Senior Operations Cybersecurity Analyst

About The Position

Requirements

• Bachelors degree in Cybersecurity, Engineering or Computer Science
• minimum 6 years related work experience
• In lieu of required degree, Associates degree and 8 years, or High School/GED and 10 years of related work experience

Nice To Haves

• Working knowledge of NERC CIP standards and NIST Cybersecurity Framework
• Working knowledge of power generation Distributive Control Systems (DCS)
• Working knowledge of protection and control equipment
• Working knowledge of SCADA and communication systems
• Working knowledge of network architecture and firewall security
• Ability to troubleshoot network communication equipment and systems
• Experience in cybersecurity risk identification, management, audit, and compliance
• Strong understanding of IT and OT Cybersecurity policies, standards, processes, and controls
• Excellent verbal and written communication skills
• Skilled principles of project management
• Experience in the utility industry
• Professional certification in cybersecurity or engineering

Responsibilities

• Monitor and evaluate the effectiveness of the enterprise's cybersecurity safeguards
• Provide oversight of the cybersecurity program implementation, including Extent of Condition, Request for Information, internal audit reviews
• Perform security reviews and identify gaps in security architecture
• Assess the effectiveness of security controls
• Collaborate with cybersecurity leadership to align security technologies, processes, and people with Duke's strategic plan
• Define Duke's security standards, baselines, and performance metrics
• Participate in Risk Governance process
• Review and conduct audits of cybersecurity programs and projects
• Validate compliance with policies, guidelines, procedures, regulations, and laws
• Ensure compliance with internal and external cybersecurity programs and standards
• Monitor and validate the effectiveness of the enterprise's cybersecurity compliance controls and programs
• Participates within working groups and taskforce activities representing Duke Energy interests such as NATF, NAGF, EPRI, SERC, NERC, EEI and the cybersecurity industry to acquire and share information on best practices
• Provide mentorship to other team members
• Perform day-to-day activities in support of cybersecurity programs and policies. This may include maintenance (patching/upgrade), support of new installations or upgrades, and other items as directed
• Support the development of the cybersecurity program for operational technology assets
• Implement the cybersecurity controls to prevent, detect, assess, and respond to complex control system cybersecurity events and incidents
• Support large, complex, or multiple smaller cybersecurity projects
• Implement and maintain cybersecurity infrastructure including firewalls, endpoint protection, and operational technology systems
• Support cyber defense trend analysis and reporting development
• Correlate incident data to identify vulnerabilities and make recommendations for remediation
• Provide mentorship to other team members

Benefits

• Opportunities for growth and development
• Recognition for your work
• Competitive pay and benefits
• Relocation Assistance Provided