• Serve as an integral member of Honeywell’s supply chain security program as part of the onboarding security review process
• Review/reconcile supplier security intake responses submitted by Honeywell employees to confirm what is being requested and what access is required to company or customer resources 
• Review/confirm the applicable security requirements that will be shared with Honeywell’s suppliers
• Review responses from suppliers regarding compliance concerns with Honeywell security requirements
• Prepare risk assessment reviews and reports of supplier-provided material including assessment responses and system and organization controls (SOC) reports
• Become a subject matter expert (SME) in Honeywell’s security policies, standards and baselines applicable to its supply chain
• Follow processes and procedures to review and ensure adherence to established practice
• Reconcile and validate supplier security questionnaire responses
• Review/confirm advancement of applicable security controls
• Respond to internal and external questions regarding applicable security controls
• Maintain records for security exhibit negotiation (including emails and approved documents)
• Upload final documents, including correspondence, into the respective applications
• Work efficiently to ensure the optimal service utilization rate of services

Skills: Supply Chain Security, Supplier Review, Risk Assessment, Compliance Analysis, Policy Expertise, Security Controls, Documentation Management, Process Adherence

• Lead multifaceted security conversations
• Support ServiceNow’s Sales Teams in Pre- and Post-Sales efforts
• Answer security questionnaires
• Review and discuss security-related terms in contracts
• Respond to specific prospect and customer questions related to security
• Conduct security calls with customers
• Support ServiceNow partners on questions regarding security
• Present and evangelize on cloud adoption and assurance
• Contribute to the overall messaging and positioning of the ServiceNow Security Office
• Ensure the ServiceNow Customer Success team is supported
• Coordinate and manage end-to-end customer cloud security experience
• Actively participate in Security Industry forums, communities and standards organizations
• Investigate and understand cloud threats
• Work with internal teams to resolve security issues arising from investigations

Skills: Security Consulting, Sales Support, Contract Review, Customer Communication, Cloud Assurance, Threat Investigation, Partner Support, Industry Participation

• Security event monitoring using existing security tools
• Detecting and identifying security threats and providing thorough assessments
• Tuning of Security Information and Event Management (SIEM) rules for optimization
• Manage, administrate, and maintain security devices/appliances
• Communicating objective findings (written and oral) to both technical and business-oriented teams
• Taking a lead role in the project process to ensure Information Security aspects are considered upfront and throughout the project lifecycle
• Undertaking vulnerability and controlling penetration testing
• Overseeing daily security operational processes, acting as an escalation point
• Responding to and reporting on system alerts from various monitoring technologies
• Developing a thorough understanding of the business and supporting more junior members of the team
• Liaising with the business to ensure Information Security requirements within jurisdictions
• Creating technical documentation
• Taking an active role in audits
• Maintaining knowledge of developments in security technologies and their applications

Skills: Security Monitoring, Threat Detection, SIEM Tuning, Device Management, Vulnerability Testing, Incident Response, Technical Documentation, Security Audits

• Execute Risk Assessment Framework to assess key strategic/high-risk suppliers and drive risk mitigation efforts
• Conduct regular Risk Assessments/audits on key strategic/high-risk suppliers (including SOC2 Type2 review, Vulnerability scan reports, etc) and partner with stakeholders to drive issue/risk remediation to closure on time
• Monitor high-risk suppliers via tools and other mechanisms for risk exposure and impact
• Provide guidance and training on Hon IT and Security policies, standards and processes to suppliers or service managing suppliers
• Manage service level catalogue to be included in SOW/MSAs to outline Hon IT and Security policies, standards and processes and regulatory compliance requirements
• Conduct gap analysis ensuring contractual obligations alignment with Hon IT and Security policies, standards and processes (HON standard SLA’s) and regulatory compliance requirements
• Facilitate service owners and the IT Operations team in configuring SLAs/SLOs in Service Now ITSLM during supplier onboarding/offboarding and support SLA compliance reporting
• Ensure standard supplier KPIs/Performance Measurements framework is executed to enable Service Owners to monitor suppliers’ performance consistently (e.g, SLA exceptions)
• Manage Supplier Executive scorecard, enabling service owners to drive risk-informed decisions and actions
• Define Governance responsibilities for suppliers exercised in an organization
• Partner with procurement/Strategic Sourcing to establish and implement Quarterly Business Reviews (QBRs) for critical suppliers
• Ensure compliance with regulatory and contractual obligations by reviewing SLAs during renewal/new SOW and providing inputs to procurement and service owners before a contract gets signed
• Establish and deploy annual supplier governance awareness training for suppliers
• Provide technical security requirements in support of the advancement and currency of Supplier Security Policies, Standards
• Technical writer experience in establishing Supplier Governance-related documents (Policies, Standards, Processes, SOPs, etc.)
• Intermediate knowledge of IT security industry security/compliance/governance frameworks (for example, NIST 800-53, ISO 27001/2, COBIT, ISO22301, etc.)

