Senior Cyber Security Analyst
Northeast Power Coordinating Council (NPCC) · New York, United States · 3 mo ago
Information TechnologyFull-time
Key Responsibilities
- Develop and drive the adoption of cybersecurity best practices and standards to mature and sustain IT/OT security risk management capabilities across member organizations.
- Lead and provide technical and analytical support and coordination of the NPCC Task Force on Infrastructure Security and Technology and its associated working groups activities.
- Promote collaboration between NPCC, its members/registered entities and industry partners through organizing workshops, briefings, and training programs to enhance cybersecurity awareness, readiness and response capabilities.
- Lead and support cybersecurity outreach and risk assessment initiatives, including entity assist visits, by researching relevant threats, developing awareness and risk mitigation materials, and engaging stakeholders to enhance overall security awareness and preparedness.
- Conducting regional risk assessments, analyzing emerging threats and vulnerabilities, supporting incident response coordination, and contributing to the development of security guidelines and frameworks.
- Strengthen proactive outreach, communications, relationships, and intelligence sharing with key regulatory, law enforcement, and government agencies across Northeastern North America.
- Monitor and support the NERC Reliability and Security Technical Committee and its subgroups’ cybersecurity-related activities, as required.
- Collaborate with the ERO Enterprise, NERC, E-ISAC, and other partners to promote information sharing and risk mitigation.
- Represent NPCC in the ERO Enterprise, regional and industry security initiatives and engagements, including Grid Security Conference, GridEx and other exercises.
- Monitor and analyze cyber threat intelligence from sources such as E-ISAC, DHS Cybersecurity and Infrastructure Security Agency (CISA), InfraGard, and other local, state, federal, provincial law enforcement and governmental agencies.
- Monitor and coordinate communication on relevant critical infrastructure protection industry activities, including CISA, FERC Rulings and Notice of Proposed Rulemakings, to provide prompt notification to NPCC members of emerging issues.
- Perform other duties as assigned in support of the Reliability Services Program Areas in accordance with the NPCC Long-term strategy.
Required Qualifications
- Bachelor’s degree in Cybersecurity, Information Technology, Information Systems, Operational Technology, or a related field (or equivalent experience)
- 5-10 years of experience in cybersecurity, infrastructure security, or critical infrastructure environments (electric utility preferred)
- Experience with IT/OT security, risk management, and/or CIP related activities
- Strong understanding of cybersecurity principles, threat landscapes, and risk management strategies
- Excellent communication, analytical, and problem-solving skills
- Proven ability to develop and deliver training and outreach programs
Preferred Qualifications
- Strong knowledge of NERC CIP standards and regulatory frameworks
- Experience in OT/Industrial Control Systems (ICS) environments
- Familiarity with cybersecurity frameworks (e.g. NIST, CIS)
- Experience with cloud environments and secure communications architecture
- Knowledge of substation networks and protocols (e.g. IEC 61850/GOOSE)
- Familiarity with Artificial Intelligence Risk Management Framework (NIST AI RMF 1.0) or equivalent
Skills And Abilities
- Excellent verbal and written communication skills
- Excellent interpersonal and conflict resolution skills
- Excellent organizational skills and attention to detail
- Strong analytical and problem-solving skills
- Strong supervisory and leadership skills
- Ability to work independently and collaboratively in a team environment
- Self-starter with the ability to manage multiple priorities, multitask effectively, and prioritize work in a fast-paced environment
- Proficient with Microsoft Office Suite or related software