Nrg It Cyber Security Specialist

The Cyber Security Specialist possesses a deep understanding of the NIST Cybersecurity Framework (CSF) and a proven track record of identifying, assessing, and mitigating vulnerabilities in accordance with the CSF's five core functions: Identify, Protect, Detect, Respond, and Recover. The Cybersecurity Specialist will play a pivotal role in implementing and maintaining all aspects of our cybersecurity program, ensuring the company's adherence to industry standards and best practices.

Responsibilities:

• Play a lead role in implementing all aspects of our cybersecurity program, ensuring compliance with industry standards and best practices. Oversee the continuous improvement of our cybersecurity posture through regular risk assessments, penetration testing, and vulnerability management activities.
• Conduct comprehensive vulnerability assessments and penetration testing to proactively identify and prioritize security risks, adhering to the CSF's Identify function.
• Implement and maintain robust cybersecurity controls to protect our networks, systems, and data, aligning with the CSF's Protect function.
• Investigate and respond to cybersecurity incidents promptly and effectively, following the CSF's Detect and Respond functions. This includes conducting thorough incident investigations, implementing containment and eradication measures.
• Document and maintain accurate records of cybersecurity activities, policies, and procedures. This includes maintaining up-to-date incident response plans, vulnerability management reports, and compliance documentation.
• Stay up to date on the latest cybersecurity threats and trends, continuously monitoring the evolving threat landscape and adapting our cybersecurity posture accordingly. This includes staying abreast of vulnerability disclosures, emerging attack methods, and evolving regulatory requirements.
• Collaborate with management to develop and implement cybersecurity strategies aligned with the company's overall risk management framework.
• Work closely with other IT and business teams to integrate cybersecurity into all aspects of our operations, ensuring that cybersecurity considerations are embedded throughout the organization's processes and decision-making.
• Develop and implement comprehensive cybersecurity awareness and training programs for employees, ensuring they understand their roles and responsibilities in cybersecurity and how to protect themselves and the company from cyber threats.

Qualifications:

• Bachelor's degree in Computer Science, Cybersecurity, or a related field
• 5+ years of experience in cybersecurity with demonstrated expertise in applying the NIST CSF and implementing comprehensive cybersecurity programs.
• Proven ability to identify, assess, and mitigate cybersecurity vulnerabilities using CSF-aligned methodologies and industry best practices.
• In-depth knowledge of cybersecurity principles, best practices, and standards, including the NIST CSF.
• Hands-on experience with relevant security tools and technologies.
• Excellent communication and interpersonal skills to foster collaboration, promote cybersecurity awareness, and effectively manage stakeholders, both technical and non-technical.
• Ability to work independently and as part of a team in a fast-paced environment, demonstrating strong leadership and project management skills.
• Proven ability to translate complex cybersecurity concepts into clear and concise terms for both technical and non-technical audiences.

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)