FirstBank Jobs

It's fun to work in a company where people truly BELIEVE in what they are doing! Headquartered in Arvada, Colorado, Sundyne is a leading manufacturer of highly reliable and efficient centrifugal pumps and compressors for use in the oil and gas, petrochemical, chemical, power generation and water processing industries. The Sundyne product portfolio features innovative high-speed integrally geared, multistage and sealless technologies that meet API and ISO standards. With a global channel consisting of more than 300 sales and service locations, and a manufacturing network that employs over 1,000 people across 5 facilities, Sundyne provides high quality engineered fluid handling solutions to customers around the world. For additional information, v

Position Description Sundyne is seeking an Cybersecurity Analyst to be the primary driver and owner of Sundyne's entire Cybersecurity program. Responsibilities will be to assess Sundyne cybersecurity tools/controls, plan improvements, collaborate with internal and external staff on implementing improvements, and report status or progress to management. Note this is a full-time and mandatory on-site role at our Arvada, CO facility.

Job Duties & Responsibilities CIS/NIST Framework Perform ad-hoc and on-going assessments of Sundyne controls and compare to CIS/NIST Framework. Identify gap areas or areas requiring additional improvements Discuss, plan, schedule, and implement changes in the Sundyne environment working with both internal staff and outsourced service providers to adhere to CIS/NIST framework Report to management on status, plan, schedule and future stateVulnerability Scanning / Penetration Testing Work with outsourced service provider to schedule and conduct vulnerability scans and penetration tests using existing tool(s). Review and assess findings with respective stakeholders Discuss, plan, schedule, and implement changes in the Sundyne environment working with both internal staff and outsourced service providers to reduce or mitigate identified vulnerabilities. Report to management on status, plan, schedule and future state Other Cybersecurity Assessments/Certifications/Questionnaires Assist in conducting other cybersecurity assessments as required. Review and/or complete various cybersecurity questionnaires on Sundynes behalf when requested by 3rd parties. Discuss, plan, schedule, and implement changes in the Sundyne environment working with both internal staff and outsourced service providers to reduce or mitigate identified vulnerabilities. Report to management on status, plan, schedule and future state Use cybersecurity questionnaires as input into Sundyne cybersecurity program, to identify potential areas of improvement. Create Sundyne's Cybesecurity questionnaire for completion by 3rd parties which have access to Sundyne IT or provide IT service to Sundyne. Assist in the certification/re-certification of Cyber Essentials Plus certification (CE+) Develop and execute a plan towards gaining ISO27001 certification for all Sundyne sites globally. Develop and execute a plan towards gaining ISO 9001:2015 certification for all Sundyne sites globally.Security Projects/Initiatives Research, plan, implement, project manage security projects or initiatives in the pursuit of increased Security. Leverage all inputs to put together a holistic cybersecurity program for the organization

Review and/or develop: Incident response plans Tabletop exercises BCP/DR Plans Customer Notification Plans Assist other IT Security team members as needed Phishing Simulations Email & web filtering Span and Phishing email investigations IPS/IDS alert investigations SIEM alert investigations Review and oversee zero-day vulnerabilities Review or create policies, standards and procedures related to Cybersecurity topics.

Skills & Abilities Ability to maintain multiple projects and initiatives at the same time Experience comm nicating and collaborating with multiple audiences at different levels - Individual Contributors to C-Level Executives Effective written and oral communication skills Ability to keep calm under pressure Strong planning, coordination, documentation and scheduling skills Customer Focused with a can-do attitude Experience working with or overseeing international outsourced service providers Some knowledge/experience with Batch, Powershell, or other scripting languages.

Qualifications Cybersecurity Certifications, one or more of the below required. CISSP - Certified Information Systems Security Professional CISA - Certified Information Systems Auditor CompTIA Security+ CASP - CompTIA Advanced Security Practitioner CEH - Certified Ethical Hacker CISM - Certified Information Security Manager SSCP - Systems Security Certified Practitioner GCIH - Global Information Assurance Certification Certified Incident Handler GSEC - Global Information Assurance Certification Security Essentials Certification