Cyber Security Analyst

Job Objective: The Cyber Security Analyst is responsible for ensuring the confidentiality, integrity, and availability of Harvest Midstream Company’s information systems and data. This role involves the implementation and management of security measures to protect our IT infrastructure and Enterprise IT from cyber threats and ensuring compliance with various TSA and pipeline regulations. The Cyber Security Analyst will play a critical role in maintaining and enhancing the company’s security posture. Essential Job Responsibilities: • Security Monitoring and Incident Response: • Continuously monitor the organization’s IT infrastructure for security breaches and vulnerabilities. • Respond promptly to security incidents, conduct thorough investigations, and implement corrective actions. • Maintain an incident response plan and conduct regular drills to ensure readiness. • Compliance and Standards Management: • Ensure compliance with Transportation Security Administration (TSA) regulations and pipeline security standards. • Stay updated with the latest TSA and other relevant regulations to ensure ongoing compliance. • Prepare and manage security documentation and reports for regulatory bodies. • Risk Assessment and Management: • Conduct regular risk assessments to identify potential security threats and vulnerabilities. • Develop and implement risk mitigation strategies to address identified risks. • Collaborate with other departments to ensure a comprehensive approach to risk management. • Security Policies and Procedures: • Develop, implement, and maintain security policies, procedures, and best practices. • Ensure that security policies are communicated effectively across the organization and adhered to by all employees. • Regularly review and update security policies to reflect changes in the regulatory environment and emerging threats. • Security Awareness and Training: • Develop and conduct security awareness training programs for employees. • Promote a culture of security awareness and ensure employees understand their roles and responsibilities in protecting the company’s assets. • Provide guidance and support to employees on security-related issues. • Technology Implementation and Management: • Evaluate and implement security technologies to enhance the organization’s security posture. • Manage and maintain security tools and systems, including firewalls, intrusion detection systems, and antivirus software. • Ensure that all security systems are updated and patched regularly. • Collaboration and Communication: • Work closely with IT and other departments to ensure alignment of security measures with business objectives. • Communicate security issues and recommendations to senior management in a clear and concise manner. • Collaborate with external partners and regulatory bodies to ensure compliance and address security concerns. • Cybersecurity Compliance Specifics: • Develop and maintain a TSA-approved Cybersecurity Implementation Plan detailing the cybersecurity measures in place. • Establish network segmentation policies to ensure operational continuity in case of IT system compromises. • Implement access control measures to secure critical cyber systems. • Develop continuous monitoring and detection policies to identify and mitigate cybersecurity threats. • Ensure timely application of security patches and updates to minimize exploitation risks. • Submit an annual Cybersecurity Assessment Plan to TSA, report assessment results, and ensure regular testing and auditing of cybersecurity measures. • Develop and test Cybersecurity Incident Response Plan (CIRP) objectives annually. • Other Duties as Assigned by Management Qualifications: • 5 years minimum of experience in a cybersecurity role, preferably in the energy or pipeline industry. • Proven experience in implementing and managing security measures in compliance with TSA and pipeline regulations. • Strong knowledge of cybersecurity principles, practices, and technologies. • Experience with cyber security incident investigations and log reviews. • Excellent analytical and problem-solving skills. • Strong understanding of regulatory requirements and standards related to cybersecurity. • Ability to respond to security incidents calmly and effectively. • Excellent communication and interpersonal skills. • Ability to work independently and as part of a team. • Detail-oriented with a strong commitment to maintaining high standards of security. Education Requirements: • Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field. Certifications, Licenses, Registrations: • Relevant certifications such as CISSP from ISC2 or, CISA from ISACA, or GSEC from GIAC are highly desirable. About Us Harvest Midstream is a privately-held midstream services provider headquartered in Houston, Texas with assets in Alaska, Colorado, Louisiana, New Mexico, North Dakota, Ohio, Pennsylvania and Texas. Harvest transports and processes oil, natural gas and natural gas liquids across the United States. The remarkable growth of Harvest since 2002 is a direct result of the hard work and dedication of over 450 employees who are intensely focused on safety, operational excellence and the highest levels of service to our customers. Our company values govern how we run our business, how we treat our fellow employees and how we serve our customers. At Harvest, we are focused on developing and maintaining long-term business relationships through customer service and agility in every business interaction. Harvest offers its employees competitive salaries, quarterly bonuses, healthcare benefits, a 401k retirement plan, paid time off, and participation in our B.H.A.G. bonus program as part of our total rewards package. Please see our Careers page for opportunities at Harvest. Harvest Midstream Company is an Affirmative Action/Equal Opportunity Employer. All qualified individuals will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, and any other basis protected by law. Individuals with disabilities needing assistance in the recruitment process are encouraged to contact Human Resources directly.