Pattern Energy Group

  • Information Security Analyst

    Job Locations US-CA-San Francisco
    Posted Date 1 month ago(2/14/2019 6:48 PM)
    # of Openings
    1
    Category
    Information Technology
    Job ID
    2018-1441
  • Overview

    Pattern Energy Group is an independent, fully integrated energy company that develops, constructs, owns and operates renewable energy projects and transmission assets across North America, Japan, and parts of Latin America.  The company focuses primarily on wind, solar and transmission. The Pattern Energy Group team has a history as one of the top North American renewable energy and transmission providers in the industry. The team is dedicated to delivering the highest value for its customers, partners, financial supporters and the communities in which it works, while exhibiting a strong commitment to promoting environmental stewardship and corporate responsibility.

    Pattern Energy Group operates in the United States, Canada, Japan, and Mexico with offices in San Francisco, Houston, San Diego, New York, Tokyo, and Toronto.  Pattern Energy Group’s corporate headquarters is in San Francisco.

    Responsibilities

    Job Description 

    The Information Security Analyst improves governance, oversight, and operational resiliency of information systems. This role reviews the current threat landscape and helps the company understand its security posture, guiding action on the highest priority risks.

    The Information Security Analyst takes a proactive approach to security by focusing on the risks Pattern faces. This role helps reconcile Pattern’s legal, regulatory, and operating obligations with Pattern’s business goals. The information security analyst maintains current knowledge of the cyber risks unique to Pattern’s Business and communicates them to the organization as appropriate.

    Key Accountabilities

    • Identifies, assesses, prioritizes, and mitigates information security risks for new technologies
    • Conducts technology and vendor assessments to understand capabilities of required systems or networks
    • Provides input on security requirements to be included in statements of work and other appropriate procurement documents
    • Identifies cyber capabilities strategies for technology development based on stakeholder requirements
    • Performs security reviews and identifies gaps in security architecture and design
    • Identifies necessary security controls to be integrated within the development lifecycle
    • Translates security controls into technical specifications and guidance to stakeholders to ensure common understanding across the stakeholders and enable adequate implementation
    • Defines engineering solutions in collaboration with IT team and product owners to remediate inherent cyber security risks
    • Partners with the IT team to recommend and deploy process improvements to ensure that security requirements are incorporated in all technology projects
    • Work closely with IT department on corporate technology development to fully secure information, computer, network, and processing systems
    • Manage the administration of all computer security systems and their corresponding or associated software, including firewalls, intrusion detection systems, cryptography systems, and antimalware solutions
    • Contributes to monthly Information Security reports
    • Contributes to quarterly report to be shared with the Board of Directors
    • Provides peer review and support for organizational deliverables

    Qualifications

    Educational and Work Experience

    • Bachelor’s in Information Systems or other related field, or equivalent year work experience
    • 3 years of experience in IT, critical infrastructure, intelligence, and/or cyber information security work

    Additional Requirements

    • Knowledge of relevant regulatory requirements including NERC CIP and Sarbanes-Oxley (SOX)
    • Utility industry experience in one or more specialty areas (i.e. Gas Operations, Safety & Electric Transmission and Distribution, Generation and Energy Policy/Procurement)
    • Experience with cybersecurity best practices and standards (e.g. NIST SP800-53, ISO 27001, etc.)
    • Experience with Cyber/information security management policies, procedures, regulations and governance processes, Information Systems/Network Security, System Security Analysis, Information Assurance Compliance
    • Knowledge of risk management techniques, technological trends, and developments in cyber/information security, systems/software development, engineering, integration, testing and evaluation and operating systems
    • Experience hardening current Windows platforms
    • Experience with public cloud platforms such as Amazon AWS, Microsoft Azure, or Google Cloud Platform
    • Working knowledge of scripting with Powershell
    • Understanding of computer networking concepts and protocols, and network security methodologies, including working knowledge of firewall, router, and switch configuration
    • Ability to communicate and convey complex IT/OT technical security related concepts to business and technology teams
    • Excellent written and verbal communication skills required
    • Ability to perform complex tasks using established policies, procedures and guidelines as reference
    • Complex problem analysis and decision-making skills
    • Knowledge of SCADA or EMS a plus
    • CompTIA Security+, Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), or equivalent a plus

    Pattern Energy Group LP is an Equal Opportunity Employer

    Options

    <p style="margin: 0px;">We're sorry&nbsp;that the Share function is not working properly at this moment. Please refresh the page and try again later.</p>
    Share on your newsfeed