GRC Cybersecurity Analyst

Job Type:

Plains is an industry-leading transportation and midstream provider specializing in transportation, storage, processing and marketing solutions for crude oil. We own an extensive network of pipeline transportation, terminalling, storage and gathering assets in key oil producing basins and transportation corridors and at major market hubs in the United States and Canada. The company is headquartered in Houston, Texas.

We’re on the lookout for passionate self‑starters who thrive in fast‑moving, collaborative, and innovative environments.

Job Purpose/Summary:

The Analyst, Risk and Compliance will actively support continuous system and enterprise risk analysis, auditing, and risk mitigation follow-up to ensure expected compliance with executive management expectations across Plains.  This role will work directly with the Manager of Risk and Compliance to implement continuous improvement programs, enforcing data protection, software and system security, and compliance with standards and regulations such as SOX, NIST, TSA, DHS, DOE, CCPA, and Data Privacy. Additionally, this role will work closely with various Internal and External audit teams, and is expected to directly support audits where feasible in order to reduce the need for outside resources.

This position will assist the Manager of Risk and Compliance in preparing meaningful reports, metrics and implements, and other information essential to senior management and insight regarding the effectiveness of Plains’ IS cyber security platform. Additionally, this individual is expected to understand the technical aspects of network topologies (including firewall configurations), IDS/IPS strategies, cyber threat awareness and assessments (including zero day), network administration (including MS, Linux, Mainframe, cloud, etc.), and cyber incident management.

The selected candidate will be eligible for company benefits including Medical, Dental, Vision, Paid Time Off (PTO), and Free Parking.

Job Responsibilities:

• Understand and document IT processes, risks, and internal controls;

• Participate on SOX, Information and Operational IS Audits to evaluate and test controls;

• Perform audit administration, execution, and wrap-up responsibilities in accordance with established guidelines; and

• Communicate audit status and results to management personnel.

• Monitor remediation completion

• Evaluate new and emerging cyber threats and assess their impact to the organization.

• Assist in identifying and mitigating emerging cyber threats.

• Develop and host cyber security drills for various Information (IS), Operational (OT) and organizational teams/departments.

• Assist in gathering and reporting on information related to the Information, Operation and organization current cyber security environment.

• Provide cyber security input to all teams and influence the design, implementation and management of Plains’ infrastructure as it pertains to security. 

• Work in a team environment requiring interaction with other security analysts, system/network/database administrators, software developers, and managers in identifying security requirements, specifications, and project planning activities

• Review and update security training material, Plains Web content, memos and awareness notifications, and conduct training sessions for the organization

• Interfaces with the Plains user community to understand their security needs and implements procedures to accommodate them

• Provides management and supervisor with daily status reports

• Review cloud vendor SSAE 18 SOC 1 & 2 and ISO 27001 audit reports for risk review

Knowledge, Skills, and Experience Required:

• Bachelor’s Degree in Computer Science, Information Systems, Engineering or other related field.

• A minimum of 2 years’ experience in a combination of risk management, information systems, audit, information security for IS or OT environments. 

• A minimum of 2 years’ experience in a combination of network, database, systems administration for and IS or OT environments.

• Knowledge of security standards: NIST, TSA, DHS, DOE, COBIT, CSF, ISO 27001

• An understanding of pertinent information security regulations (e.g., SOX, PCI, Financial regulations, HIPAA, CCPA, Data Privacy).

• Excellent interpersonal, communication, and presentation skills, including formal report writing experience

• Experience implementing a risk-based approach to review and monitor third-party/ vendor security practices and compliance with contractual obligations.

• Ability to adapt and adjust planned work through analyzing work demands, competing priorities, and tight deadlines; to understand the most effective and efficient means to accomplish tasks within the parameters of the organizational structure, processes, systems, and policies.

• Ability to develop and maintain positive business relationships and foster an environment of mutual respect, understanding, and trust.

• Knowledgeable in secure coding practices (including web-based applications)

• Exposure to the following:

  • Windows 2016/2019 Server / Active Directory

  • Windows 10 Workstation

  • MS Office products

  • Microsoft SQL and Oracle database and applications 

  • HP Unix and Redhat Linux

  • Tenable – Nessus– Nexpose, Wireshark, Kali

  • z/OS ACF2

  • IPS/IDS

  • Cisco - switches, routers, and firewalls

  • Palo Alto Network firewalls

  • Ethernet and TCP/IP environment protocols

  • Quest Change Auditor/Tripwire TE

  • Hosted/SaaS/Cloud Computing

  • Server and Security administration tools

  • Excellent written and oral communication skills

• Cleared criminal history (background) and satisfactory reference checks

• Compliance with the Company’s drug and alcohol policy including pre-employment D&A testing.

• This position is not eligible for employment-based visa sponsorship. Applicants must be authorized to work in the U.S. for the duration of their employment

Preferred:

• Master degree in computer Science, Information Systems, Engineering, Business Administration, or other related field. 

• Big 4 audit experience.

• IS Auditing Certification (e.g., Certified Information System Auditor (CISA)), risk and information systems (e.g., Certified in Risk and Information Systems Control (CRISC) or accounting professional designation (e.g., CPA).

• Solid understanding of network and system administration; CCNA or higher is a plus.

• Experience working with MS PowerShell, Python and VB.

#Plains

At Plains, our employees are our most valuable asset. Hard work is rewarded with competitive compensation and a top-tier benefits program designed to keep our employees safe, healthy and happy. We work hard to deliver the best results to our stakeholders, and we also respect our employees' need for personal and family time, which is reflected in our benefits program.

We are proud to be an Equal Opportunity Employer. We are committed to providing employment opportunities to all qualified individuals, without regard to age, race, color, national or ethnic origin, religion, sex, sexual orientation, gender identity or expression, veteran status, genetic information, disability, or any other characteristic protected by federal, state, or local law. Applicants with disabilities can request accessible formats, communication supports, or other accessibility assistance by contacting WebCareers@Plains.com.

Salary details estimated by job boards such as Indeed, Glassdoor, and LinkedIn do not represent Plains’ compensation structure. We thank all candidates for their interest; however, only those selected for an interview will be contacted. 

By submitting your resume, you consent to the collection, use and necessary disclosure of the personal information provided during the application and selection process. Learn more.