Sr (Lead) Security Analyst I (II)

ts requirement owners in designing and implementing effective controls to ensure compliance with NERC CIP standards.

• Monitors and influences the development of new standards / new versions of standards and evaluates the impacts of the new /changed standards to PJM. Assists requirements owners with the transition process.

• Coordinates PJMs comments / balloting on all NERC CIP Standards related postings from FERC, NERC, RF and SERC.

• Verifies that the design of security controls for compliance with NERC CIP standards is effectively maintained.

• Lead or participate in the creation, modification, and implementation of control activities to ensure compliance with the NERC CIP standards.

• Reviews evidence of compliance and tests to ensure that the objectives of controls are being satisfied; identifies areas for improvement; and is an integral part of ensuring improvements are implemented.

• Works collaboratively with internal stakeholders by facilitating the assessment of new applications and new cyber assets to determine their criticality.

• Supports the automation of security control activities.

• Develops and implements detailed compliance reports for NERC CIP standards and control activities.

• Participates in policy, standard, and procedure reviews and updates.

• Participates in RSAW reviews and updates.

• Participates in industry calls as assigned.

• Leads training of internal personnel and presents compliance topics to members and industry stakeholders.

• Assesses new technologies and their associated security and compliance risks in order to put plans into place for mitigating these risks.

• Works to champion an understanding of the NERC CIP requirements as relative to PJM.

• Identifies, documents, and reports security risks as relative to NERC CIP standards.

• Conducts internal compliance reviews and coordinates self-reporting of potential violations. Assists control owners in the development and execution of mitigation plans. Ensures timely completion of all mitigation plan activities and facilitates evidence collection.

• Develops an understanding and assists in defining the obligations of PJM's affected Business Units to reasonably demonstrate compliance with the NERC CIP Standards.

• May assist other team members as assigned

• Other related duties as assigned

Characteristics & Qualifications:

Required:

• BS, Business Administration

• BS, Information Systems or equivalent work experience

• At least 5 years of experience in the field of Information Security, Information Systems Auditing, Information Technology

• At least 5 years of experience auditing/compliance, security, and/or information technology

• Ability to produce high-quality work products with attention to detail

• Ability to communicate effectively in a team environment

• Experience in quantitative and qualitative analysis

• Experience using verbal and written communications skills

• Ability to use Microsoft Office Suite (MS-Word, MS-Excel and MS-PowerPoint)

• Ability to produce high-quality work products with attention to detail

• Ability to visualize and solve complex problems

• Experience with FERC, NERC CIP and RFC compliance

• Experience in information security, access control systems, encryption, and related applications

• Experience with conducting an annual security assessment to identify risk and vulnerabilities and develop recommendations for senior management based on results

Preferred:

• MBA, Business Administration
• MS, Information Systems
• Experience with PJM operations, markets, and planning functions
• Experience supporting any of PJM Committees
• Experience with PJM operations, markets, and planning functions
• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• Certified Information Systems Security Professional (CISSP)