Analyst Security GRC 3 - San Antonio, United States - CPS Energy
Description
We are engineers, high line workers, power plant managers, accountants, electricians, project coordinators, risk analysts, customer service operators, community representatives, safety and security specialists, communicators, human resources partners, information technology technicians and much, much more.
We are 3,300 people committed to enhancing the lives of the communities we serve. Together, we are powering the growth and success of our community progress every dayPay Grade
*Qualifications may warrant placement at a different job level
Position Summary
The position develops and/or maintains security roles for business applications, analytic systems, third-party systems and responsible for managing application risk.
The position also develops and/or maintains cybersecurity-related processes, procedures and performs administrative tasks necessary to control several types of organizational risks, govern data security and access authorizations.
The position must also monitor and interpret the various regulatory statutes and protocols as well as coordinate and implement new initiatives related to governance, risk and compliance for internal and external audits.
Tasks and ResponsibilitiesInternal consultant for governance, risk, and compliance (GRC) activities
Assist in the development and implementation of programs, processes, and procedures used to support governance, risk, and compliance efforts
Provides system security design, administration, risk analysis, and supports tasks across all Enterprise Resource Planning (ERP) modules
Responsible for analyzing and determining if a segregation of duties (SoD) conflict/risk exists within a group of transactions, and work with stakeholders to address risk
Collaborate with security staff, audit team, risk management, ERP support teams, and business owners to ensure proper controls are in place for ERP roles and authorizations, and that governance is supported
Understand, communicate and translate authorization concepts to business owners, ERP support teams, and security staff
Develop security deliverables for enhancements to production systems
Utilize GRC tools to manage list of external authoritative sources, information technology controls, corporate policies and procedures, vendor management system, and risk management workflows
Interpret various regulatory standards and requirements impacting CPS Energy and the security organization
Collaborate with various business units to understand constraints impacting their operations and their risks associated with GRC controls
Perform IT Security Reviews
Prepare internal and external audit evidence
Maintain proficiency with applicable laws, regulations, and standards
Perform cyber vulnerability assessments and risk assessment to proactively secure the organization
Performs other duties as assigned
Minimum Knowledge and Abilities Solid knowledge of IT Systems, network protocols, network devices and operating systemsSolid knowledge of data governance and privacySolid knowledge of compliance related activities (NERC, PCI, HIPAA)
Solid knowledge of integrated processes in an ERP SystemSolid knowledge of authorization concepts in an ERP SystemProficient with Microsoft Office suite, including word processing, spreadsheets, and presentation softwareProficient with Database administration to include (MS SQL Server and Oracle)Strong ability to diagnose and troubleshoot moderately complex security issues (ex:
security authorizations, account provisioning/deprovisioning, compliance issues)Ability to speak in public as a subject matter expertStrong ability to comprehend results from security assessment and analyze impacts of those assessmentsAbility to provide after hours and/or on-call system supportEffectively handles moderately complex assignments collaboratively or independently, occasionally under time constraintsMid-level experience or additional experience will be considered as a substitute for degree
Deadline to Apply:
February 25, 2024
We are engineers, high line workers, power plant managers, accountants, electricians, project coordinators, risk analysts, customer service operators, community representatives, safety and security specialists, communicators, human resources partners, information technology technicians and much, much more.
We are 3,300 people committed to enhancing the lives of the communities we serve. Together, we are powering the growth and success of our community progress every dayPay Grade
Grade Level 11, 13, 15**Qualifications may warrant placement at a different job level
Position Summary
The position develops and/or maintains security roles for business applications, analytic systems, third-party systems and responsible for managing application risk.
The position also develops and/or maintains cybersecurity-related processes, procedures and performs administrative tasks necessary to control several types of organizational risks, govern data security and access authorizations.
The position must also monitor and interpret the various regulatory statutes and protocols as well as coordinate and implement new initiatives related to governance, risk and compliance for internal and external audits.
Tasks and ResponsibilitiesInternal consultant for governance, risk, and compliance (GRC) activities
Assist in the development and implementation of programs, processes, and procedures used to support governance, risk, and compliance efforts
Provides system security design, administration, risk analysis, and supports tasks across all Enterprise Resource Planning (ERP) modules
Responsible for analyzing and determining if a segregation of duties (SoD) conflict/risk exists within a group of transactions, and work with stakeholders to address risk
Collaborate with security staff, audit team, risk management, ERP support teams, and business owners to ensure proper controls are in place for ERP roles and authorizations, and that governance is supported
Understand, communicate and translate authorization concepts to business owners, ERP support teams, and security staff
Develop security deliverables for enhancements to production systems
Utilize GRC tools to manage list of external authoritative sources, information technology controls, corporate policies and procedures, vendor management system, and risk management workflows
Interpret various regulatory standards and requirements impacting CPS Energy and the security organization
Collaborate with various business units to understand constraints impacting their operations and their risks associated with GRC controls
Perform IT Security Reviews
Prepare internal and external audit evidence
Maintain proficiency with applicable laws, regulations, and standards
Perform cyber vulnerability assessments and risk assessment to proactively secure the organization
Performs other duties as assigned
Minimum Skills
Minimum Knowledge and Abilities Solid knowledge of IT Systems, network protocols, network devices and operating systemsSolid knowledge of data governance and privacySolid knowledge of compliance related activities (NERC, PCI, HIPAA)
Solid knowledge of integrated processes in an ERP SystemSolid knowledge of authorization concepts in an ERP SystemProficient with Microsoft Office suite, including word processing, spreadsheets, and presentation softwareProficient with Database administration to include (MS SQL Server and Oracle)Strong ability to diagnose and troubleshoot moderately complex security issues (ex:
security authorizations, account provisioning/deprovisioning, compliance issues)Ability to speak in public as a subject matter expertStrong ability to comprehend results from security assessment and analyze impacts of those assessmentsAbility to provide after hours and/or on-call system supportEffectively handles moderately complex assignments collaboratively or independently, occasionally under time constraintsMid-level experience or additional experience will be considered as a substitute for degree Preferred Qualifications
Advanced knowledge of the Energy Sector (Gas and Electric)
Advanced knowledge of GRC practices
I.T., security, GRC or audit related professional certifications
Excellent Presentation skills
Competencies Demonstrating InitiativeCommunicates EffectivelyCoordinating Project ActivitiesCreating and Maintaining NetworksDelivering High Quality WorkDriving Continuous Improvement Minimum Education Bachelor's Degree in Business Administration, Information Sys, Information Tech, Information Tech Security, Computer Science, Management Information Sys, Information Security; OR related field from an accredited university or equivalent work experience.
Required Certifications
Working Environment Work environment includes extensive indoor work, computer usage, manual dexterity, talking on the phone and in-person, hearing, and performing repetitive motions.
Physical Demands Exerting up to 10 pounds of force occasionally, and/or a negligible amount of force frequently or constantly to lift, carry, push, pull or otherwise move objects, including the human body.
Sedentary work involves sitting most of the time. Jobs are sedentary if walking and standing are required only occasionally, and all other sedentary criteria are met. CPS Energy does not discriminate against applicants or employees.CPS Energy is committed to providing equal opportunity in all of its employment practices, including selection, hiring, promotion, transfers and compensation, to all qualified applicants and employees without regard to race, religion, color, sex, sexual orientation, gender identity, national origin, citizenship status, veteran status, pregnancy, age, disability, genetic information or any other protected status.
CPS Energy will comply with all laws and regulations.Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.