Job Description
Description
JOB EXPECTATION:
Engage in job duties outlined below, to reduce risk exposure in areas of cyber and physical security; and to promote our mission of safeguarding the people, property, reputation and shareholder value of the corporation.
PURPOSE:
- Collaborate, verify, advise, and communicate with Corporate Functional Area Managers (CFAMs) related to Management Model document updates, ensuring consistency
- Facilitate Peer Group Meetings in order to determine appropriate actions
- Update and socialization of program documents, policies, and procedures
- Responsible for the day-to-day execution and maintenance of security exceptions
- Maintain, track, and review security exception to clearly assess risks to established security procedures
- Maintain, track, and review security exception remediations to ensure proper measures are taken place where applicable
- Perform, track, and document controls certification results
- Manage Security Controls Program (SCP) Remediation Project Plans
- Update job aids to accommodate changes and test prior to implementation to ensure quality messaging
- Provide the business and technical team with a more holistic view of risk, regarding the system or technology of interest
- Design and distribute change management materials with respect to security controls certification, exceptions, and remediation
- Identify possible controls, countermeasures, and safeguards that can reduce the risk exposure to an acceptable level
- Perform document risk analysis
- Interact with internal business stakeholders to define, execute, and deliver appropriate analysis
- Process ad-hoc requests for security exception reporting and analysis
ACCOUNTABILITIES:
- Drive and execute relevant Management Model document update activities
- Respond to, approve, and dispatch security exception requests, including the risk assessments of those exceptions, in a timely manner
- Process security exceptions and perform risk analyses and remediation (where applicable) for those exceptions
- Track and document certification results analysis
Qualifications
REQUIREMENTS:
Minimum:
- Bachelor’s degree
- 5 years of experience in security or related technical fields
- Experience with DFARS
252.204.7012/NIST 800-171 controls
- Strong communication skills, both written and oral
- Strong analytical and problem-solving skills with the ability to analyze data, identify opportunities, determine solutions, identify and obtaining needed resources, and execute to completion
- Knowledge of PC/desktop workstation applications: Microsoft Word, Excel, Outlook, PowerPoint
- Knowledge of security concepts, terminology, and tools
- Advanced technical knowledge of databases, database queries, and database reporting
Preferred:
- Advanced degree
- Certification: Information Systems Audit and Control Association (ISACA), Certified Information Systems Security Professional (CISSP), SANS, and other related technical certifications
----
Exelon is proud to be an equal opportunity employer and
employees or applicants will receive consideration for employment without
regard to: age, color, disability, gender, national origin, race, religion,
sexual orientation, gender identity, protected veteran status, or any other
classification protected by federal, state, or local law.
VEVRAA Federal Contractor
EEO is the Law Poster