| Irving, TX | Security Engineer
SUMMARY:
Under general supervision, plans, coordinates, and implements security measures to safeguard information in computer files against accidental or unauthorized modification, destruction, or disclosure.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
• Develops, implements, maintains, and enforces information protection, information security, corporate policies, standards, and practices throughout the company
• Develops and provides recommendations to management for overall information protection architecture and program for the Company
• Develops and implements employee training and awareness programs for information protection and security
• Partners with the Information Services Review Board and PNM Audit Services personnel to ensure information protection issues for corporate data, systems, networks, and other information assets are addressed to the satisfaction of all entities
• Develops effective working relationships with mid- and senior-level management of the various business units throughout the company to obtain support and acceptance of security policies and practices, and develop support for policy enforcement
• Manages the Information Security (IS) staff and functions in Information Services, assuring effective administration of security activities
• Manages and reports regularly on all IS projects and activities
• Works closely with Security Administrators and Technical staff for various systems and networks to ensure that adequate preventive and detection controls are in place
• Provides coordination and guidance to any decentralized or application security administration functions
• Assists in IS's contingency planning and testing on a regular basis to ensure company information assets are recoverable and protected
• Manages the IS work involved in all internal and external security-related audits involving systems, networks, and data
• Participates with internal departments in risk assessment activities and new software development projects to ensure data security
• Accesses control and business recovery procedures inherent in all new information technology implementations
COMPETENCIES
• In-depth management, negotiation, technical skills, and demonstrated leadership and customer service skills
• Understanding of and ability to relate business requirements and risks to technology implementation for security related issues
• Excellent skills in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology
• Demonstrated skills in personnel management, budget management, and conflict management
• Ability to stand firm on issues yet be flexible and creative when working with customers to find effective solutions
• Ability to organize, create, and deliver technical proposals and presentations to peers and management
• Ability to understand and interpret laws and regulatory requirements related to information protection, and develop and implement appropriate processes to keep the Company in compliance and reduce legal liabilities
QUALIFICATIONS
MINIMUM EDUCATION AND/OR EXPERIENCE:
• Bachelor's degree from four-year college or university in Information Resource Management, Business Computer Systems, Computer Science or Computer Security with five to seven years related experience, or equivalent combination of education and/or experience related to the discipline.
CERTIFICATES, LICENSES, REGISTRATIONS:
• NERC CIP cyber security standards.
• Certification in security or systems control related field: I.e., CISSP, CISA.
SUPERVISORY RESPONSIBILITIES
Manages an information security staff that is responsible for day-to-day security administrative functions, analysis, and monitoring. Coordinates and works closely with all system and application security administrators throughout the Company to ensure policies and standards are followed. May not be directly responsible for an employee, but must develop working relationships and influence the work in order to implement security processes.
COMMUNICATION SKILLS
• Ability to read and interpret documents such as safety rules, operating and maintenance instructions, and procedure manuals
• Ability to write routine reports and correspondence
• Ability to speak effectively before groups of customers or employees of organization
COMPUTER SKILLS: (Basic Familiarity)
• In-depth knowledge and experience with mainframe and client/server applications and information security issues
• In-depth knowledge of Microsoft NT Advanced Server and UNIX security functionality
• Working knowledge of ACF2 security software.
• Working knowledge of database product security technology, specifically Oracle and DB2 and general knowledge of physical security methods for securing automated systems and network components |