Reference Number:1486
Department:Technology
Apply early as this job may be filled at any time
If you wish to solicit an employee referral for this position, please ensure the employee submits the referral prior to submitting your application.
Are you looking for a Tech position where you can really make a difference for the Company? Here is your opportunity to ensure we do it right! This position is your chance to provide solutions to business stakeholders through consultation and expertise in cyber security best practices, standard IT control frameworks, and Company policies. This position ensures that the Company's technology initiatives comply with all relevant and applicable information security and privacy standards, federal and state regulations, and industry best practices.
As a member of the Information Assurance team, you will have the opportunity to grow your Cyber Security knowledge while using your current skills to improve the overall Cyber Security posture of Union Pacific. Team members perform red team testing; vulnerability assessments; forensics; administer a breadth of industry-leading security products; provide authentication and authorization services; collaborate with team members to identify, analyze and mitigate cyber threats; and consult with other IT and business teams to provide secure technology solutions for the Company.
The mission of the Information Assurance group is to ensure the confidentiality, integrity, and availability of Union Pacific's computing resources, as well as, providing a reliable and scalable security infrastructure. Team members are given the autonomy to explore new and creative solutions to securing the information technology landscape of Union Pacific.
* Align and maintain the Company's cyber security policies and standards to industry compliance frameworks, such as CIS and NIST CSF
* Conduct cyber security gap analysis assessments against industry standards, applicable regulations, and best practices
* Work collaboratively with Business and Tech teams to assess functional and security requirements for 3rd party service solution providers
* Manage multiple deliverables and timelines across teams to ensure quality, on-time product deliveries
* Consult with other IT teams on secure implementation procedures for the Company's computing environments
* Lead and execute compliance audits and remediation projects within established control areas
* Implement technologies and automation processes to enhance the Company's security posture based on threats, attack vectors, and vulnerabilities
* Assist in assessing, measuring, evaluating, and improving the Company's readiness to deal with cyber security and compliance risks
* Identify and evaluate: 1) business and technology risks, 2) internal controls which mitigate risks, and 3) methods and technologies to improve the internal control environment
* A Bachelor or Master's Degree in Cyber Security, Information Assurance, Computer Science, Management Information Systems, or related field, or a minimum of 6 years of recent CIS or NIST Framework Consulting experience may be taken into account in lieu of a degree.
* Excellent written and dynamic verbal communication skills
* Experience implementing or assessing cyber security programs against the CIS or NIST CSF framework
* Demonstrated understanding of industry standards (NIST 800-53, ISO 27002), control objectives, cyber threats and vulnerabilities
* Solid analytical and technical skills
* Must be flexible and able to handle stressful situations in a professional manner
* Demonstrated ability to work under minimal supervision
* High degree of self-motivation, commitment and integrity
* Ability to work well with others and as a member of a team
* Recent experience in Windows or Linux system or security administration
* Recent experience in evaluating or completing a SOC 2 Type 2 certification for an enterprise
* 2+ years recent experience with one or more scripting languages: perl, python, PowerShell
* Compliance and operational experience in information security
* Demonstrated experience in creating or conducting security awareness training for a large enterprise
* Experience creating scripts to analyze data and automate processes
* Experience in data classification and sensitive information handling procedures
What we offer: