Information Security Analyst I-Sr
Apply NowCompany: PNM Resources, Inc.
Location: Albuquerque, NM 87121
Description:
POSTING DEADLINE
This position is posted until filled.
DEPARTMENT
Department: Information Security
JOB DESCRIPTION
Sr. Information Security Analyst
Salary Grade: G06
Minimum Midpoint Maximum
$74,796 - $100,975 - $127,152
Personnel in this job title may be covered by NERC CIP cyber security standards. If the position is covered, prior to being hired, promoted, or transferred into the position, the candidate must successfully pass a Personnel Risk Assessment, which includes identity verification and a criminal background check. Prior to being granted unescorted access to cyber secure areas, the candidate must attend cyber security training. Annual cyber security training is also required.
SUMMARY:
Acts as an IT security subject matter expert and technical consultant for security initiatives. Functions as technical engineer, system architect and operational support for the Identity Management (IDM) suite of products. Analyzes the security of systems and applications, and develops security baselines to protect information against unauthorized access. Conducts forensic investigations including investigations done in coordination with other departments.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
Assesses, designs, and recommends security access requirements for systems and applications; creates ad hoc reports for review
Collaborates with enterprise architecture on the development of system and application security standards and baselines
Provisions electronic access for supported systems and applications in accordance with the Enterprise Access Provisioning Program
Ensures all access issues are handled in a timely manner and that supported systems are functioning properly
Creates, modifies and deletes profiles and other access controls as part of Role Based Access Control (RBAC) program
Provides routine reaccreditation of existing users and associated entitlements
Produces evidence in support of Company policies and regulatory requirements, such as Sarbanes-Oxley (SOX) and North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP)
Participates in projects as a subject matter expert in support of business initiatives; ensures project work is completed in a timely manner in accordance with Information Security policies, programs and standards; oversees and continuously improves the Enterprise Access Provisioning Program
Performs user access reviews supporting Company investigation needs; assists with data preservation requests for litigation holds; conducts digital forensics in support of the Information Security program
Ensures teamwork to reduce security exposures
COMPETENCIES:
Strong knowledge of Company business practices and familiarity with Company products and services
Strong knowledge of digital forensic steps and incident response
Ability to develop and make recommendations for complex security processes, procedure improvements and management level security standards
Ability to identify best practices for security risk assessments, policies, standards and processes
Extensive policy, process, and standard development experience
Ability to demonstrate leadership skills and provide guidance to less experienced team members
QUALIFICATIONS
MINIMUM EDUCATION AND/OR EXPERIENCE:
Bachelors degree from a four-year college or university in Information Resource Management, Business Computer Systems, Computer Science or Computer Security with five to seven years related experience, or equivalent combination of education and/or experience related to the discipline.
COMMUNICATION SKILLS:
Ability to maintain positive and productive working relationships with various individuals and groups
Ability to recognize and initiate complex tasks without direction
Ability to read and interpret technical manuals and reports, instructional documents, and procedure manuals
Ability to write procedural documentation and user instructions
Ability to speak effectively with various individuals, groups, and vendors
MATHEMATICAL SKILLS:
Ability to calculate figures and amounts such as discounts, interest, commissions, proportions, percentages, area, circumference, and volume
Ability to apply concepts of basic algebra and geometry
COMPUTER SKILLS:
In-depth knowledge and experience with Linux/UNIX servers, client & server applications and information security issues
In-depth knowledge of Microsoft, Linux and UNIX server security functionality
In-depth knowledge of related security software
In-depth knowledge of database product security technology, specifically Oracle and SQL, and general knowledge of physical security methods
ANALYSIS AND PROBLEM-SOLVING ABILITY:
Ability to understand and assimilate complex technical information. Ability to solve partial problems and deal with a variety of concrete variables in situations where only limited standardization exists. Ability to interpret a variety of instructions furnished in written, oral, diagram or schedule form.
DECISION MAKING:
Ability to make access management and provisioning decisions without direction, in accordance with Company policies, procedures and programs. Examines potential areas for service improvement and makes recommendations for changes to senior staff or management.
PHYSICAL DEMANDS:
While performing the duties of this job, the employee is regularly required to sit up to 2/3 of the time and talk and listen for long periods of time.
WORK ENVIRONMENT:
Office environment.
JOB DESCRIPTION
Information Security Analyst I
Salary Grade: G07
Minimum Midpoint Maximum
$66,267 - $87,804 - $109,340
Personnel in this job title may be covered by NERC CIP cyber security standards. If the position is covered, prior to being hired, promoted, or transferred into the position, the candidate must successfully pass a Personnel Risk Assessment, which includes identity verification and a criminal background check. Prior to being granted unescorted access to cyber secure areas, the candidate must attend cyber security training. Annual cyber security training is also required.
