Analyst Cyber Security Senior
Apply now »Date: May 20, 2023
Location: Phoenix, AZ, US
Company: SRP
SRP is one of the largest public power and water utilities in the U.S. providing electricity to approximately one million customers in the greater metropolitan Phoenix area. Since its founding in 1903, SRP has fostered a culture of stewardship and customer service consistently ranking as an industry leader in customer service according to J.D. Power. SRP continues to adapt to its changing business environment by seeking innovative ways to reimagine utility service and the provision of critical resources essential to the life and economy of Arizona.
Job Brief
Plays a crucial role in supporting the mission of providing affordable, reliable water and power to SRP customers by participating in cyber security initiatives that protect SRP operations. Collaborates with Information Technology and Operational Technology personnel to assess configurations and conditions to recommend cyber security control implementations based on risk to SRP. Coordinates risk and compliance assessments of SRP’s most critical systems to determine if systems are in alignment with cyber security policies. Ensures security remediation is appropriately addressed by business groups and system owners. Collaborates with stakeholders across SRP to ensure compliance with NERC CIP (North American Electric Reliability Corporation Critical Infrastructure Protection) regulations. Applies industry knowledge and experience to advance strategic security objectives while ensuring SRP's business interests are served. Monitors and analyzes relevant trends, regulatory action, and other activities.
Priorities also include consulting and advising business groups, projects teams, and individuals on translating cyber security policies and standards into requirements, ensuring effective cyber security/technology risk management, and guiding appropriate control and compliance activities. Supports risk management activities to identify, rank, prioritize, and follow up on remediation progress to cyber security address risk.
Job Responsibilities
- Advising the CSS Lead - Risk & Compliance on cyber security compliance and risk matters.
- Participating in programs and projects that cross intra-organizational boundaries, requiring the employee to coordinate with organization-wide teams.
- Developing and maintaining cyber security compliance strategies for adherence to SRP applicable standards, including but not limited to NERC CIP, National Institute of Standards and Technology Cyber Security Framework (NIST CSF), NIST Special Publication SP 800-53, Department of Energy’s Cybersecurity Capability Maturity Model (C2M2)
- Communicating, expanding, and contributing to SRP's cyber security compliance and risk management programs.
- Creating reports, presentations, dashboards, and other forms of written and visual deliverables to communicate risk and compliance activity, status, and results.
- Consulting and advising business groups, projects teams and individuals on translating cyber security regulations into requirements, ensuring effective cyber security/technology risk management and appropriate control and compliance activities.
- Conducting cyber security assessment activities for internal technologies/systems and third-party vendors.
- Ensuring security risks are appropriately addressed by following up with business groups and system owners to complete assigned security remediation.
- Informing cyber security leadership of emerging cyber compliance and risk trends.
- Participating in internal technical teams and external industry cyber compliance and risk groups.
Education
Experience
Promotion to level 2 requires a minimum of two years of experience at level 1; demonstrated capability to perform advanced and more difficult work as determined by the supervisor. Promotion to senior level requires a minimum of three-years of experience at level 2; is fully competent in all aspects of functional area of assignment and as such would be recognized as a specialist in area of assignment and may have periodic or occasional lead responsibilities.
Degree preference for Computer Information Systems, Information Assurance, Computer Science, Cyber Security, Engineering or Business degrees.
5 years professional experience in related field preferred.
Special Licensing Industry security certifications preferred, including:
- CISSP - ISC2 Certified Information Systems Security Professional
- GIAC Certifications (example: GSEC, GSTRT, GCIP, etc.)
- CRISC - Certified in Risk and Information Systems Control
- CISA - Certified Information Systems Auditor
Additional Information
- Experience conducting security compliance and risk assessments, testing controls to determine security risk, and providing recommendations to technology groups.
- Knowledge of, and experience with, cyber security risk, compliance, and control framework implementations (NERC CIP, NIST 800-53, NIST CSF, Center for Internet Security Critical Security Controls (CIS CSC), etc.).
- Ability to analyze conditions/configurations and provide cyber security guidance in a variety of business process and technical scenarios.
- Capable of managing multiple compliance and remediation workstreams and communications, often with overlapping and competing deadlines and priorities.
- Familiar with cloud computing technologies, models, and security strategies.
- Understanding of Industrial Control System (ICS) and Operational Technology (OT) concepts, processes, and functionality.
- Must demonstrate strong communication skills; familiarity with cyber security compliance and risk concepts; and an understanding of cyber security compliance and risk frameworks.
- Experience working with Information Technology and Operational Technology infrastructure components, operating systems, and applications from a security compliance and risk perspective.
- Experience participating in cyber security compliance and risk programs.
- Experience with common cyber security compliance and risk tools, such as Governance, Risk, and Compliance software, is preferred.
Requisition Details
Requisition ID: 15686
Hybrid Workplace
SRP currently offers a hybrid workplace, which allows employees whose jobs can be performed remotely, and who have sufficient technical capability, to telework up to three days per week. Although teleworking is available, all employees must live and work in Arizona. We are taking steps to protect the health and well-being of all team members, and by following a number of health and safety protocols, to reduce the risk of the coronavirus (COVID-19).
Equal Opportunity Employer Statement
Salt River Project (SRP) recognizes diversity and inclusion as key drivers of innovation and growth, and seeks to attract a diverse employee base that reflects our community. We are committed to equal employment opportunity regardless of race, color, religion, sex (including pregnancy), gender identity, sexual orientation, national origin, age, disability, genetic information, military status or any other protected status under applicable federal, state or local law. Ultimately, SRP aspires to fully apply the power of diversity and inclusion to build a more equitable and sustainable future for our customers, employees and community.
Drug/Alcohol Policy Statement
In order to promote the safety and well-being of our employees, customers and the communities we serve, SRP is committed to maintaining a drug/alcohol free work environment. Although marijuana may now be legal in Arizona, except as otherwise specified under Arizona law, SRP considers it to be an illegal drug for the purpose of our drug/alcohol policy because marijuana remains illegal at the federal level. Any candidate found to be impaired during the hiring process or who has the presence of an illegal drug or unauthorized substance in their system during the pre-employment drug/alcohol test may be disqualified from further consideration in the hiring process.
All candidates must be legally authorized to work in the United States.
Currently, SRP does not sponsor H1B visas.
Why Work at SRP
SRP's success is rooted in our employees' happiness, health and safety. That's why we offer a comprehensive benefits package to meet the needs of our employees and enhance their well-being. In addition to competitive pay and performance incentives, eligible employees can take advantage of the following benefits:
• 401(k) plan with employer matching
• Retirement pension
• Paid vacation
• Parental leave
• Holiday pay
• Sick leave
• Medical, vision, dental and life insurance
• Wellness programs
• Pre-tax benefits
• Short and long-term disability plans
• Tuition assistance
Nearest Major Market: Phoenix