Security Analyst PRIMARY PURPOSE OF POSITION The Cyber Security Compliance Analyst will exist as part of the broader Cyber Security Governance function that works across IT and business teams to ensure compliance with cyber-specific laws, rules, and regulations applicable to the organization. Leverages in-depth technical knowledge and expertise to support delivery and maintenance of IT Cyber Security services and partners with teams across IT and the Business to lead projects or project steps related to Cyber Security. The Cyber Security Compliance analyst is also a recognized Subject Matter Expert (SME) in the area of Security Control Program (IT SCP) working directly with individuals/departments across all areas (Corporate, Commercial, Generation, and Nuclear).
Security Analyst PRIMARY DUTIES AND ACCOUNTABILITIES
Support and perform IT Cyber Security governance and oversight activities, including analysis of Cyber security policies, programs, and activities, developing and tracking performance metrics, reporting, and developing documentation.
Develop metrics to convey the status and heath of applicable cyber-security compliance initiatives.
Support the business development and maintenance of Governance Risk and Compliance (GRC) system.
Maintain comprehensive records for all concerns and/or findings during the compliance process; support issues tracking and drive corrective action/remediation efforts.
Perform compliance activities including control testing, self-assessments and support engagements with internal and external auditors and support vendors.
Support business partners and report compliance results with respect to the adherence to and compliance with applicable cyber laws, regulations, and control frameworks
Read, analyze, and interpret business, professional, technical or government documents.
Recommend and implement change and process improvements to the cyber compliance areas to ensure sustained compliance and operational efficiencies.
Develop/Maintain and Deliver assigned courses within the IT Cyber Security Security Control Learning Series
Develop and review educational/training materials and job aids which support the Security Control Program (IT SCP)
Provide functional and technical support for the GRC platform.
Provide security controls technical SME support to various app owners and infrastructure owners (Supporting weekly office hours or as needed one on one)