Cybersecurity Governance Analyst

Ciena is committed to our people-first philosophy. Our teams enjoy a culture focused on prioritizing a personalized and flexible work environment that empowers an individual’s passions, growth, wellbeing and belonging. We’re a technology company that leads with our humanity—driving our business priorities alongside meaningful social, community, and societal impact.

.

CIENA

For more than 25 years, Ciena has been the global leader in networking strategy, and our technology has been part of the critical infrastructure running within the most advanced companies in the world.Innovations that wow us (driverless cars), and those we now take for granted (the ability to mobile-stream your favorite show) are the products of ingenuity from some brilliant and forward-thinking companies. But those companies rely on Ciena, another vanguard of innovation, to create and advance the underlying networks that bring their breakthroughs to our doorsteps. VR, AI, IOT, 5G … literally none of it would be possible without the mind-boggling technology that makes the internet itself work - technology created by Ciena.

ROLE OVERVIEW:  Analyst - Cyber Security Governance

The Cyber Security organization at Ciena is a group of skilled professionals who share the same passion for defending against cyber criminals. With the increase in volume and sophistication of cyber-crime, we are growing and have tons of exciting work planned. We are dedicated to driving the security mission of Ciena throughout the enterprise; Do the Right Things (and Do Them Well), Protect the Company (From Evolving Threats), and to Build Trust (in Our Products and Program). The Security Governance Analyst will have specific focus in building and maintaining security governance documentation such as charters, policies, standards, procedures, guidelines, as well as other key document requirements for ISO 27001 certification.

The Security Governance Analyst will work collaboratively with the Cyber Security Governance, Risk, Compliance Readiness, and Trust (GRCT) functional leads, as well as other internal teams to support Security Governance initiatives and projects.

PRIMARY RESPONSIBILITIES:

• Build and maintain Security Policies, procedures, standards, and guidelines within multiple security functions, aligning to corporate documentation procedures and standards.
• Assist with pursuit of ISO27001 Certification, including engagement with stakeholders throughout gap assessments, driving remediation activities, and conducting pre-assessments
• Assist with the Prepare, Build, Collect, Consolidate and Present audit related artifacts, such as control narratives, screenshots, policy & procedural documents, and other evidence for internal and external ISO27001 audits.
• Identify and drive process/tool improvements aimed at increasing process efficiency
• Work collectively within the cyber security team, as well as with other business stakeholders, to leverage updates to key project initiatives to build Unified Control Framework Control Narratives aligned to ISO requirements.
• Build strong inter-group/cross functional relationships, at various levels in the organization, while identifying opportunities for process improvement related to our Security Program at large
• Work within the cyber security team holistically to help identify key security risks, customer contractual or compliance requirements, governance needs, or other security impacts as necessary
• Completion of special projects/requests as required
• Managing internal and external relationships effectively 
• Advocating for, and participating in, efforts to enhance the program both for operational efficiency as well as to improve the risk posture of the organization 
• Being a champion for security and modeling behaviors consistent with cybersecurity best practices  
• Representing the best interests of Ciena 

SKILLS

• Proficient in cyber security concepts as well as industry standards and principles, such as CIA Triad, NIST Cybersecurity Framework, ISO 27001, SOC 2 Type 2, and others.
• Knowledgeable in auditing principles and concepts
• Technical writing skills preferred
• Ability to relay technical information to non-technical audiences
• Ability to read and interpret legal language/ contract language and relay security requirements within legally reasonable and sound language
• Must be detail-oriented, organized, and self-driven
• Exceptional customer service skills
• Ability to work in a team environment, often under time constraints
• Business acumen and strategic thinking
• Comfortable in presence of and/or presenting to executives
• High level of professional maturity and well-developed business skills

EXPERIENCE

• Associate Degree, Bachelor’s Degree, or equivalent
• Cyber Security related certifications preferred, such as CompTIA Security+, CRISC, CISM, CISSP, ISO 27001 LA or LI or others.
• 5-10 years’ experience in Cyber Security or equivalent work experience
• Experience with risk assessments and IT controls testing or auditing using a control framework or standard
• Experience with Agile principles as well as Agile tooling such as Jira, Azure Dev Ops, etc.
• Experience working within GRC Tools such as LogicGate, ServiceNow, HighBond, Archer, etc. is a plus.

#LI-SM

#MP1