PRIMARY PURPOSE OF POSITION

The Cyber Security Analyst (CSA) will work closely with functional areas throughout the Constellation cyber security program to execute the technical, and tactical elements of the NERC (North American Electric Reliability Corporation) CIP (Critical Infrastructure Protection) cyber security assessment strategy, eliminating a functional cyber security capability gap while providing pro-active cyber security risk management analysis and investigations. The CSA will act as a team lead to the Cyber Security NERC CIP Assessment teams to effectively communicate and assist in identifying and correcting/mitigating underlying compliance and security issues. The CSA will lead the technical oversight program, and NERC CIP self-assessments. The CSA will ensure the implementation of a sound root cause analysis is created to track current and future NERC CIP events. The CSA will assist in the development of appropriate security risk management plans. The Cyber Security Engineer (CSA) will work closely (and primarily) with all regulated clients to implement effective NERC CIP standards and requirements; provide analytical and technical recommendations where needed. Work with all parties for new standards or requirements for remediation and implementation efforts. Meet the business clients (IT/OT) and management to help specify and negotiate application security requirements; work closely with application teams to ensure secure transition of applications into production. Provide guidance around architecting and implementing effective NERC CIP solutions; develop documentation to support ongoing security systems operations, maintenance, and problem resolution. Ability to mitigate vulnerabilities, remediate incidents, and affect change requests in support NERC CIP remediation efforts. Work closely with the Security Policy and Risk Office to assist with the identification, analysis, and remediation of cyber security risk.

PRIMARY DUTIES AND ACCOUNTABILITIES

• Work closely with technical teams and various Constellation business units to provide oversight to NERC CIP standards subject to regulatory enforcement, including:
  • Conduct technical oversite visits, conduct briefs for site leadership, provide recommendations (technical and non-technical).
  • Identify cost effective solutions to meet compliance when necessary.
  • Conduct interviews with contractors and employees to ensure policy, procedures, and processes are being followed accordingly.
  • Provide Internal Control guidance around NERC CIP standards to Constellation stakeholders.
  • Verify security requirements are in place for all applications related to NERC CIP.
  • Create reporting metrics on the health of the compliance program.
• Provide analytical and data analysis of security assessments to other team members, technical teams, and business clients, including:
  • Provide Internal Control guidance around NERC CIP assessments as well as to other stakeholders and experts.
  • Work with stakeholders to resolve issues around NERC CIP compliance and determine root cause analysis of underlining issue/s.
  • Provide input to implementation plans and standard operating procedures as they relate to information systems security.
  • Develop specific risk mitigation strategies for systems and/or applications related to NERC CIP.
• Assist/lead teams in cyber security Incident Reporting and Response Planning to ensure compliance standards are met.
  • Ensure all compliance reports are sent to the appropriate entity as required for Constellation cyber security incidents involving NERC CIP.
  • Support Constellations cyber security incident response program as needed for non-NERC CIP events.
  • Plan and support annual NERC CIP cyber security incident response drills and tabletops.
  • Ensure lessons learned and the Cyber Security Incident Response Plan (CSIRP) is updated as required.
• Work closely with the IT/NERC CIP disaster recovery programs.
  • Ensure all compliance reports are sent to the appropriate entity as required for Constellation cyber/IT disaster recovery events involving NERC CIP.
  • Support Constellations cyber/IT disaster recovery program as needed for non-NERC CIP events.
  • Plan and support annual NERC CIP disaster recovery drills and tabletops.
  • Ensure lessons learned and recovery plans are updated as required
• Assist with mitigation, incident remediation, and associated NERC CIP activities.

MINIMUM QUALIFICATIONS

• Bachelor of Science Degree, and typically 5 to 8 years of solid, diverse experience in security assessments, investigations, incident response, data analysis or equivalent combination of education and work experience.
• At least 5 years of demonstrable security assessments/investigations or related experience, including:
  • Experience with an internal control framework (Cobit or COSO)
  • Knowledge of data analysis
  • Knowledge of Internal Controls (NERC CIP or SOX)
  • Ability to use initiative and independent judgment within established procedural guidelines; assess and prioritize multiple tasks, projects and demands
  • Knowledge of human-computer interaction principles
  • Knowledge of cybersecurity best practices and principles
  • Strong problem solving and creative skills and the ability to exercise sound judgment and make decisions based on accurate and timely analyses
  • Ability to create and deliver presentations.
  • Ability to create security guideline documents.
• Comprehensive understanding of change management techniques associated with recent technology implementation.
• Demonstrated experience producing an economic business case.
• Demonstrated leadership ability.
• Proven analytical, problem solving, and consulting skills.
• Excellent communication skills and the proven ability to work effectively with all levels of IT (Information Technology) and business management.

PREFERRED QUALIFICATIONS

• Graduate degree in cyber security or related area of expertise.
• Relevant security certifications (CISA, CISSP, CISM, etc.)
• NERC CIP experience.
• Demonstrable, expertise in the following disciplines: + Data Analysis + Investigations + Evidence collection, documentation + Multi-Security Disciplines + Security Assessments + Network Security Engineering principles + Cyber Security Risk Management Framework + Risk Assessments/Risk Mitigation + ICS (Industrial Control System) / SCADA (supervisory control and data acquisition) System Security (design, controls)
• Demonstrable collection of evidence, presenting evidence to auditors, senior leadership.
• Demonstrable understanding of system hardening processes, tools, guidelines, and benchmarks.