Senior Information Assurance Analyst - Oahu

• Oversees or performs the assessments of Company systems and networks and identifies where those systems/networks deviate from cybersecurity policies, acceptable configurations, or guidance.

• Provides consulting-level knowledge and expertise for the Information Assurance (IA) division, which includes development and enforcement of cybersecurity policies & standards, cybersecurity risk management activities, information technology (IT) and operational technology (OT) compliance, and secure integration of grid technologies and cloud services.

• Supports development of detailed plans and provides requirements for information systems' security controls and security monitoring solutions.

• Performs security control reviews to validate the security controls as designed are operating effectively.

• Develops policies, standards, and procedures to ensure that security controls are adequately designed.

ESSENTIAL FUNCTIONS:

• Performs cybersecurity assessments and provides security control requirements for IT and OT projects, including externally hosted applications and grid technology projects.

• Develops and manages programs and processes for privacy, e-discovery, security awareness training, digital forensics, patch management, vulnerability remediation, and other security and compliance programs.

• Supports detailed review and approval processing for various policies, processes, and procedures necessary to support the Company's cybersecurity security and compliance requirements.

• Ensures that adequate and proper internal controls, processes, practices, and standards are developed, maintained, and tested in order to meet the Company's policy and compliance requirements.

• Supports the business continuity planning, disaster recovery planning, and the Company's Cybersecurity Incident Management Team (CS-IMT), with occasional on-call support.

• Participates in Company emergency response activities as assigned, including any activities required to prepare for such emergency response.

Knowledge Requirements

• Computer networking concepts and protocols, and network security methodologies.

• Risk management processes (e.g., methods for assessing and mitigating risk).

• Cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)., + Conducting vulnerability scans and recognizing vulnerabilities in security systems.

• Assessing the robustness of security systems and designs.

• Detecting host and network-based intrusions via intrusion detection technologies (e.g., Snort).

• Mimicking threat behaviors., + Proven ability to analyze highly complex systems, demonstrating critical thinking skills, independent judgment, and the ability to work toward consensus in a complex business environment.

• Must demonstrate analytical skills and the ability to communicate effectively (oral and written) and work with a variety of individuals throughout the organization including managers and executives.

• Ability to operate autonomously with only general direction and guidance.

Experience Requirements

• Advanced (7-10 years) analysis and/or leadership experience in a multi-level service or consulting organization, preferably in an information technology, application security, network security or quality assurance capacity. Information security experience is required.

• One or more of the following certifications (others will be considered):

• Certified Information Systems Security Professional (CISSP)

• Certified Information Security Manager (CISM)

• Certified Information Security Auditor (CISA)

• GIAC Security Leadership (GSLC)

• Certified Cloud Security Professional (CCSP)

• Security

• • Systems Security Certified Professional (SSCP)

Role:Professional

We recognize our competitive advantage -- our people. We believe in our people, who share our vision of meeting the needs of our employees, customers, and communities and who carry out the continued success of the company.

Our employees are committed to the company's foundational values: integrity, excellence, teamwork, environmental stewardship, and community commitment. In turn, we invest in our employees, providing opportunities for challenge and advancement and offering a competitive compensation package.

Posting End Date: This position will remain open until filled. Early applications are highly encouraged.

The P EJ INFORMATION ASSURANCE Department of the P INFORMATION ASSURANCE Division at Hawaiian Electric Company has 1 Management vacancy available. (Role: Professional), Hawaiian Electric Companies provide electricity and services to 95 percent of the state's 1.4 million residents. The company is also one of the state's leading employers and a major contributor and supporter of community and educational programs., 1. Authorize the Hawaiian Electric Companies to confirm all statements contained in the application and/or any materials submitted and made a part of the application as they relate to the position and to the extent permitted by law; 2. Authorize and consent to, without reservation, the Hawaiian Electric Companies sharing any and all information regarding previous or present employment, educational training or personal information from their records and from any other source with the hiring department or subsidiary company; 3. Release, discharge, and hold harmless, Hawaiian Electric Companies, from any and all liability for any damage which may be claimed as a result of furnishing such information to the hiring department or subsidiary company; 4. Authorizes release and transfer of all personnel records to be maintained by the hiring company in the event of an inter-company transfer; and 5. Authorize, direct, and consent to Hawaiian Electric Companies and/or its authorized agents to conduct investigations into candidates' background. These investigations may include, but are not limited to searches for information about applicants; record of criminal convictions to the extent permitted by law, education records, professional certifications, personal character references, and employment history. EEO StatementHawaiian Electric Companies is an equal opportunity employer, including disability and protected veteran status. Hawaiian Electric Companies complies with all applicable laws, including Title I of the Americans with Disabilities Act. Any request for reasonable accommodation needed during the application process should be communicated by the candidate to the HR Service Center at (808) 543-4848. Affiliate Disclaimer Hawaiian Electric Company, Inc., Maui Electric Company, and Hawaii Electric Light ("Company") are Hawaii Public Utilities Commission ("PUC") regulated companies. The disclosure relating to Affiliate Transaction Requirements that follows is made pursuant to the PUC's Decision and Order No. 35962, issued on December 19, 2018, and subsequently modified by Order No. 36112, issued on January 24, 2019 in Docket No. 2018-0065. By submitting your application, you understand and acknowledge that, if you are hired by the Company and subsequently transferred, assigned or otherwise employed by an Affiliate, said Affiliate will be required to make a one-time payment to the Company in an amount up to twenty-five percent (25%) of your base annual compensation. In addition, if you are hired by the Company and subsequently transferred, assigned or otherwise employed by an Affiliate or an Affiliate-Related Entity, for a period of one year, you cannot appear in negotiations or otherwise interact directly with the Company or work on the same matter that you worked on while with the Company. Affiliate is defined as "any person or entity that possesses an 'affiliate interest' in a utility as defined by section 269-19.5, Hawaii Revised Statutes ("HRS"), including a utility's parent holding company, except as otherwise provided by HRS section 269-19.5(h)." Affiliate-Related Entity is defined as "a third party that provides electricity-related services in a regulated utility's service territory that has a material financial, operational, or ownership interest with an unregulated affiliate of the utility and of whom the utility has reasonable knowledge." For a current list of all Affiliates and Affiliate-Related Entities, please see: https://www.hawaiianelectric.com/about-us/key-performance-metrics/financial/affiliate-transactions This list may be amended, updated or revised from time to time without notice. Nearest Major Market:HonoluluNearest Secondary Market:Hawaii