Job Description
Who We Are:
We're powering a cleaner, brighter future.
Exelon is leading the energy transformation, and we're calling all problem solvers, innovators, community builders and change makers. Work with us to deliver solutions that make our diverse cities and communities stronger, healthier and more resilient.
We're powered by purpose-driven people like you who believe in being inclusive and creative, and value safety, innovation, integrity and community service. We are a Fortune 200 company, 19,000 colleagues strong serving more than 10 million customers at six energy companies -- Atlantic City Electric (ACE), Baltimore Gas and Electric (BGE), Commonwealth Edison (ComEd), Delmarva Power & Light (DPL), PECO Energy Company (PECO), and Potomac Electric Power Company (Pepco).
In our relentless pursuit of excellence, we elevate diverse voices, fresh perspectives and bold thinking. And since we know transforming the future of energy is hard work, we provide competitive compensation, incentives, excellent benefits and the opportunity to build a rewarding career.
Are you in?Primary Purpose:
PRIMARY PURPOSE OF POSITION
The Sr Cyber Security Vulnerability Assessment Analyst will work closely with the departmental team Manager and/or a compliance partner to assure that all of the Cyber Security Vulnerability Assessment requirements are met, including technical task performance, as well as verifying that reports, documentation, and evidence are generated and properly filed across all relevant business units. The Sr Cyber Security Vulnerability Assessment Analyst will schedule, manage, and provide direction for the implementation of the Vulnerability Assessment Program’s at all Exelon Registered Entities. Additionally, this analyst will support the utility Business Units in the implementation and updates to policies, standards, and processes supporting vulnerability assessments. This position will be responsible for continuing to mature the overall vulnerability management program under the guidance of cybersecurity Leadership. This position also leads, coordinates, communicates, integrates, and is accountable for the overall success of the program, ensuring alignment with Exelon priorities and requirements. This position could be required to support vulnerability management in regulatory environments as well as non-regulatory initiative workload.
Note: This is a hybrid position (in-office with remote flexibility). Employees are required to be in office at least three days per week (Tuesday, Wednesday, and Thursday). Candidates must sit out of Baltimore, Chicago, Washington DC or Philadelphia. This position is NOT eligible for relocation assistance.
Primary Duties:
PRIMARY DUTIES AND ACCOUNTABILITIES
- Schedule, manage, and provide direction for the implementation of the vulnerability assessment programs at all of the Exelon Entities.
- Assure that all of the vulnerability assessment requirements are met and coordinate/perform the overall required services.
- Assure that all reports, documentation, and evidence for compliance are completed and properly finalized/submitted.
- Establish, maintain, and enhance relationships with utility business and IT partners. Communicate status to key stakeholders on a regular basis. Gather feedback on client satisfaction and internal service performance to foster continual improvement.
Job Scope:
JOB SCOPE
- The senior analyst will provide technical and work product guidance to junior analysts; however all Analysts (grades E01-E03) will report to the department manager directly. There are no supervisory duties associated with this role.
- The senior analyst position will execute the strategy and have some autonomy over day-to-day decisions.
- This role doesn’t have any budget responsibility, but the senior analyst may be tapped to support research related to budget planning
Minimum Qualifications:
MINIMUM QUALIFICATIONS
- Bachelor’s Degree in Computer Science, Information Technology (IT), Engineering, Business Administration or a related discipline, and typically 4-7 years of solid, diverse experience in managing cyber security vulnerability assessments or other technical cybersecurity discipline, or an equivalent combination of education and work experience.
- Ability to demonstrate analytical skills, technical knowledge, and practical application of cyber and information security principles to business leaders and technical staff.
- Experience managing complex projects.
- Knowledge and experience in the implementation of governance frameworks and security risk management processes, such as NIST, ISO, and COBIT guidelines and standards.
- Demonstrated experience in addressing regulatory compliance for the security requirements in applicable laws and regulations, such as NERC CIP, SOX, PCI DSS, and HIPAA.
- Knowledge and experience in application security standards, methodologies, and technologies.
- Knowledge of asset management principles and techniques including a comprehensive understanding of change management techniques.
- Knowledge of risk threat assessment methodologies.
- Demonstrated leadership ability.
- Proven analytical, problem solving, and consulting skills.
- Excellent communication skills and the proven ability to facilitate solutions effectively with all levels of leadership, IT and utility management.
Preferred Qualifications:
PREFERRED QUALIFICATIONS
- Graduate degree in cyber security or a related area of expertise.
- Direct experience with an Exelon utility business, or multiple.
- Experience developing management model documentation.
- Experience with OT automation industrial control systems and the corresponding instrumentation.
- Relevant certifications (CISSP, GIAC, PMP)
- Experience and expert subject matter knowledge of SCADA, ICS, distribution automation, smart grid, DMS, and/or ECS systems architecture.
- Knowledge of network protocols (e.g., Transmission Control Protocol/Internet Protocol [TCP/IP])
- Knowledge of Dynamic Host Configuration Protocol [DHCP]), and directory services (e.g., Domain Name System [DNS]).
- Knowledge of system administration, network, and operating system hardening techniques.
- Knowledge of system administration concepts for Unix, Linux, and/or Windows operating systems including server experience.
- Knowledge of Tenable Security Center and Nessus.
- Knowledge and experience in application and systems security standards, methodologies, and technologies.
- Demonstrated experience and subject matter knowledge in assessing cyber security vulnerabilities for operational technology applications.
- Knowledge of system life cycle management principles, including software security and usability.
Benefits:
Benefits - Annual salary will vary based on a candidate’s skills, qualifications, experience, and other factors: $103,200.00/Yr. – $141,900.00/Yr.
- Annual Bonus for eligible positions: 15%
- 401(k) match and annual company contribution
- Medical, dental and vision insurance
- Life and disability insurance
- Generous paid time off options, including vacation, sick time, floating and fixed holidays, maternity leave and bonding/primary caregiver leave or parental leave
- Employee Assistance Program and resources for mental and emotional support
- Wellbeing programs such as tuition reimbursement, adoption and surrogacy assistance and fitness reimbursement
- Referral bonus program
- And much more
Note: Exelon-sponsored compensation and benefit programs may vary or not apply based on length of service, job grade, job classification or represented status. Eligibility will be determined by the written plan or program documents.
Job Tags
Holiday work, Full time, Work experience placement, Remote job, Relocation package, 3 days per week,