POSITION SUMMARY:

THIS POSITION IS REMOTE. The ideal candidate for this position is a confirmed problem solver and integrator of people and processes and an effective internal consultant. As a risk assessor, the candidate must also possess demonstrated domain proficiencies in several IT-risk-related disciplines, including information technologies, security, business continuity management, privacy, and compliance.

This role will participate in risk assessment and mitigation activities. The Security Analyst will present Oil States International Security policies, procedures, and strategies to various Oil States International employees and executives. The IT Risk and Security Analyst will be responsible for implementing and maintaining the systems necessary to ensure the confidentiality, integrity, availability, and accountability of Oil States Industries, Inc. computer systems, networks, and information assets.

The IT Risk and Security Analyst investigates, responds to, and improves alerting for security-related events and incidents. They function reactively and proactively and help bolster security processes, procedures, and policies. Additionally, the analyst assists with routine audits and risk assessments and plays a key role in incident response situations. They find gaps, solve problems, thrive under pressure, and have an unrelenting drive to achieve and maintain optimal levels of security.

ESSENTIAL DUTIES AND RESPONSIBILITIES:

• Daily operations and support of IT Security Infrastructure for Oil States International (OSII).
• Participate in and lead various security projects.
• Contribute to the architectural design of the information security infrastructure and operations for Oil States International.
• Help to develop documentation for infrastructure and security environment.
• Work with vendors, consultants, and internal subject matter experts to ensure high-quality services that meet the needs of OSII.
• Participate and often lead security incident response efforts as required.
• Assist in and help maintain business unit compliance to NIST Cyber Security Framework and NIST 800.171 compliance.
• Support our Vendor Risk Program, assessing third-party risk.
• Leads remediation, categorization, organization, and prioritization of vulnerabilities found through vulnerability scanning and 3rd party penetration testing.
• Coordinate InfoSec meetings related to remediation of risks, audits, and vulnerabilities.
• Document and reports control failures and gaps to stakeholders. Provides remediation guidance and prepares management reports to track remediation activities.
• Performs IT risk assessments and risk management duties such as risk acceptance tracking.
• Provides the business with IT Risk and regulatory consulting.
• Creates and maintains policies, standards, procedures, and guidelines as it pertains to NIST CSF and NIST 800.171
• Stay current with trends in the information security community, including new vulnerabilities, methodologies, and products
• Work with both internal and external Audit to support any organization assessments.
• Additional responsibilities as required by supervisor.

QUALIFICATION REQUIREMENTS:

• 3+ years’ experience in an IT Security role.
• In-depth knowledge of Identity Management, Network Security, EDR, Intrusion Detection Software, SIEM, and Log Management.
• Basic working knowledge of Cloud security and associated technologies.
• Basic understanding of DLP.
• Experience with performing vulnerability scans, reviewing vulnerability scans, and managing remediation activities.
• Experience with vulnerability management systems.
• Has played a material role in an audit or certification process.
• Knowledgeable in an information security program's technical and business aspects, as demonstrated by applicable industry certifications, NIST 800.171, and the NIST CSF.
• Experience working with SSAE 16,18 reports.
• Experience building processes and programs.
• Must have excellent project management skills.
• Excellent understanding of excel, Power BI or other data reporting software.
• Possess excellent written and verbal communication skills.
• Single US citizenship and able to clear a background check.

PHYSICAL REQUIREMENTS:

• Ability to sit for prolonged periods while using a keyboard and computers.
• Must be able to lift or move objects of up to 10 pounds occasionally.
• Must have the good manual dexterity to perform daily tasks and operate computers or other standard office equipment.
• Occasional travel with a valid driver's license.

CULTURAL FIT:

• You stay up to date with new technologies and trending technology news.
• You are personally accountable for your work and love creating value for your users.
• You have a desire for the team to succeed above personal preferences.
• You have a passion to constantly learn and develop new skills.
• You can work with little to no supervision.