Skills: Risk Assessment, Supplier Audits, Risk Monitoring, Policy Training, Gap Analysis, SLA Management, KPI Tracking, Supplier Governance

• Develop and document technical controls for cloud, on-premises, and hybrid environments, mapped to company policy and industry standards
• Develop and document use cases and runbooks to be used by the SecOps team
• Investigate, respond, and remediate cyber events in the cloud and on-premises environments
• Provide system administration and support of SecOps systems and applications
• Work collaboratively as part of a team, with moderate supervision, to provide relevant input and feedback
• Develop and maintain documentation for all assigned responsibilities
• Provide relevant input and feedback on the investigation and proposal of technologies and methodologies that can enhance Duquesne Light’s security and/or business continuity posture
• Manage expectations and effectively communicate and collaborate with colleagues and project team members
• Responsible for leading efforts to prevent, monitor and respond to information/data breaches and cyber-attacks
• Ensure the execution of Information Security directives and activities in alignment with the data security policy
• Coordinate with system development and infrastructure units to identify Information Security (IS) risks and the appropriate controls for development, day-to-day operation, and emerging technologies
• Reduce risk by analyzing the root cause of issues, their impact, and required corrective actions
• Perform regular assessments based on changes in the threat landscape
• Monitor vulnerability assessments and ethical hacks, ensuring that issues are addressed on time by tracking and working with appropriate teams proactively
• Identify significant IS threats and vulnerabilities
• Ensure all the servers are patched on time with the latest company-approved patch set
• Automate or identify areas to automate that involve manual repetitive tasks

Skills: Technical Controls, Runbook Development, Cyber Response, System Administration, Security Documentation, Risk Analysis, Vulnerability Monitoring, Threat Identification

• Cyber Security experience, specifically working in Security Operations
• Experience with enterprise SIEM solutions (Arcsight/SPLUNK/RSA-SA/Qradar)
• Must have a basic understanding of the cyber kill chain, MITRE framework and NIST framework
• Demonstrated experience in Security Incident Response, Mitigation and Remediation methodologies
• Advanced knowledge of networks, protocols, standards, Linux/Unix/Windows OS internals, and system configuration
• Must have CHFI, OSCP, CEH or other relevant certifications
• Knowledge and understanding ofthe  banking or financial services industry
• Experience working in a large enterprise environment
• Strong analytical skills with high attention to detail and accuracy
• Knowledge and understanding of system/application architecture and design concepts
• Ability to work effectively, as well as independently, in a team environment
• Strong organizational, multi-tasking, and prioritizing skills
• Ability to handle confidential material in a professional manner
• Excellent verbal, written, and interpersonal communication skills

Qualifications: BS in Network Security with 8 years of Experience

• Direct experience with Information Security tech, Data Privacy Consulting or PCI-DSS
• Thorough understanding of intermediate to advanced security and network concepts (Operating systems, intrusion/detection, TCP/IP, ports, etc.)
• Experience with host and network-based security tools
• Experience with network monitoring in a SOC environment
• Ability to demonstrate analytical expertise, close attention to detail, excellent critical thinking, logic, and adaptive learning
• Ability to navigate ambiguity and develop working business relationships
• Must have Security certification (e.g., Security+, GCIA, GCIH, CISSP)
• Excellent written and oral communication skills
• Knowledge of cloud response and containment 

Qualifications: BA in Computer Forensics with 4 years of Experience

• Experience in cybersecurity with a focus on incident response, investigations, vulnerability management or cybersecurity operations
• Experience investigating cybersecurity incidents and threats
• Experience analyzing vulnerability, penetration testing and risk assessment reports, prioritizing and coordinating remediation efforts with stakeholders
• Experience with SIEM and vulnerability management tools
• Excellent presentation skills, written and verbal communication
• Must have interpersonal and collaborative skills
• Ability to communicate information risk-related concepts to technical as well as nontechnical audiences
• Exposure to multiple security domains such as risk, operations, engineering, architecture, exercises, training, etc
• Must have Security certifications such as Security+, GCIH, GCFE, CEH, etc 
• Able to be a team player who excels at supporting colleagues and focusing on shared results
• Highly dependable “doer” who can work with little supervision while being resilient to change

Qualifications: BS in Cybersecurity with 7 years of Experience

• Experience and extensive knowledge of Security Information Event Management
• Experience in Intrusion Detection or Prevention Systems
• Knowledge of TCP/IP, computer networking, routing, and switching
• Experience in Linux/UNIX and Windows-based devices at the System Administrator level
• Ability to speak and communicate effectively with peers, management, and clients
• Ability and experience in writing clear and concise technical documentation
• Ability to speak and write fluently in English
• Must have SIEM experience with Splunk
• Experience using a ticketing system
• Knowledge of NIST, PCI, HIPAA
• Experience mentoring colleagues
• Strong troubleshooting, reasoning, and problem-solving skills
• Team player, excellent communication skills, good time management
• Organizational skills and the ability to work autonomously with attention to processes

Qualifications: BA in Information Technology with 6 years of Experience

• Strong technical aptitude, allowing for an understanding of various enterprise security architectures and administrative functions
• Analytical, problem-solving, and risk assessment skills to support security systems of various complexities
• Ability to retain and leverage knowledge of various enterprise systems to process requests and answer questions
• Demonstrated understanding of all enterprise security architecture and security functions performed by the Information Security Services team
• Demonstrated knowledge of business area-specific systems and how they relate to Information Security Administration processes and enterprise security architecture
• Advanced knowledge of all complex security environments and tools used in the environment
• Ability to manage team projects of any complexity and any level of definition
• Strong interpersonal and communication skills to consult, interact and interpret with a variety of customers with varying levels of technology and security knowledge
• Able to plan and prioritize skills to facilitate the processing of security requests in order of importance, in addition to completing other job responsibilities
• Decision-making skills to meet business needs and protect the security, accuracy, and integrity of Securian's data on computerized platforms
• Ability to perform grasping tasks throughout the entire work day (for example, handwriting, grasping of equipment/machines, paper manipulation, sorting, folding, handling stacks of paper)
• Experience using an ITIL Tool, for example, ServiceNow, Remedy, etc.
• Experience with IIQ, CyberArk, Pingfederate

Qualifications: BS in Computer Networking with 8 years of Experience