Sr (Lead) Security Analyst I (II)

Flexible Work Arrangement: Hybrid

The Sr. (Lead) Security Analyst is responsible for leading and coordinating activities related to compliance, documentation, verification, monitoring, and reporting for the NERC CIP (Critical Infrastructure Protection) standards. This individual develops and maintains policies, standards, procedures, and control activities by working closely with CIP Compliance business partners. This individual also verifies control design and effectiveness on a scheduled basis and develops submittals to regional entities and auditors.

Essential Functions:

• Applies understanding of IT security in conjunction with NERC standards to develop effective strategies and work plans for PJM's NERC CIP program.
• Leads or participates in departmental and cross-functional projects to successful completion using project management approaches.
• Assists requirement owners in designing and implementing effective controls to ensure compliance with NERC CIP standards.
• Monitors and influences the development of new standards / new versions of standards and evaluates the impacts of the new /changed standards to PJM. Assists requirements owners with the transition process.
• Coordinates PJMs comments / balloting on all NERC CIP Standards related postings from FERC, NERC, RF and SERC.
• Verifies that the design of security controls for compliance with NERC CIP standards is effectively maintained.
• Lead or participate in the creation, modification, and implementation of control activities to ensure compliance with the NERC CIP standards.
• Reviews evidence of compliance and tests to ensure that the objectives of controls are being satisfied; identifies areas for improvement; and is an integral part of ensuring improvements are implemented.
• Works collaboratively with internal stakeholders by facilitating the assessment of new applications and new cyber assets to determine their criticality.
• Supports the automation of security control activities.
• Develops and implements detailed compliance reports for NERC CIP standards and control activities.
• Participates in policy, standard, and procedure reviews and updates.
• Participates in RSAW reviews and updates.
• Participates in industry calls as assigned.
• Leads training of internal personnel and presents compliance topics to members and industry stakeholders.
• Assesses new technologies and their associated security and compliance risks in order to put plans into place for mitigating these risks.
• Works to champion an understanding of the NERC CIP requirements as relative to PJM.
• Identifies, documents, and reports security risks as relative to NERC CIP standards.
• Conducts internal compliance reviews and coordinates self-reporting of potential violations. Assists control owners in the development and execution of mitigation plans. Ensures timely completion of all mitigation plan activities and facilitates evidence collection.
• Develops an understanding and assists in defining the obligations of PJM's affected Business Units to reasonably demonstrate compliance with the NERC CIP Standards.
• May assist other team members as assigned
• Other related duties as assigned

• BS, Business Administration
• BS, Information Systems or equivalent work experience
• At least 5 years of experience in the field of Information Security, Information Systems Auditing, Information Technology
• At least 5 years of experience auditing/compliance, security, and/or information technology
• Ability to produce high-quality work products with attention to detail
• Ability to communicate effectively in a team environment
• Experience in quantitative and qualitative analysis
• Experience using verbal and written communications skills
• Ability to use Microsoft Office Suite (MS-Word, MS-Excel and MS-PowerPoint)
• Ability to produce high-quality work products with attention to detail
• Ability to visualize and solve complex problems
• Experience with FERC, NERC CIP and RFC compliance
• Experience in information security, access control systems, encryption, and related applications
• Experience with conducting an annual security assessment to identify risk and vulnerabilities and develop recommendations for senior management based on results

• MBA, Business Administration
• MS, Information Systems
• Experience with PJM operations, markets, and planning functions
• Experience supporting any of PJM Committees
• Experience with PJM operations, markets, and planning functions
• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• Certified Information Systems Security Professional (CISSP)