Data Security Specialist

Job Summary

This position is an experienced, senior level, hands-on technical lead, performing IT security functions and maintaining systems, while providing technical guidance to the team. Protects PSEG’s sensitive data to reduce the risk of data exfiltration and misuse. This engineering resource collaborates with Cyber Governance & risk to integrate technical data protection mechanisms. This individual ensures data security best practices and organizational objectives are aligned and implements a controls to continuous monitor and improve elements such as data classification, data protection, data encryption (at rest & in motion).

Job Responsibilities

Responsibilities include:
•    Coordinate with stakeholders to develop a data protection roadmap to ensure sufficient technical controls to secure PSEG’s data 
•    Implement defined data security requirements and specifications 
•    Implement and improve data monitoring capabilities as part of a data security program to improve visibility and protect PSEG LI’s data from malicious attacks
•    Apply cybersecurity functions (e.g., encryption, access control, and identity management) to reduce exploitation opportunities on PSEG’s Data
•    Actively detect and prevent unauthorized egress of PSEG data
•    Improve technology to automate and improve data security capabilities
•    Support the development and maintenance of data security technologies 
•    Ensure technical controls allow for appropriate data security capabilities including classification, discovery, and business functions to secure all data at rest and in transit
 

Job Specific Qualifications

Required Qualifications:
•    Bachelors degree and 6 years of relevant cyber security experience
•    In lieu of a degree 10 years of cyber experience
•    Experience managing information security technologies such as IDS/IPS, SIEM, endpoint detection & response, DLP, data encryption, proxies, and network access control, as well as security policies and procedures, and incident response.
•    Demonstrated strong understanding of encryption protocols, including TLS 1.3
•    Demonstrated strong familiarity with data privacy and relevant regulations, standards, and guidelines, such as GDPR, CCPA, ISO 27001, NIST CSF, and other industry-specific regulations
•    Technical experience includes: information / data / network / computer security design, administration and/or assessment.
•    Broad knowledge of information systems including Windows security, network security, systems development, communication networks, security software/hardware and operating systems.
•    Experience providing technical expertise and support to clients, IT management and staff in cybersecurity threat risk assessments, development, testing and the implementation and operation of appropriate information security plans, procedures, and control techniques designed to prevent, minimize or quickly recover from cyber-attacks or other serious events.
•    
•    Demonstrated ability to follow cyber security news and alerts in order to understand complex attack vectors and risks including the ability to identify and evaluate emergent cyber security threats and vulnerabilities. 
•    
•    Experience designing process flows to be implemented in security automation tools to automatically respond to threats quickly and effectively.
•    Ability to review complex architecture design diagrams and documents for new technologies and changes to existing technologies to determine risks and provide recommendations and mitigations.
•    Must be able to work independently with little or no supervision.
•    Experience working in a team environment, with experience teaching and learning from other team members.
•    Ability to foster working relationships with the team, IT Management and Client departments.
•    Ability to explain technical concepts to the business users in the context of business requirements.

•    Demonstrated ability to communicate effectively with both technical and non-technical individuals.

Desired Qualifications:
•    ISC2 Certified Information Systems Security Professional (CISSP) or equivalent
•    Programming Experience in Python
 

Minimum Years of Experience

Education

Certifications

Disclaimer

Certain positions at the Company may require you to have access to Part 810-Controlled Information.  Under the law, the Company is limited in who it can share this information with and in certain circumstances it is necessary to obtain specific authorization before the Company can share this information.  Accordingly, if the position does require access to this information, you must complete a 10 CFR Part 810 Export Control Compliance Nationality Request Form, a copy of which will be provided to you by Talent Acquisition if an offer is made.  If there is a need for specific authorization, due to the time it takes to obtain authorization from the government, we will likely not be able to further proceed with an offer.