The Security System Administrator is responsible for IT security and compliance controls
assessment, testing and documenting IT security control and compliance requirements (e.g.
FISMA/NIST/NERC). The candidate should possess an understanding of security controls,
policies and standards in regards to network, distributed computing concepts, firewalls,
active directory, and server virtualization. This is accomplished by working with the
Supervisor of IT Security Systems to understand the scope of services to be provided and
assessing the impact they will have on the technical infrastructure.
Description of Role:
- Assists in the execution of information security control reviews to evaluate IT processes
compliance with published policies and standards;
- Assists with IT security and compliance controls assessment, testing and documenting IT security control and compliance requirements (e.g., FISMA/NIST/NERC); prepares summaries and reports findings as needed;
- Reviews assessment and test results with appropriate management and provides
- Monitors corrective action plans and compliance metric reporting;
- Participates in information security policy development in collaboration with business
partners and management;
- Produces monthly security awareness training in LMS, instruction and guidance to IT workforce members and staff members; contributes to ensuring that the tools used by the IT team are properly deployed, configured and maintained;
- Provides assistance to other teams when requested; completes other tasks or project work
- Bachelor’s degree or equivalent in Computer Science or other computer-related
field of study;
- Minimum of 2 years of experience in IT systems, IT compliance, IT audit,
and/or information risk assessments;
- CISSP or CISA certification;
- Ability to work independently and on a team in a fast-paced, deadline-driven environment; strong attention to detail;
- Excellent communication skills, both written and oral.
- Preferred: Experience with Nessus and/or other vulnerability scanners, NERC-CIP
experience, experience with remediating vulnerabilities.
- Ability to retrieve data from computerized, typed and written sources.
- Ability to effectively communicate orally or in writing project recommendations with internal teams and external agencies.
- Occasional walking, climbing over various terrains to inspect construction sites, facilities, etc. Moderate stooping, crouching