JOB DESCRIPTION
Job Description Summary
GE Digital Grid partners with electric grid utilities and telcos to deliver mission critical industrial control system software worldwide and is seeking an Information Security Risk Analyst to join our information security team. This is a dynamic, multi-faceted field where utilities/telcos are seeking not only additional cyber security functionality within our products and increased cyber service offerings, but also increased transparency into how Digital Grid provides products and services in a secure manner, driven largely by increasing governmental regulations such as NERC CIP and the EU’s Network & Information Systems Directive. Digital Grid have deployed an ISO 27001 certified information security management system as the framework to meet utility / telco requirements. This role will join our existing information security team to help us further expand and mature our capability to meet these increased market demands.
Job Description
Job Responsibilities
In this role, you will:
- Improve and maintain the GE Digital Grid Information Security Management System by creating and updating IS policies, standards, and procedures in collaboration with the Information Security and IT teams and business functions
- Support the IS risk assessment / treatment and incident response processes
- Guide and support preparation for ISO 27001 external audits
- Manage the internal IS audit program and perform IS and Quality internal audits
- Coach and mentor the part time internal IS auditors
- Manage internal and external audit findings to resolution
- Be familiar with relevant current and upcoming cyber security standards and industry best practice
- Activities supporting information security risk and compliance aligned to business priorities
Job Qualifications
- Bachelor's Degree from an accredited institution in Information Security, Computer Science, or STEM” subjects (Science, Technology, Engineering and Math); and
- A minimum 5 years of IT and / or information or cyber security experience
- ISO 27001 and / or ISO 9001 experience
Eligibility Requirements
• Must be willing and able to travel domestically and internationally, 15%
Job Characteristics
Required:
- Knowledge of various aspects of product management for delivering an enterprise solution to market, from requirements to development, test, build, deliver, through maintenance and support, esp. as it relates to product’s cyber security
- Experience creating and implementing standards, policies, procedures and practices for large enterprises
- Experience with mission critical and/or industrial control systems, particularly EMS, DMS, OMS, DERMs, GIS, etc.
- Familiarity with Information Security and Cyber Security standards and how they are applied operationally
- Experience of managing a cross functional, multi-location internal audit program
- Experienced internal auditor, auditing against ISO 27001
- Strong influence, facilitation, and interpersonal skills
- Ability to support multiple projects simultaneously in a matrix management environment
- Ability to effectively communicate with functional leaders and internal stakeholders
Desired:
- Technical security background in one or more of the following: Enterprise Linux, Windows, Virtualization, Docker containers, Kubernetes, Networking
- Personal cyber security certification, such as CISM, CISA or CISSP
- Experience with organizational cyber security certifications, such as ISO27001, SOC2 Type II, or IEC62443
- Familiarity with externally assessed ISO 27001 audits
- Strong Leadership Skills
- Experience and ability to work in a global disperse team
- Green Belt certified (GE Employees only)
- Familiarity with Lean, Agile development, and/or Scaled Agile Framework
- Availability outside normal” local business hours to work across global timezones and/or potential incident response
