Information Security Specialist

NISC is an information technology organization that develops, implements and supports software and hardware solutions for our Members. We deliver advanced solutions, services and support to over 960 independent broadband companies, electric cooperatives and other public power entities. NISC is an industry leader, providing information technology solutions including financials, service, operations and marketing as well as many other supporting platforms and business services. With facilities in Mandan, North Dakota, Lake Saint Louis, Missouri, Cedar Rapids, Iowa, and Blacksburg, Virginia, NISC and its subsidiary employ nearly 1,400 professionals between the four locations and remotely throughout the United States. NISC has been ranked in ComputerWorld’s Best Places to Work for twenty-two years, and we are looking for qualified individuals to join our Team. 

Summary: 

This position will assist in executing information security operations at NISC, including but not limited to responding to and triaging alerts from a variety of information security platforms at NISC, such as alerts from NISC’s security operations center provider or NISC’s endpoint detection and response platforms. This position will also assist in vulnerability management, incident response, maintaining information security policies and procedures, and supporting and educating NISC employees on matters related to information security. This position will include a special focus on internally auditing NISC information systems against information security policies and procedures, as well as a special focus on NISC’s annual PCI DSS and SOC I Type II assessments. 

Work Schedule: 

• Hybrid (after an initial training period) from one of our office locations:  
  • Cedar Rapids, IA
  • Lake Saint Louis, MO
  • Mandan, ND
• Hybrid Schedule: Minimum of working 3 days per week in the office and ability to work up to all 5 days a week in the office, as needed
• Required Days from an Office Location: Tuesday and Wednesday - the third required day will be up to the candidate and their supervisor to choose  

Essential Duties:   

• Assist in maintaining the confidentiality, integrity, and availability of NISC’s information systems
• Assist in investigating and triaging alerts from NISC’s Security Operations Center (SOC) and Endpoint Detection and Response (EDR) platforms
• Perform internal audits of NISC information systems against NISC’s policies and procedures and against industry best practices.
• Assist in completing NISC’s annual PCI DSS and SOC assessments
• Assist in maintaining secure identity management practices at NISC, including but not limited to maintaining the principle of least privilege and regular reviews of NISC’s role-based access controls
• Follow up on monthly hunt reports that identify actionable findings from NISC’s managed detection and response partner
• Assist in NISC’s vulnerability management initiatives, including but not limited to vulnerability discovery, documenting and routing findings to teams for remediation, and monitoring industry sources (US-CERT, etc.) for new vulnerabilities
• Support NISC’s Internal IT teams in executing security initiatives and in supporting security solutions
• Serve as a frontline resource to other employees regarding information security
• Assist in responding to information security incidents that trigger NISC’s incident response plan. 
• Assist in delivering employee security education programs
• Perform work duties outside of regular business hours, on an as needed basis, to meet internal and/or customer needs. 
• Other duties as assigned. 
• Commitment to NISC’s Statement of Shared Values 

Knowledge, Skills & Abilities Preferred:  

• Intermediate level knowledge of IT-related security threats and best practice safeguards
• Intermediate level knowledge of principles related to information security auditing and information security compliance
• Intermediate level knowledge of PCI DSS compliance
• Basic level knowledge of information security technologies such as Endpoint Detection and Response (EDR)
• Basic level knowledge of information security operations such as alert triaging and vulnerability management
• Basic level knowledge of the setup and support of Linux and Microsoft Windows server and desktop operating systems
• Basic level knowledge of principles related to securing cloud infrastructure
• Basic level knowledge of network and firewall topology. 
• Basic level knowledge of business-related software applications and services. 
• Intermediate level knowledge of NISC’s business units that are responsible for NISC’s internal and hosted information systems
• Basic level knowledge of the Utility and Telecom industries. 
• Basic level knowledge of Project Management processes and theory
• Strong level verbal and written communication skills. 
• Intermediate level presentation and training skills. 
• Strong level telephone/email etiquette and an ability to deal effectively with internal and external customers. 
• Strong research and problem-solving skills with a strong attention to detail.  
• Intermediate level ability to organize and prioritize. 
• Ability to travel as often as necessary to meet the goals and objectives of the position.  
• Intermediate ability to demonstrate imitative and accountability  
• Intermediate level ability to troubleshoot.   

Education Preferred:  

Bachelor’s Degree in an information security-related field or equivalent experience.  

Other Qualifications/Certifications Preferred:  

CompTIA Security+ or equivalent certification, PCI DSS 

Minimum Physical Requirements:  

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this position. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the essential functions of this position, employees must be able to see and communicate.  Employees are regularly required to maintain a stationary position, move, and operate computer keyboards or office equipment.  

Disclaimer:  

Management may modify this job description by assigning or reassigning duties and responsibilities at any time.