SUMMARY:
Under general supervision, provisions electronic access to systems and applications. Acts as an IT security subject matter expert for supported systems and applications. Responsible for Identity and Access Management (IAM), access management, provisioning and compliance controls relating to managing access based on business need. Analyzes the security of systems and applications, and develops security baselines to protect information against unauthorized access.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
Provisions electronic access for supported systems and applications in accordance with Access Management and Provisioning program
Ensures all access issues are handled in a timely manner and that supported systems are functioning properly
Creates, modifies and deletes profiles and other access controls as part of Role Based Access Control (RBAC) program
Provides routine reaccreditation of existing users and associated entitlements
Produces evidence in support of Company policies and regulatory requirements, such as Sarbanes-Oxley (SOX) and North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP)
Recommends security access requirements for systems and applications; creates ad hoc reports for review
Participates in major projects, as needed, in support of business initiatives; ensures project work is completed in a timely manner in accordance with Information Security policies, programs and standards; contributes and recommends improvements to the Access Management and Provisioning program
Performs user access reviews supporting Company investigation needs; assists with data preservation requests for litigation holds; conducts digital forensics in support of the Security program
COMPETENCIES:
Knowledge of Company business practices and familiarity with Company products and services
Ability to develop and make recommendations for security processes, procedure improvements and management level security standards
Ability to identify best practices for security risk assessments, policies, standards and processes
Policy, process, and standard development experience
QUALIFICATIONS
MINIMUM EDUCATION AND/OR EXPERIENCE:
Bachelor's degree from a four-year college or university in Information Resource Management, Business Computer Systems, Computer Science or Computer Security with three to five years related experience, or equivalent combination of education and/or experience related to the discipline.
COMMUNICATION SKILLS:
Ability to maintain positive and productive working relationships with various individuals and groups
Ability to recognize and initiate tasks without direction
Ability to read and interpret technical manuals and reports, instructional documents, and procedure manuals
Ability to write procedural documentation and user instructions
Ability to speak effectively with various individuals, groups, and vendors
MATHEMATICAL SKILLS:
Ability to calculate figures and amounts such as discounts, interest, commissions, proportions, percentages, area, circumference, and volume
Ability to apply concepts of basic algebra and geometry
COMPUTER SKILLS:
To perform this job successfully, an individual should have in-depth knowledge and experience with IBM/UNIX servers, client/server applications and information security issues
In-depth knowledge of Microsoft, IBM and UNIX server security functionality
Working knowledge of related security software
Working knowledge of database product security technology, specifically Oracle, SQL and DB2 and general knowledge of physical security methods for securing automated systems and network components
ANALYSIS AND PROBLEM-SOLVING ABILITY:
Ability to understand and assimilate complex technical information. Ability to solve partial problems and deal with a variety of concrete variables in situations where only limited standardization exists. Ability to interpret a variety of instructions furnished in written, oral, diagram or schedule form.
DECISION MAKING:
Ability to make access management and provisioning decisions without direction, in accordance with Company policies, procedures and programs. Examines potential areas for service improvement and makes recommendations for changes to senior staff or management.
PHYSICAL DEMANDS:
While performing the duties of this job, the employee is regularly required to sit up to 2/3 of the time and talk and listen for long periods of time.
WORK ENVIRONMENT:
Office environment.
EQUAL OPPORTUNITY STATEMENT
Safety Statement:
Safety is a core value at (PNMR/PNM/TNMP) and our vision, "everyone goes home safe", reflects our commitment to promoting an environment conducive to learning, improving and building safety practices. Our safety value is built upon the belief that every employee deserves to work in an environment free from harm.
Americans with Disabilities Act (ADA) Statement:
PNM Resources is committed to providing reasonable accommodations for qualified individuals with disabilities in compliance with the ADA. If you require assistance with the job application process due to a disability, please contact HR ADA Analyst, at [redacted].
DEI Statement:
At PNM Resources, we value the diversity of our workforce and actively seek opportunities for incorporating Diversity, Equity, and Inclusion (DEI) within our family of companies. We believe a diverse workforce enriches our environment and helps us better meet the needs of our employees, customers, and shareholders. We remain committed to attracting and sustaining a diverse workforce and retaining high-performing employees who work collaboratively to carry out the Company's purpose.
