GRC Cybersecurity Analyst

Job Type:

Plains is an industry-leading transportation and midstream provider specializing in transportation storage processing and marketing solutions for crude oil. We own an extensive network of pipeline transportation terminalling storage and gathering assets in key oil producing basins and transportation corridors and at major market hubs in the United States and Canada. The company is headquartered in Houston Texas.

Were on the lookout for passionate selfstarters who thrive in fastmoving collaborative and innovative environments.

Job Purpose/Summary:

The Analyst Risk and Compliance will actively support continuous system and enterprise risk analysis auditing and risk mitigation follow-up to ensure expected compliance with executive management expectations across Plains. This role will work directly with the Manager of Risk and Compliance to implement continuous improvement programs enforcing data protection software and system security and compliance with standards and regulations such as SOX NIST TSA DHS DOE CCPA and Data Privacy. Additionally this role will work closely with various Internal and External audit teams and is expected to directly support audits where feasible in order to reduce the need for outside resources.

This position will assist the Manager of Risk and Compliance in preparing meaningful reports metrics and implements and other information essential to senior management and insight regarding the effectiveness of Plains IS cyber security platform. Additionally this individual is expected to understand the technical aspects of network topologies (including firewall configurations) IDS/IPS strategies cyber threat awareness and assessments (including zero day) network administration (including MS Linux Mainframe cloud etc.) and cyber incident management.

The selected candidate will be eligible for company benefits including Medical Dental Vision Paid Time Off (PTO) and Free Parking.

Job Responsibilities:

• Understand and document IT processes risks and internal controls;

• Participate on SOX Information and Operational IS Audits to evaluate and test controls;

• Perform audit administration execution and wrap-up responsibilities in accordance with established guidelines; and

• Communicate audit status and results to management personnel.

• Monitor remediation completion

• Evaluate new and emerging cyber threats and assess their impact to the organization.

• Assist in identifying and mitigating emerging cyber threats.

• Develop and host cyber security drills for various Information (IS) Operational (OT) and organizational teams/departments.

• Assist in gathering and reporting on information related to the Information Operation and organization current cyber security environment.

• Provide cyber security input to all teams and influence the design implementation and management of Plains infrastructure as it pertains to security.

• Work in a team environment requiring interaction with other security analysts system/network/database administrators software developers and managers in identifying security requirements specifications and project planning activities

• Review and update security training material Plains Web content memos and awareness notifications and conduct training sessions for the organization

• Interfaces with the Plains user community to understand their security needs and implements procedures to accommodate them

• Provides management and supervisor with daily status reports

• Review cloud vendor SSAE 18 SOC 1 & 2 and ISO 27001 audit reports for risk review

Knowledge Skills and Experience Required:

• Bachelors Degree in Computer Science Information Systems Engineering or other related field.

• A minimum of 2 years experience in a combination of risk management information systems audit information security for IS or OT environments.

• A minimum of 2 years experience in a combination of network database systems administration for and IS or OT environments.

• Knowledge of security standards: NIST TSA DHS DOE COBIT CSF ISO 27001

• An understanding of pertinent information security regulations (e.g. SOX PCI Financial regulations HIPAA CCPA Data Privacy).

• Excellent interpersonal communication and presentation skills including formal report writing experience

• Experience implementing a risk-based approach to review and monitor third-party/ vendor security practices and compliance with contractual obligations.

• Ability to adapt and adjust planned work through analyzing work demands competing priorities and tight deadlines; to understand the most effective and efficient means to accomplish tasks within the parameters of the organizational structure processes systems and policies.

• Ability to develop and maintain positive business relationships and foster an environment of mutual respect understanding and trust.

• Knowledgeable in secure coding practices (including web-based applications)

• Exposure to the following:

  • Windows 2016/2019 Server / Active Directory

  • Windows 10 Workstation

  • MS Office products

  • Microsoft SQL and Oracle database and applications

  • HP Unix and Redhat Linux

  • Tenable Nessus Nexpose Wireshark Kali

  • z/OS ACF2

  • IPS/IDS

  • Cisco - switches routers and firewalls

  • Palo Alto Network firewalls

  • Ethernet and TCP/IP environment protocols

  • Quest Change Auditor/Tripwire TE

  • Hosted/SaaS/Cloud Computing

  • Server and Security administration tools

  • Excellent written and oral communication skills

• Cleared criminal history (background) and satisfactory reference checks

• Compliance with the Companys drug and alcohol policy including pre-employment D&A testing.

• This position is not eligible for employment-based visa sponsorship. Applicants must be authorized to work in the U.S. for the duration of their employment

Preferred:

• Master degree in computer Science Information Systems Engineering Business Administration or other related field.

• Big 4 audit experience.

• IS Auditing Certification (e.g. Certified Information System Auditor (CISA)) risk and information systems (e.g. Certified in Risk and Information Systems Control (CRISC) or accounting professional designation (e.g. CPA).

• Solid understanding of network and system administration; CCNA or higher is a plus.

• Experience working with MS PowerShell Python and VB.

#Plains

At Plains our employees are our most valuable asset. Hard work is rewarded with competitive compensation and a top-tier benefits program designed to keep our employees safe healthy and happy. We work hard to deliver the best results to our stakeholders and we also respect our employees need for personal and family time which is reflected in our benefits program.

We are proud to bean Equal Opportunity Employer. We are committed to providing employment opportunities to all qualified individuals without regard to age race color national or ethnic origin religion sex sexual orientation gender identity or expression veteran status genetic information disability or any other characteristic protected by federal state or local with disabilities can request accessible formats communication supports or other accessibility assistance by contacting .

Salary details estimated by job boards such as Indeed Glassdoor and LinkedIn do not represent Plains compensation structure. We thank all candidates for their interest; however only those selected for an interview will be contacted.

By submitting your resume you consent to the collection use and necessary disclosure of the personal information provided during the application and selection process. Learn more.