Sr Cyber Security Vulnerability Assessment Analyst

Job Description

Description

At Exelon, we've got a place for you!

Join the nation's leading competitive energy provider, with one of the largest electricity generation portfolios and retail customer bases in the country. You will be part of a family of companies that strives for the highest standards of power generation, competitive energy sales, and energy delivery. Our team of outstanding professionals is focused on performance, thought leadership, innovation, and the power of ideas that come from a diverse and inclusive workforce.

Exelon will provide you the tools and resources you need to design, build and enhance a successful career. We are also dedicated to motivating the success of our employees through competitive base salary, incentives, and health and retirement benefits.

Join Exelon and share your passion at a forward-thinking Fortune 100 company. Establish yourself in a place where you can truly shine and create a brighter, more sustainable tomorrow. Energize your career at Exelon!

PRIMARY PURPOSE OF POSITION
    
The Sr Cyber Security Vulnerability Assessment Analyst will work closely with the departmental Team Manager and Program Manager to assure that all of the NERC CIP Cyber Security Vulnerability Assessment requirements are met, including verifying that reports, documentation, and evidence are complete and properly handled across all areas of the Company.  The Sr Cyber Security Vulnerability Assessment Analyst will schedule, manage, and provide direction for the implementation of the NERC CIP-010 Vulnerability Assessment Program at all Exelon Registered Entities, and will support the Business Unit in the implementation and updates to NERC CIP policies, standards, and processes supporting vulnerability assessments. This position will be responsible for continuing to mature the overall program under the guidance of CISS Leadership, This position also leads, coordinates, communicates, integrates, and is accountable for the overall success of the program, ensuring alignment with Exelon CIP Program priorities and requirements.

    
PRIMARY DUTIES AND ACCOUNTABILITIES 

Schedule, manage, and provide direction for the implementation of the NERC CIP-010 Vulnerability Assessment Program at all of the Exelon Entities. 50%

Assure that all of the NERC CIP Vulnerability Assessment requirements are met and coordinate and manage the overall services provided. 20%

Assure that all reports, documentation and evidence for NERC compliance are completed and properly handled. 20%

Establish, maintain, and enhance relationships with business and IT partners. Communicate status to key stakeholders on a regular basis.  Gather feedback on client satisfaction and internal service performance to foster continual improvement. 10%

Qualifications

POSITION SPECIFICATIONS

Minimum

- Bachelor’s Degree in Computer Science, Information Technology (IT), or a related discipline, and typically 5-8 or more years of solid, diverse experience in managing cyber security vulnerability assessments, or equivalent combination of education and work experience.
- Appropriate technical skills and in-depth knowledge of business unit functions and applications including: 
 - Knowledge and experience in the implementation of governance frameworks and security risk management processes, such as NIST, ISO, and COBIT guidelines and standards.
 - Demonstrated experience in addressing regulatory compliance for the security requirements in applicable laws and regulations, such as NERC CIP, SOX, PCI DSS, and HIPAA. 
 - Experience managing complex projects
 - Knowledge and experience in application security standards, methodologies, and technologies.
 - Ability to demonstrate analytical skills, technical knowledge, and practical application of cyber and information security principles to business leaders and technical staff.
 - Knowledge of capabilities and requirements analysis.
- Knowledge of resource management principles and techniques.
- Knowledge of risk threat assessment methodologies.
- Comprehensive understanding of change management techniques associated with new technology
- Demonstrated leadership ability.
- Proven analytical, problem solving, and consulting skills.
- Excellent communication skills and the proven ability to work effectively with all levels of IT and business management.

Preferred:
- Relevant security certifications (CISSP, GIAC, PMP)
- Experience and expert subject matter knowledge of SCADA, ICS, Distribution Automation, Smart Grid, DMS, and ECS systems architecture.
- Knowledge and experience in application and systems security standards, methodologies, and technologies.
- Demonstrated experience and subject matter knowledge in assessing cyber security vulnerabilities for OT applications, web architectures, operating systems, databases, and networks.
- Knowledge of system life cycle management principles, including software security and usability.

POSITION SCOPE 
The Sr Cyber Security Vulnerability Assessment Analyst will work closely with the departmental Team Manager and Program Manager to assure that all the NERC CIP Cyber Security Vulnerability Assessment requirements are met, including verifying that reports, documentation, and evidence are complete and properly handled across all areas of the Company.  The Sr Cyber Security Vulnerability Assessment Analyst will schedule, manage, and provide direction for the implementation of the NERC CIP-010 Vulnerability Assessment Program at all the Exelon Registered Entities, and will support the Business Unit in the implementation and updates to NERC CIP policies, standards, and processes supporting vulnerability assessments. This position will be responsible for continuing to mature the overall program under the guidance of CISS Leadership. This position also leads, coordinates, communicates, integrates, and is accountable for the overall success of the program, ensuring alignment with Exelon CIP Program priorities and requirements.

Exelon is proud to be an equal opportunity employer and employees or applicants will receive consideration for employment without regard to: age, color, disability, gender, national origin, race, religion, sexual orientation, gender identity, protected veteran status, or any other classification protected by federal, state, or local law.

VEVRAA Federal Contractor