PNM Resources and affiliates are Equal Opportunity/Affirmative Action employers. Women, minorities, disabled individuals and veterans are encouraged to apply.
This position is posted until filled.
DEPARTMENT
Department: Information Security
JOB DESCRIPTION
Sr. Information Security Analyst
Salary Grade: G06
Minimum Midpoint Maximum
$74,796 - $100,975 - $127,152
Personnel in this job title may be covered by NERC CIP cyber security standards. If the position is covered, prior to being hired, promoted, or transferred into the position, the candidate must successfully pass a Personnel Risk Assessment, which includes identity verification and a criminal background check. Prior to being granted unescorted access to cyber secure areas, the candidate must attend cyber security training. Annual cyber security training is also required.
SUMMARY:
Acts as an IT security subject matter expert and technical consultant for security initiatives. Functions as technical engineer, system architect and operational support for the Identity Management (IDM) suite of products. Analyzes the security of systems and applications, and develops security baselines to protect information against unauthorized access. Conducts forensic investigations including investigations done in coordination with other departments.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
Assesses, designs, and recommends security access requirements for systems and applications; creates ad hoc reports for review
Collaborates with enterprise architecture on the development of system and application security standards and baselines
Provisions electronic access for supported systems and applications in accordance with the Enterprise Access Provisioning Program
Ensures all access issues are handled in a timely manner and that supported systems are functioning properly
Creates, modifies and deletes profiles and other access controls as part of Role Based Access Control (RBAC) program
Provides routine reaccreditation of existing users and associated entitlements
Produces evidence in support of Company policies and regulatory requirements, such as Sarbanes-Oxley (SOX) and North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP)
Participates in projects as a subject matter expert in support of business initiatives; ensures project work is completed in a timely manner in accordance with Information Security policies, programs and standards; oversees and continuously improves the Enterprise Access Provisioning Program
Performs user access reviews supporting Company investigation needs; assists with data preservation requests for litigation holds; conducts digital forensics in support of the Information Security program
Ensures teamwork to reduce security exposures
COMPETENCIES:
Strong knowledge of Company business practices and familiarity with Company products and services
Strong knowledge of digital forensic steps and incident response
Ability to develop and make recommendations for complex security processes, procedure improvements and management level security standards
Ability to identify best practices for security risk assessments, policies, standards and processes
Extensive policy, process, and standard development experience
Ability to demonstrate leadership skills and provide guidance to less experienced team members
QUALIFICATIONS
MINIMUM EDUCATION AND/OR EXPERIENCE:
Bachelors degree from a four-year college or university in Information Resource Management, Business Computer Systems, Computer Science or Computer Security with five to seven years related experience, or equivalent combination of education and/or experience related to the discipline.
COMMUNICATION SKILLS:
Ability to maintain positive and productive working relationships with various individuals and groups
Ability to recognize and initiate complex tasks without direction
Ability to read and interpret technical manuals and reports, instructional documents, and procedure manuals
Ability to write procedural documentation and user instructions
Ability to speak effectively with various individuals, groups, and vendors
MATHEMATICAL SKILLS:
Ability to calculate figures and amounts such as discounts, interest, commissions, proportions, percentages, area, circumference, and volume
Ability to apply concepts of basic algebra and geometry
COMPUTER SKILLS:
In-depth knowledge and experience with Linux/UNIX servers, client & server applications and information security issues
In-depth knowledge of Microsoft, Linux and UNIX server security functionality
In-depth knowledge of related security software
In-depth knowledge of database product security technology, specifically Oracle and SQL, and general knowledge of physical security methods
ANALYSIS AND PROBLEM-SOLVING ABILITY:
Ability to understand and assimilate complex technical information. Ability to solve partial problems and deal with a variety of concrete variables in situations where only limited standardization exists. Ability to interpret a variety of instructions furnished in written, oral, diagram or schedule form.
DECISION MAKING:
Ability to make access management and provisioning decisions without direction, in accordance with Company policies, procedures and programs. Examines potential areas for service improvement and makes recommendations for changes to senior staff or management.
PHYSICAL DEMANDS:
While performing the duties of this job, the employee is regularly required to sit up to 2/3 of the time and talk and listen for long periods of time.
WORK ENVIRONMENT:
Office environment.
JOB DESCRIPTION
Information Security Analyst I
Salary Grade: G07
Minimum Midpoint Maximum
$66,267 - $87,804 - $109,340
Personnel in this job title may be covered by NERC CIP cyber security standards. If the position is covered, prior to being hired, promoted, or transferred into the position, the candidate must successfully pass a Personnel Risk Assessment, which includes identity verification and a criminal background check. Prior to being granted unescorted access to cyber secure areas, the candidate must attend cyber security training. Annual cyber security training is also required.
