Senior Cyber Risk Analyst
Description:
Job Summary:
Develop, maintain, and execute the company's Cyber Assessments program, also known as Third Party Risk Management, and Technology support. Cyber Assessments include corporate and technology Control Assessments using Fortress and coordinating independent assessments such as penetration tests, NIST CSF, and mock regulatory reviews. Technology supports focuses on our enterprise Archer implementation and Fortress solution.
The Cyber Assessments Analyst will work collaboratively with numerous teams including NERC CIP Compliance, Pipeline Compliance, Innovation, Supply Chain and the business. This role is responsible for executing the Cyber Assessment program and driving the effective use of Fortress and Archer, including upgrades, dashboards and metrics. Works closely with the Director of Cyber Compliance, the Manager Cyber Assessments, the Manager(s) Cyber Compliance, and others as needed to ensure that all assessment results are addressed and leverages Fortress and RSA Archer and their adoption.
Qualifications:
Bachelor's Degree or equivalent work experience that provides knowledge and exposure to fundamental theories, principles, and concepts
4-6 years 4+ years of IT experience in varying support functions
In-depth experience with ITIL processes and metrics
Knowledge of IT infrastructure components, trends, and best practices.
Solid skills with computers, operating systems, and software (MS Office 365 suite of products) and ability to learn new technical concepts quickly.
Analytical abilities, including process analysis and development, problem solving and root cause analysis.
Teaming skills, collaboration, negotiation, communication, organizational, people management and conflict resolution skills.
Willing to travel to business unit or Service Provider locations, as needed.
Involvement in multiple process improvement initiatives
Good written and verbal communication
Demonstrated participation in successful delivery of technical projects
Can work independently in multiple functional domains with minor assistance
Solid understanding of NIST 800-53 v5 Control sets.
Working knowledge of the gas and electric utility industry; additional experience a plus
Information Technology Infrastructure Library (ITIL) V4 certification Upon Hire
Preferred Additional Qualifications for Position
Demonstrated experience in Microsoft Excel and Word
Demonstrated experience in SharePoint
Demonstrated experience in ServiceNow
Experience using RSA Archer GRC tool