Orlando Utilities Commission Hiring for Education/ Certification/ Years of Experience Requirements: at Orlando, Florida Full Time

Information Security Analyst

OUC – The Reliable One , anindustry leader and the second largest municipal utility in Florida committed to serving the community and the environment, is presently seeking a Information Security Analyst to join the Digital & Technology division.

We are looking for an Information Security professional with experience performing basic malware analysis and Windows server administration.

In this role, you will be responsible for monitoring, analyzing and remediate security of information assets to identify potential security threats that risk OUC of misuse, unauthorized access or disclosure. Assist with the design and maintenance of security posture, enable compliance and assess IT risk. The Analyst also interacts with business functions to maintain insight on business needs and potential impacts.

OUC’s mission is to provide exceptional value to our customers and community by delivering sustainable and reliable services and solutions. Click here (https://youtu.be/s_ZnGjX_Sas) to learn more about what we do.

The ideal candidate will have:

• Bachelor of Science degree in Computer Science, Management Information Systems or related area of study from an accredited college or university. In lieu of a degree, equivalent combination of education and directly related experience may be substitutable i.e. one year of directly related work experience/education for each year short of the four year degree requirement;

• Minimum of three (3) years of experience with Information Security Analysis and/or Operations performing basic malware analysis and Windows server administration

• Preferred list of Certifications or willingness to obtain the following certifications:

o Certified Information Systems Security Professional (CISSP),

o GIAC Certified Incident Handler (GCIH),

o GIAC Certified Security Professional (GREM),

o Cisco Certified Network Professional (CCNP),

o or other relevant industry certifications

OUC offers a very competitive compensation and benefits package. Our Total Rewards package includes, to cite a few:

• Competitive compensation

• Low-cost medical, dental, and vision benefits and paid life insurance premiums with no probationary period. Retirement benefits include a cash balance account with employer matching along with a health reimbursement account

• Paid vacation, holidays, and sick time

• Educational and Professional assistance programs; Paid Memberships in Professional Associations

• Access to workout facilities at each location

• Paid Conference and Training Opportunities

• Free downtown parking

• Hybrid work schedule

Click here to view our Benefits Summary. (https://www.ouc.com/docs/human-resources-documents/2022_hr-summary_benefits.pdf)

Salary Range: Commensurate on experience

Location: Reliable Plaza -100 W. Anderson Street, Orlando, FL 32801 USA

Please see below a complete Job description for this position.

Job Purpose:

Responsible for monitoring, analyzing and remediate security of information assets to identify potential security threats that risk OUC of misuse, unauthorized access or disclosure. Assist with the design and maintenance of security posture, enable compliance and assess IT risk. The Analyst also interacts with business functions to maintain insight on business needs and potential impacts.

Primary Functions:

• Investigate malware issues, determine severity, and recommend mitigation; follow up to ensure resolution;

• Respond and assist with initial incident assessments, damages, recovering services; post incident information and analysis;

• Serve as a technical lead or Subject Matter Expert (SME) on IT sponsored projects;

• Provide active participation in information security architecture design;

• Monitor security events at the network, application, database and operating systems level to identify potential security incidents;

• Identify weaknesses in OUC’s security posture that could result in unauthorized access to sensitive data; participate in building remediation plans that minimize risk to sensitive data and build a defensive security posture;

• Provide escalated security tool administration;

• Perform all provisioning and modifications of user access to all major OUC IT assets including network and major applications;

• Conduct Security Awareness training for other Business Units; train users on how to maintain OUC’s security as well as their own;

• Train IT support technicians on first and second level response access related issues for supported applications, payment issues, personal and corporate device provisioning, and website issue management;

• Provide access control third level support to the ITSC on enterprise applications(i.e. EnterpriseOne);

• Serve as primary Security contact for all IT-related Request for Proposals (RFPs) and contracts across all business units, including Purchasing and Legal departments;

o Review and modify RFPs to include IT Security standards and policies; including the creation of additional attachments

o Work with Legal department attorneys to review RFP and contract wording; explain technical and security concepts;

o Complete IT Contract review document for Legal for all IT Security purchases;

• Review Hosted Vendor Solution Questionnaire required for any service that processes or host OUC data; works with responding vendors on any outstanding questions or concerns;

• Work on various projects to configure and implement and test security tools;

• Assess risk for new and existing technology. Researches, plans, and tests mitigations for risk management;

• Monitor security events at the network, server, application, and database;

• Perform other duties as assigned.

Technical Requirements:

• Working knowledge of all, but not limited to the following:

o IT security architecture and design such as Data Loss Prevention (DLP), Security Information & Event Management (SIEM), multi-factor authentication, cloud computing, mobile device security, etc.

o Enterprise applications, desktop security management and network management

o Structured Query Language (SQL)

o Related industry, organizational and departmental policies, practices, and procedures; legal guidelines, ordinances, and laws;

o Product documentation including technical requirements, product workflows and product instruction manuals;

o Statements of work for IT Security related projects/products;

o RFP, legal contracts for technology purchases; understand purchasing operational procedures;

o Technical Reference materials (i.e. Gartner)

o Real-time alerts including administrative changes, network lockouts, malware, and shared folder outbreaks;

o Preparing and maintain reports (ie. Daily network events, malware, administrative summary, foreign IP and lockout, Ad-hoc, and month-end)

• Build strong relationships both internally and externally;

• Strong communication skills, both verbal and written;

• Ability to handle confidential information with discretion;

• Ability to analyze large volumes of information from multiple sources in order to draw conclusions regarding suspicious patterns and create procedures needed for increased user productivity;

• Ability to use Microsoft Office Suite (Excel, Word, PowerPoint, etc.) and use standard office equipment (telephone, computer, copier, etc.)

Education/ Certification/ Years of Experience Requirements:

• Bachelor of Science degree in Computer Science, Management Information Systems or related area of study from an accredited college or university. In lieu of a degree, equivalent combination of education and directly related experience may be substitutable i.e. one year of directly related work experience/education for each year short of the four year degree requirement;

• Minimum of three (3) years of experience with Information Security Analysis and/or Operations performing basic malware analysis and Windows server administration

• Preferred list of Certifications or willingness to obtain the following certifications:

o Certified Information Systems Security Professional (CISSP),

o GIAC Certified Incident Handler (GCIH),

o GIAC Certified Security Professional (GREM),

o Cisco Certified Network Professional (CCNP),

o or other relevant industry certifications

Working Conditions:

This job may involve occasional exposure to some disagreeable elements (dust, heat, cold, noise, etc.) and accidents are improbable other than minor injuries.

Physical Requirements:

This job requires constant typing, speaking and hearing, detailed inspection/ reading/ editing, and writing. There is also the need to sit on a very frequent basis. Additionally, lifting up to 40 pounds, standing, bending/ stooping, reaching overhead, kneeling/ crawling, and climbing stairs/ ladders occurs on an occasional basis.

OUC–The Reliable One is an Equal Opportunity Employer who is committed through responsible management policies to recruit, hire, promote, train, transfer, compensate, and administer all other personnel actions without regard to race, color, ethnicity, national origin, age, religion, disability, marital status, gender, sexual orientation, gender identity or expression, genetic information and any other factor prohibited under applicable federal, state, and local civil rights laws, rules, and regulations .

EOE M/F/Vets/Disabled

#zr

#LK

#LI-Hybrid