functional teams for the successful delivery of CI, projects, and/or services to enterprise customers.
Enterprise Core Competencies
Requires expertise in the Center for Internet Security (CIS) Critical Security Controls (CSC) and their application to Critical Infrastructure and Applications. Familiarity with Wireless Telecommunications and IT Infrastructure.
Is customer focused, can manage change and innovation, is a strategic thinker, able to build relationships and influence, architect and document recommended CI requirements, is results focus and provides inspirational leadership.
Essential Functions
• Applies the Center for Internet Security Critical Security Controls to Critical Infrastructure and Applications.
• The Principle Analyst will be the Subject Matter Expert for Corporate Information Security, supporting the assessment of cyber readiness, consulting with CI asset owners on best practices and Our Company policy to assure cyber readiness
• Recommend and support deployment of plans, compensating controls or remediation’s as appropriate.
• Optimizes cross-functional partnerships to successfully address Business and CI requirements. Leads / organizes large scale analysis efforts spanning multiple departments.
• Uses internal and external data resources to make strategic business decisions, update policy and persuade others.
• Collaborates and builds long-term relationships with key stakeholders.
• Anticipates likely stakeholder responses to specific recommendations and can address feedback accordingly
• Lead information security review of CI, new technologies, designs, and remediation planning efforts.
• Proactively identify process or technology improvements within existing legacy applications or infrastructure and seeks out remediation.
• Investigates and/or leads identifying security requirements and recommends plans/resolutions.
• Implements, tests and monitors info security improvements related to CI, policy or security best practices.
• Proactively identifies areas that need to be developed and seeks out expertise in those areas as needed. Keeps abreast of current CI developments and trends and can use this knowledge to create a business cases to address major issues and create specific action plans to address the gaps. Plays a leadership role in the execution of that action plan.
• Lead security projects driven by groups both internal and external to info security.
• Mentor peers and junior team members in security technologies, enterprise solution design, SDLC facilitation and effective customer interaction. 

Required Qualifications:
Recommended Qualifications
• Minimum 10 years total experience with increasing responsibility with the application of the CIS CSC controls with critical infrastructure and applications.
• Minimum 6 years’ experience with the following: project/team lead, formal implementation SDLC, facilitation of cross-functional solution design teams.
• Be subject matter expert in multiple CISSP security domains.
• Strong, demonstrated verbal and communication skills with diverse cross functional groups ability to present advanced concepts to leadership, peers, and others in subordinate roles.
• Ability to create technical specifications and requirements, Able to quickly adapt to new or evolving technologies related to new product and services requiring validation or research.
• Knowledge of current technological trends and developments in info security.
• In-depth knowledge of security best practices in large-scale environments.
• Author white papers and presents at industry conferences is a plus.
• Able to drive industry standards and socialize internally and externally.
• Experience with high-level architecture network design and engineering, security CI principles, security technologies, IP networking, web services and SOA.
• Knowledge of federal and compliance regulations e.g. SOX, PCI and CPNI
• Solid understanding of Our Company’s network elements and how they work together (EIT, Engineering and 3rd Party) is a plus.
• Previous leadership experience, a plus.

Minimum Required
• Bachelor’s Degree in Computer Science, Information Technology or related area of study
• Certifications combined with relevant work experience may be substituted for education requirements

License or Certification
CISSP and/or CISA/CISM certification a plus
General/Physical Requirements

Preferred Qualifications:
The key items I have on my list are:
- Knowledgeable in the application of the Critical Security Controls – emphasize the application of as opposed to just knowledgeable about.
- Ability to discern the critical from important, and influence teams to implement the remediation’s.
- Demonstrated ability to work a large program, the balancing of priorities, working with and getting support from resources across the organization.
- Proven ability to consult with asset owners, build trust and partnership to get things done.
- Technical acumen and the ability to work with the subject matter experts to put effective remediation’s in place.

Specific subject matter expertise in Security and Wireless Telecom would be a huge plus, trying not to define a unicorn in my expectations. 
this job portal is powered by CATS