SUMMARY:
Under general supervision, provisions electronic access to systems and applications. Acts as an IT security subject matter expert for supported systems and applications. Responsible for Identity and Access Management (IAM), access management, provisioning and compliance controls relating to managing access based on business need. Analyzes the security of systems and applications, and develops security baselines to protect information against unauthorized access.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
Provisions electronic access for supported systems and applications in accordance with Access Management and Provisioning program
Ensures all access issues are handled in a timely manner and that supported systems are functioning properly
Creates, modifies and deletes profiles and other access controls as part of Role Based Access Control (RBAC) program
Provides routine reaccreditation of existing users and associated entitlements
Produces evidence in support of Company policies and regulatory requirements, such as Sarbanes-Oxley (SOX) and North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP)
Recommends security access requirements for systems and applications; creates ad hoc reports for review
Participates in major projects, as needed, in support of business initiatives; ensures project work is completed in a timely manner in accordance with Information Security policies, programs and standards; contributes and recommends improvements to the Access Management and Provisioning program
Performs user access reviews supporting Company investigation needs; assists with data preservation requests for litigation holds; conducts digital forensics in support of the Security program
COMPETENCIES:
Knowledge of Company business practices and familiarity with Company products and services
Ability to develop and make recommendations for security processes, procedure improvements and management level security standards
Ability to identify best practices for security risk assessments, policies, standards and processes
Policy, process, and standard development experience
QUALIFICATIONS
MINIMUM EDUCATION AND/OR EXPERIENCE:
Bachelor's degree from a four-year college or university in Information Resource Management, Business Computer Systems, Computer Science or Computer Security with three to five years related experience, or equivalent combination of education and/or experience related to the discipline.
COMMUNICATION SKILLS:
Ability to maintain positive and productive working relationships with various individuals and groups
Ability to recognize and initiate tasks without direction
Ability to read and interpret technical manuals and reports, instructional documents, and procedure manuals
Ability to write procedural documentation and user instructions
Ability to speak effectively with various individuals, groups, and vendors
MATHEMATICAL SKILLS:
Ability to calculate figures and amounts such as discounts, interest, commissions, proportions, percentages, area, circumference, and volume
Ability to apply concepts of basic algebra and geometry
COMPUTER SKILLS:
To perform this job successfully, an individual should have in-depth knowledge and experience with IBM/UNIX servers, client/server applications and information security issues
In-depth knowledge of Microsoft, IBM and UNIX server security functionality
Working knowledge of related security software
Working knowledge of database product security technology, specifically Oracle, SQL and DB2 and general knowledge of physical security methods for securing automated systems and network components
ANALYSIS AND PROBLEM-SOLVING ABILITY:
Ability to understand and assimilate complex technical information. Ability to solve partial problems and deal with a variety of concrete variables in situations where only limited standardization exists. Ability to interpret a variety of instructions furnished in written, oral, diagram or schedule form.
DECISION MAKING:
Ability to make access management and provisioning decisions without direction, in accordance with Company policies, procedures and programs. Examines potential areas for service improvement and makes recommendations for changes to senior staff or management.
PHYSICAL DEMANDS:
While performing the duties of this job, the employee is regularly required to sit up to 2/3 of the time and talk and listen for long periods of time.
WORK ENVIRONMENT:
Office environment.
EQUAL OPPORTUNITY STATEMENT
Safety Statement:
Safety is a core value at (PNMR/PNM/TNMP) and our vision, "everyone goes home safe", reflects our commitment to promoting an environment conducive to learning, improving and building safety practices. Our safety value is built upon the belief that every employee deserves to work in an environment free from harm.
Americans with Disabilities Act (ADA) Statement:
PNM Resources is committed to providing reasonable accommodations for qualified individuals with disabilities in compliance with the ADA. If you require assistance with the job application process due to a disability, please contact HR ADA Analyst, at [redacted].
DEI Statement:
At PNM Resources, we value the diversity of our workforce and actively seek opportunities for incorporating Diversity, Equity, and Inclusion (DEI) within our family of companies. We believe a diverse workforce enriches our environment and helps us better meet the needs of our employees, customers, and shareholders. We remain committed to attracting and sustaining a diverse workforce and retaining high-performing employees who work collaboratively to carry out the Company's purpose.
PNM Resources and affiliates are Equal Opportunity/Affirmative Action employers. Women, minorities, disabled individuals and veterans are encouraged to apply.