Cyber Security Specialist

TITLE: Cybersecurity Specialist

OBJECTIVE: Develop, design, and maintain the security of all information/communication systems, with a primary focus on the defensive posture of the cooperative. Demonstrate expertise across all cybersecurity disciplines to ensure optimal system security, integrity, and availability. Develop and promote security policies and procedures that align with the requirements of the cooperative and industry standards. Prioritize the security of enterprise IT, as well as the deployed Industrial Control Systems (ICS) and Operational Technology (OT) networks; with the goal of delivering a secure network environment to meet the system and informational needs of both employees and members.

REPORTS TO: Manager of Engineering

QUALIFICATION REQUIREMENTS:

1. Bachelor of Science degree preferred in the field of computer science, or a minimum of eight (8) years related work experience.

2. The following certifications are desired, but not required: CISA, CISM, CISSP, CSA, SSCP, Security , CEH, Microsoft Cybersecurity Architect, Microsoft 365 Certified: Security Administrator

3. Ability to solve practical problems and deal with a variety of variables in situations where only limited standardization or documentation exists.

4. Ability to interpret a variety of instructions furnished in written, oral, diagram, or schedule form.

5. Maintain confidentiality and the ability to present ideas in business-friendly and user-friendly language.

6. Ability to communicate with managers and users regarding pertinent I.T. and cybersecurity activities.

7. Work with integrity and ethically; Uphold organizational values.

8. Ability to deal with frequent change, delays, and unexpected events.

9. Must be willing to work long hours when necessary to complete projects.

10. Ability to read, analyze, and interpret general business periodicals, professional journals, technical procedures, or governmental regulations.

11. Ability to write reports, business correspondence, and procedure manuals.

12. Ability to effectively present information and respond to questions from groups of managers, employees, consumers, and the public.

RESPONSIBILITIES AND ESSENTIAL DUTIES:

1. Design, develop, and implement security policies and procedures that align with industry standards. Maintaining those policies for not only CVEC but all subsidiaries.

2. Align business practices with industry cybersecurity frameworks.

3. Implement and maintain firewalls, intrusion detection/prevention systems, and other network security infrastructure.

4. Monitor network traffic for unusual activities and security breaches.

5. Ensure the security of individual devices (computers, laptops, mobile devices) through antivirus software, encryption, endpoint protection and endpoint management solutions.

6. Develop, monitor, and maintain security standards with third party vendors to protect against supply chain attacks.

7. Conduct and manage regular vulnerability assessments and penetration testing to identify and address security weaknesses in systems and applications.

8. Work with management and departments to develop and implement incident response plans to address security incidents promptly and effectively.

9. Conduct regular tabletop and scenario-based exercises to discover weak points in defense posture and address both physical and cyber vulnerabilities.

10. Investigate and analyze security incidents and recommend corrective actions.

11. Develop, update, and enforce security policies and procedures to ensure compliance with industry standards and regulations across CVEC and subsidiaries.

12. Develop and conduct recurring cybersecurity training to employees to enhance their awareness of security risks and best practices.

13. Implement and manage IAM solutions to control and monitor user access to systems and data.

14. Implement encryption and other measures to protect sensitive data.

15. Monitor and maintain Azure/M365 environment to maintain proper email and data security.

16. Implement and maintain conditional access and data management policies and controls.

17. Monitor and audit data access to ensure data integrity and confidentiality.

18. Conduct regular security audits to ensure compliance with relevant regulations and standards.

19. Work with auditors to demonstrate compliance with security policies.

20. Design and implement security architectures for networks, systems, and applications.

21. Evaluate and recommend security technologies and tools.

22. Develop and implement procedures for timely patching of software and systems to address known vulnerabilities.

23. Set up and manage security information and event management (SIEM) systems to monitor and analyze security events.

24. Stay informed about the latest cybersecurity threats, vulnerabilities, and industry best practices.

25. Research and recommend new security solutions to enhance the organization's security posture.

26. Work closely with IT teams, management, and other stakeholders to communicate security risks and strategies effectively.

27. Deploy and manage intrusion detection and prevention systems to detect and block malicious activities.

28. Maintain documentation on compliance and security standards across the cooperative.

29. Prepare and present reports on the organization's cybersecurity posture and incidents to management.

30. Conduct regular security testing, including penetration testing and security assessments, to identify and address vulnerabilities.

31. Manage cyber security incidents and work with other IT personnel and management to get the business back into a secure and operating posture.

32. As needed, conduct digital forensics to investigate security incidents and gather evidence.

33. Review, monitor and maintain physical security measures across the organization and manage third-party vendors.

34. Perform any other security related task as they arise.

PHYSICAL DEMANDS:

The position requires standing, walking, and reaching with hands and arms. Occasionally will be required to sit, climb, or balance, stoop, kneel, crouch and crawl. Must be able to frequently lift or move up to thirty (30) pounds and occasionally lift and/or move up to one hundred (100) pounds. Specific vision requirements include close vision, depth perception, and ability to adjust focus. The requirements listed are representative, but not all inclusive of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

WORKING CONDITIONS

Some travel within the service area; some travel outside the area for professional and educational meetings. Must be able to work outside in all weather conditions. Must be able to work hours other than the normal 8 a.m. to 5 p.m. timeframe. Must have a valid Alabama driver’s license.

Job Type: Full-time

Pay: $73,122.00 - $90,564.00 per year

Benefits:

• Dental insurance
• Employee assistance program
• Health insurance
• Life insurance
• Paid time off
• Retirement plan
• Tuition reimbursement
• Vision insurance

Compensation package:

• Yearly pay

Experience level:

• 8 years

Schedule:

• 8 hour shift
• Monday to Friday

Education:

• Bachelor's (Required)

Experience:

• related work: 8 years (Required)

Ability to Relocate:

• Talladega, AL 35160: Relocate before starting work (Required)

Work Location: In person