OUC - The Reliable One , an industry leader and the second largest municipal utility in Florida committed to serving the community and the environment, is presently seeking a Sr. Technical Risk Analyst to join the Office of General Counsel division.

We are looking for a Senior Technical Risk Analyst who demonstrates technical proficiency and a commitment to compliance. In this role, you will support the development, assessment and improvement of the technical security governance framework, risk management processes, and assurance/compliance evaluation protocols. You will engage in building knowledge repositories to effectively support security assurance & regulatory, statutory, contractual compliance based on current industry best practices. This role will evaluate current practices to assess risk metrics and recommends process and procedure improvements.

OUC’s mission is to provide exceptional value to our customers and community by delivering sustainable and reliable services and solutions.Click here (https://youtu.be/s_ZnGjX_Sas) to learn more about what we do.

The ideal candidate will have:

• Bachelor’s degree in Computer Science, Information Technology, Information Security, Computer Engineering, Security Assurance or other directly related field from an accredited university.

• Minimum of seven (7) years of experience in Information Technology assurance to include at least five (5) years working with IT management performing security assurance reviews and/or the application of Governance Risk and Assurance (GRC) standards.

• One (1) of the following certifications required. In lieu of the certification, additional three (3) years of directly related IT security experience may be substitutable.

• Certified Information Systems Auditor (CISA) or Certified Information Systems Manager (CISM)

• Certified Information Systems Security Professional (CISSP)

• Certified Security Plus (+)

• GIAC Security Essentials (Cyber Security Certification)

• GCCC (Critical Controls Certification)

• GSNA (Systems and Network Auditor)

OUC offers a very competitive compensation and benefits package. Our Total Rewards package includes, to cite a few:

• Competitive compensation

• Low-cost medical, dental, and vision benefits and paid life insurance premiums with no probationary period. Retirement benefits include a cash balance account with employer matching along with a health reimbursement account

• Paid vacation, holidays, and sick time

• Educational and Professional assistance programs; Paid Memberships in Professional Associations

• Access to workout facilities at each location

• Paid Conference and Training Opportunities

• Free downtown parking

• Hybrid work schedule

Click here to view our Benefits Summary. (https://www.ouc.com/docs/human-resources-documents/benefits_summary.pdf)

Salary Range: $112,000.00 to 140,000.00 yearly commensurate with experience.

Location: “The Greenest Building in Downtown”- Reliable Plaza (https://ouc.com/environment-community/reliable-plaza) , 100 W. Anderson St., Orlando, FL 32801

Please see below a complete Job description for this position.

Job Purpose:

Supports the development, assessment and improvement of the technical security governance framework, risk management processes, and assurance/compliance evaluation protocols. Engages in building knowledge repositories to effectively support security assurance & regulatory, statutory, contractual compliance based on current industry best practices. Evaluates current practices to assess risk metrics and recommends process and procedure improvements.

Primary Functions:

• Support the establishment and improvement a technical security governance program with policies and controls development and socialization to ensure the protection of OUC’s digital assets and technology.

• Identify, document, and report on security risk and control gaps to support alignment to OUC’s business needs along with prioritization of risk management initiatives.

• Develop with team and execute the Security Assurance and Compliance Monitoring and Testing Plan.Develop appropriate documentation to support Security Risk assurance and compliance activities.

• Support the creation of a repository of knowledge and tools to measure security risk, coordinate with the digital security team in the identification and mitigation of threats, and assist with the analysis and detection of unauthorized disclosure of confidential information for all clients including vendors, business units and employees.

• Partner with the department leadership, digital security and technical risk team on key tasks and projects, including performing risk assessments, advisory reviews, project assessments, 3rd party information, and other project reviews as identified across all aspects of OUC’s technology structure.

• Develop, implement, maintain, and socialize supporting security policies and the associated controls to establish a governance framework approach to security risk management;

• Coordinate with OUC leadership to align risk with business needs along with risk appetites and tolerance levels.

