Returning Candidate?

Info Security Analyst Sr

Info Security Analyst Sr

# Positions 

More information about this job

General Overview

At a senior level, maintains and operates a variety of security measures and software that monitors and controls access to system resources.  Provides support to the end-user community and ensures they have up-to-date protection from spam, viruses and firewall threats.  Tests and recommends security measures to reduce and mitigate risk.  Provides reports and other information related to information security issues as requested by management and human resources.  Performs evaluation and analysis of security applications and systems and makes recommendations to management.  Recommends best practices to ensure system security across the enterprise.  Monitors security alerts on internet and determines whether reported threats could impact LCRA information or telecommunication systems.  Reviews system generated logs for anomalies.  Provides documentation, deployment, review and maintenance of information security policies, standards, guidelines and procedures.  Provides technical consulting to other groups within LCRA on security requirements.  Implements and ensures technical security compliance solutions for NERC, PCI, FBI CJIS and other regulatory requirements.  Participates in the planning and implementation of security technology projects.  Provides business continuity/disaster recovery and risk analysis expertise.  Performs investigations in response to IT and telecom security events, physical security investigations and human resources investigations.  This position utilizes in-depth knowledge of best practices and experience in own discipline to provide and improve services.  Takes a new perspective to solve complex problems.  Works independently and receives minimal guidance.  Acts as a resource for colleagues with less experience; may direct the work of other staff members.

  • Performs risk assessments and recommends security measures.
  • Monitors security systems for possible intrusion.
  • Interacts with end users concerning virus, spam, and any other information security issues.
  • Reviews and creates audit reports on user and system activities.
  • Tests security measures to reduce and mitigate risk.
  • Actively probes the network for new threats and risks.
  • Monitors security alerts on internet and determines whether reported threats could impact LCRA information or telecommunication systems.
  • Provides technical consulting to other groups on security requirements.  Implements and ensures technical security compliance solutions for NERC, PCI, FBI CJIS and other regulatory requirements.
  • Creates and delivers security training materials and classes for asset owners, software developers and system administrators.
  • Provides oversight regarding compliance with security regulations, standards and laws.
  • Performs work by traveling independently or with a small team to various locations (substations, power plants, water systems, etc.) as scheduled.
  • For incumbents performing as a Cyber Security Coordinator (CSC) – A CSC is responsible for the following:  working with the NERC Compliance Department and Information Security Office to ensure that the necessary processes and procedures applicable to each NERC CIP system are developed and implemented within their respective group; reviewing projects relating to the NERC CIP systems which may have a regulatory impact, and making sure the drawings and documents for that system are updated and stored as required;  coordinating NERC compliance implementation, communication, and ensuring that users of the respective systems have the necessary training; continually monitoring implementation efforts and reporting potential violations to the NERC Compliance Manager and respective management; communicating with the Information Security Manager concerning cyber security concerns or actual incidents; and maintaining documentation of objective evidence, including Reliability Standard Audit Worksheets (RSAWs) to demonstrate NERC CIP regulatory compliance.

This general overview only includes essential functions of the job and does not imply that these are the only duties to be performed by the employee occupying this position.  Employees will be required to follow any other job-related instruction and to perform any other job-related duties requested by supervisor or management.

Minimum Qualifications

Nine or more years of experience in information systems security.  A degree(s) in information technology, computer science or relevant field may be substituted per LCRA guidelines for certain years of experience.


Driver’s license