Sr. Security Analyst I (II)

PJM


Job Location:

Audubon, PA - USA

Monthly Salary: Not Disclosed
Posted on: 2 days ago
Vacancies: 1 Vacancy

Job Summary

Flexible Work Arrangement: Hybrid
The Sr. Security Analyst is responsible for leading and coordinating activities related to compliance documentation verification monitoring and reporting for the NERC CIP (Critical Infrastructure Protection) standards. This individual develops and maintains policies standards procedures and control activities by working closely with CIP Compliance business partners. This individual also verifies control design and effectiveness on a scheduled basis and develops submittals to regional entities and auditors.

Essential Functions:

  • Applies understanding of IT security in conjunction with NERC standards to develop effective strategies and work plans for PJMs NERC CIP program.

  • Leads departmental and cross-functional projects to successful completion using project management approaches.

  • Assists control owners in designing and implementing effective controls to ensure compliance with NERC CIP standards.

  • Monitors and influences the development of new standards / new versions of standards and evaluates the impacts of the new /changed standards to PJM. Assists requirements owners with the transition process.

  • Leads and coordinates PJMs comments / balloting on all NERC CIP Standards related postings from FERC NERC RF and SERC.

  • Verifies that the design of security controls for compliance with NERC CIP standards is effectively maintained.

  • Lead or participate in the creation modification and implementation of control activities to ensure compliance with the NERC CIP standards.

  • Reviews evidence of compliance and tests to ensure that the objectives of controls are being satisfied; identifies areas for improvement; and is an integral part of ensuring improvements are implemented.

  • Works collaboratively with internal stakeholders by facilitating the assessment of new applications and new cyber assets to determine their criticality.

  • Supports the automation of security control activities.

  • Develops and implements detailed compliance reports for NERC CIP standards and control activities.

  • Participates in policy standard and procedure reviews and updates.

  • Leads training of internal personnel and presents compliance topics to members and industry stakeholders.

  • Assesses new technologies and their associated security and compliance risks in order to put plans into place for mitigating these risks.

  • Works to champion an understanding of the NERC CIP requirements as relative to PJM.

  • Identifies documents and reports security risks as relative to NERC CIP standards.

  • Conducts internal compliance reviews and coordinates self-reporting of potential violations. Assists control owners in the development and execution of mitigation plans. Ensures timely completion of all mitigation plan activities and facilitates evidence collection.

  • Develops an understanding and assists in defining the obligations of PJMs affected Business Units to reasonably demonstrate compliance with the NERC CIP Standards.

  • May assist other team members as assigned

  • Other related duties as assigned


Characteristics and Qualifications:

Required:

  • Bachelor degree in Business Administration Information Systems

  • At least 5 years of experience in the field of Information Security Information Systems Auditing Information Technology

  • At least 5 years of experience auditing/compliance security and/or information technology

  • Ability to produce high-quality work products with attention to detail

  • Ability to communicate effectively in a team environment

  • Experience in quantitative and qualitative analysis

  • Experience using verbal and written communications skills

  • Ability to use Microsoft Office Suite (MS-Word MS-Excel and MS-PowerPoint)

  • Ability to produce high-quality work products with attention to detail

  • Ability to visualize and solve complex problems

  • Experience with FERC NERC CIP and RFC compliance

  • Experience in information security access control systems encryption and related applications

  • Experience with conducting an annual security assessment to identify risk and vulnerabilities and develop recommendations for senior management based on results


Preferred:

  • MBA Business Administration

  • MS Information Systems

  • Experience with PJM operations markets and planning functions

  • Experience supporting any of PJM Committees

  • Experience with PJM operations markets and planning functions

  • Certified Information Systems Auditor (CISA)

  • Certified Information Security Manager (CISM)

  • Certified Information Systems Security Professional (CISSP)


Required Experience:

Senior IC

Flexible Work Arrangement: HybridThe Sr. Security Analyst is responsible for leading and coordinating activities related to compliance documentation verification monitoring and reporting for the NERC CIP (Critical Infrastructure Protection) standards. This individual develops and maintains policies ...

About Company

Company Logo

PJM works behind the scenes to keep the power flowing for 65 million people in 13 states and the District of Columbia. PJM is a neutral, regulated organization that directs the operation of power lines and generators for many different owners. PJM acts as an agent to provide fair acce ... View more

View Profile View Profile