CYBERSECURITY RISK ANALYST - SENIOR

Description

Leads the support of the organization's cybersecurity framework, including policy, standards and baselines. Understands and applies appropriate handling of risk and compliance from internal and external perspectives to assure that existing and new technology solutions meet the organization's cybersecurity risk requirements.

Understands and applies Cummins cybersecurity policies and industry data privacy principles.

Leads cybersecurity risk identification utilizing identified Cummins risk management frameworks while providing guidance to the team to evaluate severity and mitigation plans.

Coaches and develops less experienced team members.

Understands and applies frameworks and standards (eg NIST, ISO, ITIL, Cobit) in a manner specific to Cummins processes and controls.

Provides cybersecurity technical expertise for technology solutions.

Collaborates with stakeholders on requests for new and changing technology solutions, acting as a trusted business partner and advisor.

Qualifications

Skills

Regulatory Risk Compliance Management - Evaluates the design and effectiveness of controls against established industry frameworks and regulations to assess adherence with legal/regulatory requirements.

Cybersecurity Risk Management - Identifies and assesses the potential impact of Cybersecurity risks against established Cybersecurity industry frameworks, regulations and organizational policies to develop and implement risk mitigation strategies in alignment with business objectives.

Action oriented - Taking on new opportunities and tough challenges with a sense of urgency, high energy, and enthusiasm.

Ensures accountability - Holding self and others accountable to meet commitments.

Training Delivery - Instructs learners in a manner that engages and adjusts to individual and group needs resulting in knowledge, skills and abilities that can be applied on the job.

Business insight - Applying knowledge of business and the marketplace to advance the organization’s goals.

Tech savvy - Anticipating and adopting innovations in business-building digital and technology applications.

Manages complexity - Making sense of complex, high quantity, and sometimes contradictory information to effectively solve problems.

Balances stakeholders - Anticipating and balancing the needs of multiple stakeholders.

Resourcefulness - Securing and deploying resources effectively and efficiently.

Organizational savvy - Maneuvering comfortably through complex policy, process, and people-related organizational dynamics.

Persuades - Using compelling arguments to gain the support and commitment of others.

Education, Licenses, Certifications

This position may require licensing for compliance with export controls or sanctions regulations.

Experience

Intermediate level of relevant work experience required. 3-5 years of experience

At least 5 years of experience in vulnerability management technical roles with a demonstrated experience leading cybersecurity vulnerability management efforts and technical solutions with engineers.Strong understanding of network topologies and how they affect vulnerability criticality and likelihood of impact and exploitation.Ability to execute work efforts timely and thoroughly while providing processes, procedure documentation, and training others.Strong working understanding of vulnerability management network scanning tools such as Qualys, Tenable and Rapid7 and remediation of vulnerabilities.Strong understanding of cybersecurity best practices and frameworks such as NIST, MITRE, and OWASP Work closely with infrastructure and application teams for on-prem and cloud assets to advise and assist in remediation of vulnerabilities within proper timeframes and track remediation and assist in incident response activities.Ability to manage vulnerability metrics and remediation-related dashboards and reports.Strong understanding of vulnerability criticality and ability to discuss patching or configuration solutions as well as mitigations with stakeholders.Ability to create vulnerability assessments and provide stakeholders with the information to enable them to effectively reduce risk and prioritize best approaches.Strong team player with ability to work harmoniously and cooperatively in a team environment.Position is hybrid but will need the ability to travel at a minimum of 10% to other Cummins locations when necessary

Job SYSTEMS/INFORMATION TECHNOLOGY

Primary Location United States-Indiana-Columbus-US, IN, Columbus, Corporate Office Building

Job Type Experienced - Exempt / Office

Recruitment Job Type Exempt - Experienced

Job Posting Apr 10, 2023, 10:19:56 AM

Unposting Date Ongoing

Organization Corporate

Role Category Hybrid - Potential for Partial Remote

Req ID: 230003LP