SrCyber Sec Perf Analyst / Oversight

WHO WE ARE

As the nation's largest producer of clean, carbon-free energy, Constellation is focused on our purpose : accelerating the transition to a carbon-free future. We have been the leader in clean energy production for more than a decade, and we are cultivating a workplace where our employees can grow, thrive, and contribute.

Our culture and employee experience make it clear : We are powered by passion and purpose. Together, we're creating healthier communities and a cleaner planet, and our people are the driving force behind our success. At Constellation, you can build a fulfilling career with opportunities to learn, grow and make an impact. By doing our best work and meeting new challenges, we can accomplish great things and help fight climate change. Join us to lead the clean energy future.

TOTAL REWARDS

Constellation offers a wide range of benefits and rewards to help our employees thrive professionally and personally. We provide competitive compensation and benefits that support both employees and their families, helping them prepare for the future. In addition to highly competitive salaries, we offer a bonus program, 401(k) with company match, employee stock purchase program; comprehensive medical, dental and vision benefits, including a robust wellness program; paid time off for vacation, holidays, and sick days; and much more.

Expected salary range of $120,600 to $134,000, varies based on experience, along with comprehensive benefits package that includes bonus and 401(k).

PRIMARY PURPOSE OF POSITION

The Cyber Security Analyst (CSA) will work closely with functional areas throughout the Constellation cyber security program to execute the strategy for technical security controls, providing pro-active cyber security risk management analysis and technical oversight. The CSA will act as a team lead to the Cyber Security Technical Compliance team to effectively communicate and execute the Constellation technical oversight plan. The CSA will assist the manager in leading the technical oversight program. The CSA will assist in the development of appropriate security risk management plans. The CSA will work closely with all business areas responsible for regulated systems, as well as unregulated OT and IT systems to ensure effective implementation of security controls; providing analytical and technical recommendations where needed. Work closely with the Cyber Technical Compliance team to assist with the identification, analysis, and remediation of cyber security risk.

PRIMARY DUTIES AND ACCOUNTABILITIES

Work closely with technical teams and various Constellation business units to provide oversight to security standards subject to regulatory enforcement, as well as internal IT / OT security controls including :

Conduct technical oversite activities, conduct briefs for site leadership, provide recommendations (technical and non-technical).

Assist business areas identify cost effective solutions to meet compliance, when necessary.

Conduct interviews with contractors and employees to ensure policy, procedures, and processes are being followed accordingly.

Verify security requirements are in place for all applications related to NERC CIP, TSA Gas, CMMC, Maritime Transportation Security, etc.

Create reporting metrics on the health of the various internal security controls programs.

Provide analytical and data analysis of security assessments to other team members, technical teams, and business clients, including :

Work with stakeholders to resolve issues around regulatory compliance and determine root cause analysis of underlining issue / s.

Develop specific risk mitigation strategies for systems and / or applications.

Support Constellations cyber security incident response program as needed for.

Plan and support annual regulatory cyber security incident response drills and tabletops.

Ensure lessons learned and the Cyber Security Incident Response Plan (CSIRP) is updated as required.

Work closely with the IT regulatory disaster recovery programs.

Support Constellations cyber / IT disaster recovery program as needed.

Plan and support annual regulatory disaster recovery drills and tabletops.

Ensure lessons learned and recovery plans are updated as required

Assist with mitigation, incident remediation, and associated activities.

MINIMUM QUALIFICATIONS

Bachelor of Science Degree, and typically 5 to 8 years of solid, diverse experience in security assessments, investigations, incident response, data analysis or equivalent combination of education and work experience.

At least 5 years of demonstrable security assessments / investigations or related experience, including :

Experience with an internal control framework (Cobit or COSO)

Data analysis and internal / external technical audit best practices

Regulatory standards (NERC CIP, TSA Gas, etc.)

Ability to use initiative and independent judgment within established procedural guidelines; assess and prioritize multiple tasks, projects and demands

Knowledge of human-computer interaction principles

Knowledge of cybersecurity best practices and principles

Strong problem solving and creative skills and the ability to exercise sound judgment and make decisions based on accurate and timely analyses

Ability to create and deliver presentations.

Ability to create security guideline documents.

Comprehensive understanding of change management techniques associated with recent technology implementation.

Demonstrated experience producing an economic business case.

Demonstrated leadership ability.

Proven analytical, problem solving, and consulting skills.

Excellent communication skills and the proven ability to work effectively with all levels of IT (Information Technology) and business management.

PREFERRED QUALIFICATIONS

Graduate degree in cyber security or related area of expertise.

Relevant security certifications (CISA, CISSP, CISM, etc.)

NERC CIP and / or TSA Gas technical experience.

Demonstrable, expertise in the following disciplines : Internal / External Technical Auditing, Data Analysis, Investigations, Evidence collection, Multi-Security Disciplines, Security Assessments, Network Security Engineering principles, Cyber Security Risk Management Framework, Risk Assessments / Risk Mitigation, ICS (Industrial Control System) / SCADA (supervisory control and data acquisition) System Security (design, controls).

Demonstrable expertise collection of evidence, presenting evidence to auditors, senior leadership.

Demonstrable expertise in understanding of system hardening processes, tools, guidelines, and benchmarks.

Constellation is proud to be an equal opportunity employer and employees or applicants will receive consideration for employment without regard to : age, color, disability, gender, national origin, race, religion, sexual orientation, gender identity, protected veteran status, or any other classification protected by federal, state, or local law.