• Improve existing security risk management processes, tracking and reporting mechanisms to support data informed decision making by leadership.

• Develop and substantiate appropriate processes and documentation to support risk activities.

• Develop and deploy metrics to facilitate the ongoing assessment of the organization's security assurance and compliance maturity profile.

• Create and execute strategic and cyclical security assurance and compliance monitoring and testing plan.

• Partner with business units in creating and delivering communication around assurance and compliance monitoring and testing results.

• Develop metrics and reports to demonstrate compliance with regulatory/statutory/contractual obligations.

• Partner with the digital security awareness resources to develop, review and deliver educational, training or other materials to support organizational security awareness and compliance efforts.

• Support other Technical Security Risk roles with knowledge and process improvements and engage in information research and sharing for implementing best practices.

• Perform other duties as assigned.

Technical Requirements:

• Working knowledge of all, or most elements, of the following:

• Security frameworks, methodologies, policies, standards, and industry practices (CIS, NIST);

• Methods used to gain unauthorized access/control of technology systems;

• Best practices and security controls to harden of technology systems;

• Internal controls (i.e. principal of least privilege, proper segregation of duties);

• Familiarity with regulatory requirements such as Health Insurance Portability and Accountability Act (HIPAA), Florida Information Protection Act (FIPA), FTC FACTA Red Flags

• Technologies to include governance risk and compliance (GRC) systems, security information event management (SIEM), vulnerability management, and endpoint protection;

• Assurance and compliance demonstration procedures such as sampling and testing methods;

• Familiarity with all, but not limited to the following:

• Knowledge of IT functional areas;

• Operating Systems;

• Networking;

• Enterprise & Web Applications;

• Databases

• Industrial Technologies;

• System Administration;

• Related industry, organizational and departmental policies, practices, and procedures; legal guidelines, ordinances, and laws;

• Strong interviewing and inquiry skills;

• Ability to:

• Analyze and correlate security related information from disparate technologies;

• Summarizelarge amounts of data, and recognize complex patterns and anomalies;

• Employ statistical sampling methodology, define error rates and extend results to the population tested;

• Demonstrate superior organizational skills and documentation/reporting practices;

• Communicate (Verbal & Written) complex information to a wide range of stakeholders across all levels of the organization;

• Work effectively in a team environment;

• Use Microsoft Office Suite (Word, Excel, Outlook, etc.) and use standard office equipment (telephone, computer, copier, etc.);

Education/ Certification/ Years of Experience Requirements:

• Bachelor’s degree in Computer Science, Information Technology, Information Security, Computer Engineering, Security Assurance or other directly related field from an accredited university.

• Minimum of seven (7) years of experience in Information Technology assurance to include at least five (5) years working with IT management performing security assurance reviews and/or the application of Governance Risk and Assurance (GRC) standards.

• One (1) of the following certifications required. In lieu of the certification, additional three (3) years of directly related IT security experience may be substitutable.

• Certified Information Systems Auditor (CISA) or Certified Information Systems Manager (CISM)

• Certified Information Systems Security Professional (CISSP)

• Certified Security Plus (+)

• GIAC Security Essentials (Cyber Security Certification)

• GCCC (Critical Controls Certification)

• GSNA (Systems and Network Auditor)

Working Conditions:

This job may involve occasional exposure to some disagreeable elements (dust, heat, cold, noise, etc.) and accidents are improbable other than minor injuries.

Physical Requirements:

This job requires constant sitting. This job requires constant speaking, hearing, typing, reading and writing. This job requires site visits for. This job may require occasional standing and walking.

OUC–The Reliable One is an Equal Opportunity Employer who is committed through responsible management policies to recruit, hire, promote, train, transfer, compensate, and administer all other personnel actions without regard to race, color, ethnicity, national origin, age, religion, disability, marital status, gender, sexual orientation, gender identity or expression, genetic information and any other factor prohibited under applicable federal, state, and local civil rights laws, rules, and regulations.

EOE M/F/Vets/Disabled