Senior Analyst, Third-Party Security -HYBRID

Job Description

Description

Be a part of something powerful at America's leading energy provider!

At Exelon, our people are the heart and soul of our business. Whether it's powering lives, supporting communities or collaborating with colleagues, an Exelon employee is talented, compassionate, forward-thinking and inspired. We are a Fortune 200 company united by our values and shared vision for a cleaner and brighter future. We encourage curiosity, value diverse perspectives and we never stop looking for ways to be, work and do better. We know the future is in our hands. That's why we're looking for people like you, who have the power to make a difference.

As the nation's largest utility company, we serve more than 10 million customers through six fully regulated transmission and distribution utilities -- Atlantic City Electric (ACE), Baltimore Gas and Electric (BGE), Commonwealth Edison (ComEd), Delmarva Power & Light (DPL), PECO Energy Company (PECO), and Potomac Electric Power Company (Pepco). All 18,000 of us are committed to delivering safe, reliable and affordable energy to our customers, strengthening our communities, supporting a clean energy future and reducing our impact on the changing climate.

Our people are empowered to evolve and advance their careers in an open and inclusive environment. We pride ourselves on being the kind of place where people want to come, stay and grow -- whether that's in the role and path they start in or in new and exciting career opportunities across our business. We know that investing in our employees' futures strengthens ours, which is why we offer competitive compensation, incentives, opportunities for career path changes, and health and retirement benefits.

PRIMARY PURPOSE OF POSITION

The Senior Analyst of Third-Party Security will focus on protecting Exelon's supply chain, reducing risk and impact related to potential third-party security incidents, and supporting our suppliers to assist them in improving their security posture, with the objective of improving Exelon's resiliency. This individual will engage in job duties outlined below, to enhance the resiliency of Exelon and to promote our mission of safeguarding the people, property, reputation, and shareholder value of the corporation. Serve a subject matter expert for third-party risk and cybersecurity requirements, including internal and external controls to support Exelon's desired risk posture and regulatory obligations, respectively. Research and stay informed of emerging threats and regulatory compliance obligations that may impact Exelon's third-party suppliers Collaborate with security, compliance, legal, and business teams to drive awareness of emerging threats to address third-party risk and proactive remediation planning efforts in a more timely, efficient manner Develop recommendations to meet regulated and non-regulated security control requirements as they relate to third-party suppliers Drive consensus on the recommended path forward to address the requirement(s) with impacted stakeholders Support remediation efforts to resolve key risk areas Develop evidence collection processes to verify required security controls are in place Support internal and external audit teams to validate requirements have been met Provide recommendations to revise, enhance, and/or develop new policies, standards, processes, and best practices to further reduce risk to Exelon and our third-parties

PRIMARY DUTIES AND ACCOUNTABILITIES

• Provide guidance and operational management for third-party security and compliance programs 
• Collaborate with security, compliance, legal, and business teams to drive awareness of emerging threats to address third-party risk and proactive remediation planning efforts in a more timely, efficient manner 
• Support internal and external audit teams to validate requirements have been met 
• Identify potential risks to Exelon and our suppliers related to potential third-party security incidents 

JOB SCOPE

Interact with internal and external stakeholders to deliver cyber compliance and perform related tasks Work under minimal supervision, following standard procedures to accomplish assigned tasks

Qualifications

MINIMUM QUALIFICATIONS

• Bachelor's degree in relevant field preferred, or equivalent experience required
• 5+ years of professional industry experience focused on cybersecurity, risk, and compliance
• Deep understanding of cybersecurity concepts, including security exceptions management, the anatomy of an attack, and risk mitigation strategies
• Experience with common security frameworks and industry regulatory requirements
• Experience helping organizations define, develop, deploy, and manage cybersecurity solutions across IT and Critical Infrastructure environments
• Confident in leading end-to-end solutions: strategy, design, development, testing, training, implementation
• Demonstrated project management experience leading teams and large-scale programs
• Experience leading and deploying end-to-end compliance/privacy solutions including strategy and road mapping, policy design, development, implementation, adoption, and enforcement
• Understanding of high-level application, database, cloud, and network security principles for risk identification, mitigation, and analysis
• Understands current cyber and physical security best practices

PREFERRED QUALIFICATIONS

• Experience in the Energy and Utilities industry
• Experience working with internal and external auditing firms
• Understanding of key cyber and legal concepts relative to regulatory compliance requirements
• Professional Services or Consulting firm/industry experience
• Experience in writing procedures and policies
• Strong communication skills in a fast paced, dynamic, team-based environment
• GICSP, CISSP, CISA, CISM, PMP certifications
• A discipline in one of the following: Computer Science; Information Systems; Information Systems Security; Information Technology
• Experience working with popular GRC tools like ServiceNow, Archer, MetricStream
• Experience mentoring and providing coaching for personnel

#LI-Hybrid