Sr Cyber Sec Vul Assess Anlst - HYBRID

Job Description

Description

At Exelon, we've got a place for you!

Join the nation's leading competitive energy provider, with one of the largest electricity generation portfolios and retail customer bases in the country. You will be part of a family of companies that strives for the highest standards of power generation, competitive energy sales, and energy delivery. Our team of outstanding professionals is focused on performance, thought leadership, innovation, and the power of ideas that come from a diverse and inclusive workforce.

Exelon will provide you the tools and resources you need to design, build, and enhance a successful career. We are also dedicated to motivating the success of our employees through competitive base salary, incentives, and health and retirement benefits.

Join Exelon and share your passion at a forward-thinking Fortune 100 company. Establish yourself in a place where you can truly shine and create a brighter, more sustainable tomorrow. Energize your career at Exelon!

PRIMARY PURPOSE OF POSITION
    
The Sr Cyber Security Vulnerability Assessment Analyst will work closely with the departmental team Manager and/or a compliance partner to mature and support the expanding gas utility cybersecurity response landscape at Exelon.  The Sr Cyber Security Vulnerability Assessment Analyst will function as a key policy and management model documentation stakeholder, develop and maintain cybersecurity administration systems, and support cyber vulnerability detection/security patch management both technically and administratively. Additionally, this analyst will support the utility business units as an operational stakeholder relating to corresponding policies, standards, and processes. This position will be responsible for continuing to mature the overall gas utility cyber vulnerability detection/security patch management response under the guidance of CISS Leadership. This position also leads, coordinates, communicates, integrates, and is accountable for the overall success of the program, ensuring alignment across Exelon on program priorities and requirements. This position could be required to support additional vulnerability management in regulatory environments outside of gas as well as non-regulatory initiative workload.

    
PRIMARY DUTIES AND ACCOUNTABILITIES 

• Act as a key stakeholder and subject matter expert to mature, implement and sustain the cybersecurity response as it relates to cyber vulnerability detection/security patch management across all applicable Exelon businesses.
• Advance the functionality of supporting administrative IT platforms relating to cyber device inventory management and cyber vulnerability detection/security patch management dispositioning and recordkeeping.
• Assure that all of the supporting gas vulnerability and patch management assessment requirements are met and coordinate/perform the overall required services.
• Assure that all reports, documentation, and evidence for regulatory compliance are completed and properly finalized/submitted.
• Establish, maintain, and enhance relationships with utility business and IT partners. Communicate status to key stakeholders on a regular basis.  Gather feedback on client satisfaction and internal service performance to foster continual improvement.

POSITION SCOPE 
The Sr Cyber Security Vulnerability Assessment Analyst will work closely with the departmental team Manager and/or a compliance partner to mature and support the expanding gas utility cybersecurity response landscape at Exelon.  The Sr Cyber Security Vulnerability Assessment Analyst will function as a key policy and management model documentation stakeholder, develop and maintain cybersecurity administration systems, and support cyber vulnerability detection/security patch management both technically and administratively. Additionally, this analyst will support the utility business units as an operational stakeholder relating to corresponding policies, standards, and processes. This position will be responsible for continuing to mature the overall gas utility cyber vulnerability detection/security patch management response under the guidance of CISS Leadership. This position also leads, coordinates, communicates, integrates, and is accountable for the overall success of the program, ensuring alignment across Exelon on program priorities and requirements. This position could be required to support additional vulnerability management in regulatory environments outside of gas as well as non-regulatory initiative workload.

Qualifications

MINIMUM QUALIFICATIONS

• Bachelor’s Degree in Computer Science, Information Technology (IT), Engineering or a related discipline, and typically 5-8 or more years of solid, diverse experience in managing cyber security vulnerability assessments, or an equivalent combination of education and work experience.
• Ability to demonstrate analytical skills, technical knowledge, and practical application of cyber and information security principles to business leaders and technical staff.
• Experience managing complex projects.
• Knowledge and experience in the implementation of governance frameworks and security risk management processes, such as NIST, ISO, and COBIT guidelines and standards.
• Demonstrated experience in addressing regulatory compliance for the security requirements in applicable laws and regulations, such as NERC CIP, SOX, PCI DSS, and HIPAA. 
• Knowledge and experience in application security standards, methodologies, and technologies.
• Knowledge of asset management principles and techniques including a comprehensive understanding of change management techniques.
• Knowledge of risk threat assessment methodologies.
• Demonstrated leadership ability.
• Proven analytical, problem solving, and consulting skills.
• Excellent communication skills and the proven ability to facilitate solutions effectively with all levels of leadership, IT and utility management.

PREFERRED QUALIFICATIONS:

• Graduate degree in cyber security or a related area of expertise.
• Direct experience with an Exelon gas utility business, or multiple.
• Experience developing management model documentation.
• Experience with OT gas automation industrial control systems and the corresponding instrumentation.
• Relevant certifications (CISSP, GIAC, PMP)
• Experience and expert subject matter knowledge of SCADA, ICS, distribution automation, smart grid, DMS, and/or ECS systems architecture.
• Knowledge of network protocols (e.g., Transmission Control Protocol/Internet Protocol [TCP/IP],
• Knowledge of Dynamic Host Configuration Protocol [DHCP]), and directory services (e.g., Domain Name System [DNS]).      
• Knowledge of system administration, network, and operating system hardening techniques.
• Knowledge of system administration concepts for Unix, Linux, and/or Windows operating systems including server experience.
• Knowledge of Tenable Security Center and Nessus.
• Knowledge and experience in application and systems security standards, methodologies, and technologies.
• Demonstrated experience and subject matter knowledge in assessing cyber security vulnerabilities for operational technology applications.
• Knowledge of system life cycle management principles, including software security and usability.