Cyber Security Advisor

• Security Monitoring and Incident Response:
  • Continuously monitor the organization’s IT infrastructure for security breaches and vulnerabilities.
  • Respond promptly to security incidents, conduct thorough investigations, and implement corrective actions.
  • Maintain an incident response plan and conduct regular drills to ensure readiness.
• Compliance and Standards Management:
  • Ensure compliance with Transportation Security Administration (TSA) regulations and pipeline security standards.
  • Stay updated with the latest TSA and other relevant regulations to ensure ongoing compliance.
  • Prepare and manage security documentation and reports for regulatory bodies.
• Risk Assessment and Management:
  • Conduct regular risk assessments to identify potential security threats and vulnerabilities.
  • Develop and implement risk mitigation strategies to address identified risks.
  • Collaborate with other departments to ensure a comprehensive approach to risk management.
• Security Policies and Procedures:
  • Develop, implement, and maintain security policies, procedures, and best practices.
  • Ensure that security policies are communicated effectively across the organization and adhered to by all employees.
  • Regularly review and update security policies to reflect changes in the regulatory environment and emerging threats.
• Security Awareness and Training:
  • Develop and conduct security awareness training programs for employees.
  • Promote a culture of security awareness and ensure employees understand their roles and responsibilities in protecting the company’s assets.
  • Provide guidance and support to employees on security-related issues.
• Technology Implementation and Management:
  • Evaluate and implement security technologies to enhance the organization’s security posture.
  • Manage and maintain security tools and systems, including firewalls, intrusion detection systems, and antivirus software.
  • Ensure that all security systems are updated and patched regularly.
• Collaboration and Communication:
  • Work closely with IT and other departments to ensure alignment of security measures with business objectives.
  • Communicate security issues and recommendations to senior management in a clear and concise manner.
  • Collaborate with external partners and regulatory bodies to ensure compliance and address security concerns.
• Cybersecurity Compliance Specifics:
  • Develop and maintain a TSA-approved Cybersecurity Implementation Plan detailing the cybersecurity measures in place.
  • Establish network segmentation policies to ensure operational continuity in case of IT system compromises.
  • Implement access control measures to secure critical cyber systems.
  • Develop continuous monitoring and detection policies to identify and mitigate cybersecurity threats.
  • Ensure timely application of security patches and updates to minimize exploitation risks.
  • Submit an annual Cybersecurity Assessment Plan to TSA, report assessment results, and ensure regular testing and auditing of cybersecurity measures.
  • Develop and test Cybersecurity Incident Response Plan (CIRP) objectives annually.
• Other Duties as Assigned by Management

• 5 years minimum of experience in a cybersecurity role, preferably in the energy or pipeline industry.
• Proven experience in implementing and managing security measures in compliance with TSA and pipeline regulations.
• Strong knowledge of cybersecurity principles, practices, and technologies.
• Experience with cyber security incident investigations and log reviews.
• Excellent analytical and problem-solving skills.
• Strong understanding of regulatory requirements and standards related to cybersecurity.
• Ability to respond to security incidents calmly and effectively.
• Excellent communication and interpersonal skills.
• Ability to work independently and as part of a team.
• Detail-oriented with a strong commitment to maintaining high standards of security.

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.

• Relevant certifications such as CISSP from ISC2 or, CISA from ISACA, or GSEC from GIAC are highly desirable.

About Us