Analyst Security Grc 3

Deadline to Apply: February 25, 2024

We are engineers, high line workers, power plant managers, accountants, electricians, project coordinators, risk analysts, customer service operators, community representatives, safety and security specialists, communicators, human resources partners, information technology technicians and much, much more. We are 3,300 people committed to enhancing the lives of the communities we serve.  Together, we are powering the growth and success of our community progress every day!

Pay Grade

Grade Level 11, 13, 15*

*Qualifications may warrant placement at a different job level

Position Summary

The position develops and/or maintains security roles for business applications, analytic systems, third-party systems and responsible for managing application risk. The position also develops and/or maintains cybersecurity-related processes, procedures and performs administrative tasks necessary to control several types of organizational risks, govern data security and access authorizations. The position must also monitor and interpret the various regulatory statutes and protocols as well as coordinate and implement new initiatives related to governance, risk and compliance for internal and external audits.

Tasks and Responsibilities

• Internal consultant for governance, risk, and compliance (GRC) activities
• Assist in the development and implementation of programs, processes, and procedures used to support governance, risk, and compliance efforts
• Provides system security design, administration, risk analysis, and supports tasks across all Enterprise Resource Planning (ERP) modules
• Responsible for analyzing and determining if a segregation of duties (SoD) conflict/risk exists within a group of transactions, and work with stakeholders to address risk
• Collaborate with security staff, audit team, risk management, ERP support teams, and business owners to ensure proper controls are in place for ERP roles and authorizations, and that governance is supported
• Understand, communicate and translate authorization concepts to business owners, ERP support teams, and security staff
• Develop security deliverables for enhancements to production systems
• Utilize GRC tools to manage list of external authoritative sources, information technology controls, corporate policies and procedures, vendor management system, and risk management workflows
• Interpret various regulatory standards and requirements impacting CPS Energy and the security organization
• Collaborate with various business units to understand constraints impacting their operations and their risks associated with GRC controls
• Perform IT Security Reviews
• Prepare internal and external audit evidence
• Maintain proficiency with applicable laws, regulations, and standards
• Perform cyber vulnerability assessments and risk assessment to proactively secure the organization
• Performs other duties as assigned

Minimum Skills

Minimum Knowledge and Abilities

Solid knowledge of IT Systems, network protocols, network devices and operating systemsSolid knowledge of data governance and privacySolid knowledge of compliance related activities (NERC, PCI, HIPAA)Solid knowledge of integrated processes in an ERP SystemSolid knowledge of authorization concepts in an ERP SystemProficient with Microsoft Office suite, including word processing, spreadsheets, and presentation softwareProficient with Database administration to include (MS SQL Server and Oracle)Strong ability to diagnose and troubleshoot moderately complex security issues (ex: security authorizations, account provisioning/deprovisioning, compliance issues)Ability to speak in public as a subject matter expertStrong ability to comprehend results from security assessment and analyze impacts of those assessmentsAbility to provide after hours and/or on-call system supportEffectively handles moderately complex assignments collaboratively or independently, occasionally under time constraintsMid-level experience or additional experience will be considered as a substitute for degree

Preferred Qualifications

• Advanced knowledge of the Energy Sector (Gas and Electric)
• Advanced knowledge of GRC practices
• I.T., security, GRC or audit related professional certifications
• Excellent Presentation skills

Competencies

Demonstrating InitiativeCommunicates EffectivelyCoordinating Project ActivitiesCreating and Maintaining NetworksDelivering High Quality WorkDriving Continuous Improvement

Minimum Education

Bachelor’s Degree in Business Administration, Information Sys, Information Tech, Information Tech Security, Computer Science, Management Information Sys, Information Security; OR related field from an accredited university or equivalent work experience.

Required Certifications

Working Environment

Work environment includes extensive indoor work, computer usage, manual dexterity, talking on the phone and in-person, hearing, and performing repetitive motions.Must have the ability to travel to and from meetings, training sessions, and other business related events. Work responsibilities include being on-call as needed after the normal workday and/or on weekends.

Physical Demands

Exerting up to 10 pounds of force occasionally, and/or a negligible amount of force frequently or constantly to lift, carry, push, pull or otherwise move objects, including the human body.Sedentary work involves sitting most of the time. Jobs are sedentary if walking and standing are required only occasionally, and all other sedentary criteria are met.

CPS Energy does not discriminate against applicants or employees. CPS Energy is committed to providing equal opportunity in all of its employment practices, including selection, hiring, promotion, transfers and compensation, to all qualified applicants and employees without regard to race, religion, color, sex, sexual orientation, gender identity, national origin, citizenship status, veteran status, pregnancy, age, disability, genetic information or any other protected status. CPS Energy will comply with all laws and regulations.

Team events