Senior Information Security Analyst

As an S&C Electric team member, you’ll work on projects that have real-world impact. You’ll help transform the grid for resilient and reliable power worldwide. S&C has more than a 100-year history of innovation and has been 100% employee-owned since 2012. We continue this legacy as a trusted, forward-thinking leader in the electrical industry. You will advance a safer, more reliable, and more resilient electrical grid. Our products help the grid adapt to severe weather and transition to clean energy. We’re big enough to be a respected industry leader but small enough for you to impact our company directly. Our commitment gives you opportunities to impact on and off the job positively. 

Join S&C to make an impact on tomorrow’s energy challenges and become an employee-owner!

Hours 

• 8:00 am – 5:00 pm (Mon-Fri) Remote

Compensation

At S&C, we are dedicated to providing competitive and equitable compensation for all our team members, and we are committed to transparency in our pay practices. The estimated annual base salary range for this position is $103,400 - $136,952. Individual pay within this salary range is determined by several compensable factors, including performance, knowledge, job-related skills and experience, and relevant education or training. This role is also eligible for S&C’s annual incentive plan (AIP), subject to eligibility criteria. 

Join Our Team as a Senior Information Security Analyst!

The Information Technology team is responsible for designing, implementing, and maintaining a robust technology infrastructure to support the organization’s operations. Through improving cybersecurity and troubleshooting technical issues to driving innovation through cutting-edge solutions, the IT team ensures seamless connectivity, data security, and optimal functionality, empowering the company with a reliable and efficient digital ecosystem aligned with strategic goals.   

The Senior Information Security Analyst is responsible for ensuring that information security processes and controls for managing risks are implemented effectively and conform to ISO/IEC 27001:2022 and other applicable standards and regulations. This role requires in-depth knowledge of information security, data privacy, and supply chain functions and ensures organizational alignment with applicable information security policies, regulatory standards, and best practices. The Senior Information Security Analyst is responsible for conducting key activities in support of the operationalization and maturation of Information Security Management System (ISMS) processes through cross-functional efforts, including risk assessments, maintaining an inventory of information assets, participating in audits as a subject matter expert, performing vendor and supplier assessments, responding to customer security questionnaires, and maintaining governance documents and implementation records. 

Key Responsibilities:

• Support the continuous improvement and monitoring of the Information Security Management System (ISMS) across the organization, including third-party suppliers.  

• Ensure that security measures are fully integrated, operational, and compliant with applicable regulations and standards. 
• Assist in the planning, preparation, and execution of compliance audits. 
• Ensure implementation of ISMS documentation and technology platform, such that all assigned security policies, procedures, and processes are accurately maintained, automated, and streamlined reducing manual intervention and improving efficiency. 
• Integrate experience and insights into actionable ideas or solutions to manage information risk and advise cross-functional teams, third-party vendors, and other stakeholders.  
• Assist in maintaining an accurate and up-to-date information asset inventory process, ensuring the completeness and accuracy of assets.  
• Perform regular asset-based and scenario-based risk assessments to identify vulnerabilities and risks associated with assets and inclusion in the risk register. 
• Identify, assess, and track treatment plans for information security and privacy-related risks and nonconformities for their severity, potential impacts, and their probability of recurrence. 
• Coordinate and communicate updates to process, policies, and procedures based on the treatment of risks and nonconformities. 
• Assist in completion and maturation of supply chain risk management activities and administer associated technology platforms to ensure conformance with the standard and compliance with legal, regulatory, and contractual requirements. Activities include, but are not limited to, tracking third-party security scores and working with third-parties and internal functions to improve their security scores, performing contract reviews, and completing customer questionnaires while managing improvement to security processes reflected in responses. 
• Support the development and monitoring of Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) for the ISMS.  
• Collect, analyze, and summarize relevant data to be reported to leadership, helping drive strategic security initiatives and ensuring ongoing compliance with regulatory and customer requirements. 
• Stay up-to-date on emerging regulations, customer requirements, and best practices, ensuring that the ISMS evolves, as necessary. Ensure stakeholders are informed on how to address changing compliance environments, including privacy regulations (e.g., GDPR, CCPA, and other relevant U.S. state laws). 
• Mentor and coach lower-level information security analysts. Review their work for quality, consistency, and alignment with ISMS standards.  
• Understand and comply with all applicable Company policies and rules. 

What you’ll Need To Succeed:

• Bachelor’s degree in Business Information Systems, Computer Science, Computer Engineering, Business, or equivalent experience

• 5+ years of direct experience in information security governance, compliance, and risk management, with prior experience in other IT or cyber security roles. 
• Working knowledge of information security-related frameworks and standards, including ISO/IEC 27001:2022 Information Security Management and additional frameworks including NIST 800-53, NIST 800-171, IEC 62443, NERC CIP, and CMMC.  
• Experience with Governance, Risk, and Compliance (GRC) tools. 
• Strong customer service orientation with the ability to take initiative in pursuit of improved service. 
• Excellent communication skills (written, verbal, listening, and presentation); able to liaise effectively with internal and external stakeholders to support decision making and achieve desired results and influence others towards conformance with the ISMS. 
• Ability to independently collaborate with team members, subject matter experts, cross-functional teams, and stakeholders. 
• Strong analytical skills, especially related to security governance, strategic planning, problem resolution, and change management. Ability to use technical acumen and analytical skills to analyze data and drive informed decisions, problem-solve issues, and leverage data and learnings to drive continuous improvement. 
• Excellent organizational skills with ability to prioritize tasks and meet targets. 
• Embraces change and has the ability to coach junior team members through change and ambiguity. 
• Proficient with Microsoft business applications (Teams, SharePoint, Office applications, etc). Experience developing process workflow diagrams using Visio or an equivalent tool. 
• Ability to travel as required. 

Preferred:

• Security+ CE certification or equivalent.
• ISO/IEC 27001:2022 Lead Implementer or Auditor certification or equivalent.
• Certified Information Systems Security Professional (CISSP) or equivalent.
• Certified Information Privacy Manager (CIPM) or Professional (CIPP).
• Familiarity with relevant privacy regulations, including the California Consumer Protection Act (CCPA), other U.S. State privacy laws, the European Union’s General Data Protection Regulation (GDPR), and other international privacy regulations. 
• Experience with implementing, managing, or utilizing tools for managing information protection, insider risk management, and/or data loss prevention (DLP).  

S&C Electric is committed to equal-opportunity employment. All employees and applicants will be considered without regard to age, color, disability, gender, national origin, race, religion, sexual orientation, gender identity, protected veteran status, or any other classification protected by federal, state, or local law. If you are an individual with a disability and need an accommodation to complete the application, please email us at TAsupport@sandc.com. 

No fixed deadline
#LI-BB1