Security Analyst PRIMARY PURPOSE OF POSITION
The Cyber Security Compliance Analyst will exist as part of the broader Cyber Security Governance function that works across IT and business teams to ensure compliance with cyber-specific laws, rules, and regulations applicable to the organization. Leverages in-depth technical knowledge and expertise to support delivery and maintenance of IT Cyber Security services and partners with teams across IT and the Business to lead projects or project steps related to Cyber Security. The Cyber Security Compliance analyst is also a recognized Subject Matter Expert (SME) in the area of Security Control Program (IT SCP) working directly with individuals/departments across all areas (Corporate, Commercial, Generation, and Nuclear).
Security Analyst PRIMARY DUTIES AND ACCOUNTABILITIES Support and perform IT Cyber Security governance and oversight activities, including analysis of Cyber security policies, programs, and activities, developing and tracking performance metrics, reporting, and developing documentation.
Develop metrics to convey the status and heath of applicable cyber-security compliance initiatives.
Support the business development and maintenance of Governance Risk and Compliance (GRC) system.
Maintain comprehensive records for all concerns and/or findings during the compliance process; support issues tracking and drive corrective action/remediation efforts.
Perform compliance activities including control testing, self-assessments and support engagements with internal and external auditors and support vendors.
Support business partners and report compliance results with respect to the adherence to and compliance with applicable cyber laws, regulations, and control frameworks
Read, analyze, and interpret business, professional, technical or government documents.
Recommend and implement change and process improvements to the cyber compliance areas to ensure sustained compliance and operational efficiencies.
Develop/Maintain and Deliver assigned courses within the IT Cyber Security Security Control Learning Series
Develop and review educational/training materials and job aids which support the Security Control Program (IT SCP)
Provide functional and technical support for the GRC platform.
Provide security controls technical SME support to various app owners and infrastructure owners (Supporting weekly office hours or as needed one on one)
Security Analyst Qualifications - External
MINIMUM QUALIFICATIONS Bachelor's degree and typically 2 to 5 years related IT experience or 6 to 9 years equivalent combination of education and work experience.
Experience with ServiceNow GRC
bility to solve problems using pre-defined procedures and guidelines.
Communication skills Able to effectively communicate highly technical information in non-technical terminology (written and verbal)
Understanding of Server and Workstation Operating Systems (Windows / Linux)
Understanding of IP based switching, routing, and network environments (ex. Cisco)
Understanding of computer networking concepts and protocols, and network security methodologies.
Understanding of Application/Database concepts
Understanding of cyber security practices for an enterprise environment
IND123
