Sr. Security Analyst I (II)
PJM Interconnection · Audubon, PA · 1 wk ago
Information TechnologyFull-time
Essential Functions
- Applies understanding of IT security in conjunction with NERC standards to develop effective strategies and work plans for PJM's NERC CIP program.
- Leads departmental and cross-functional projects to successful completion using project management approaches.
- Assists control owners in designing and implementing effective controls to ensure compliance with NERC CIP standards.
- Makes sure the design of security controls for compliance with NERC CIP standards is effectively maintained.
- Leads or participates in the creation, modification, and implementation of control activities to ensure compliance with the NERC CIP standards.
- Reviews evidence of compliance and tests to ensure that the objectives of controls are being satisfied; identifies areas for improvement; and is an integral part of ensuring improvements are implemented.
- Works collaboratively with internal stakeholders by facilitating the assessment of new applications and new cyber assets to determine their criticality.
- Supports the automation of security control activities.
- Develops and implements detailed compliance reports for NERC CIP standards and control activities.
- Participates in policy, standard, and procedure reviews and updates.
- Leads training of internal personnel and presents compliance topics to members and industry stakeholders.
- Assesses new technologies and their associated security and compliance risks in order to put plans into place for mitigating these risks.
- Works to champion an understanding of the NERC CIP requirements as relative to PJM.
- Identifies, documents, and reports security risks as relative to NERC CIP standards.
- Conducts internal compliance reviews and coordinates self-reporting of potential violations.
- Assists control owners in the development and execution of mitigation plans. Ensures timely completion of all mitigation plan activities and facilitates evidence collection.
- Develops an understanding and assists in defining the obligations of PJM’s affected Business Units to reasonably demonstrate compliance with the NERC CIP Standards.
Required Characteristics and Qualifications
- Bachelor degree in Business Administration, Information Systems
- At least 5 years of experience in the field of Information Security, Information Systems Auditing, Information Technology
- At least 5 years of experience auditing/compliance, security, and/or information technology
- Ability to produce high-quality work products with attention to detail
- Ability to communicate effectively in a team environment
- Experience in quantitative and qualitative analysis
- Experience using verbal and written communications skills
- Ability to use Microsoft Office Suite (MS-Word, MS-Excel and MS-PowerPoint)
Preferred
- MBA, Business Administration
- MS, Information Systems
- Experience with PJM operations, markets, and planning functions
- Experience supporting any of PJM Committees
- Experience with FERC, NERC CIP and RFC compliance
- Experience in information security, access control systems, encryption, and related applications
- Experience with conducting an annual security assessment to identify risk and vulnerabilities and develop recommendations for senior management based on results
- Certified Information Systems Auditor (CISA)
- Certified Information Security Manager (CISM)
- Certified Information Systems Security Professional (CISSP)