Senior Security Risk Analyst

The Senior Security Risk Analyst position provides specialized enterprise-wide cybersecurity risk management to assist with maintaining an acceptable level of security and privacy risk while ensuring cybersecurity resilience of OPPD's enterprise technology systems. The Senior Security Risk Analyst is responsible for leading in the development and delivery of a comprehensive security and privacy risk management framework and the audit of defense-in-depth layering of security principles and controls to reduce and manage enterprise technology risks and ensure the protection of OPPD's people, processes, and technology. These efforts support OPPD's Technology team and other business units by providing analysis and advice regarding cyber related business and operational risks across OPPD. This work demands a self-starter mindset, initiative, analytical skills, strong communication skills, and technical expertise while working to maintain and broaden their professional expertise through approved training, collaboration with peers, and attendance at professional meetings/conferences.

Policy and Security Governance :

• Develop and maintain cybersecurity policies and supporting documentation (i.e., standards, procedures, etc.) and ensure control requirements and policy guidance remains current and applicable.

• Develop strategies to share and socialize cybersecurity policies and supporting documentation across the organization.

• Maintains awareness of changes to regulatory compliance landscape including applicable laws, statues, regulations, and privacy requirements that impact both the energy utility industry and enterprise security.

  Risk Management:

• Coordinate and execute OPPD's Risk Management Program by performing the following daily duties, which include, but are not limited to risk identification, risk analysis, risk treatment determination, risk remediation, continuous monitoring, reporting/quality management, and lifecycle management.

• Coordinate and conduct internal and external risk assessments following OPPD's established process and methodology. Create, review comprehensive reports to ensure accuracy, consistency, and transparency. Present comprehensive reports to internal stakeholders and enter all open risks into risk registry

  Awareness and Training:

• Supervise the continuous development, implementation, and ongoing maintenance of the security training and awareness education program.

• Support creation and delivery of security and data protection awareness training content to end users.

  Data Governance and Privacy:

• Develop and implement data privacy policies, standards, procedures to protect company and customer data.

• Execute OPPD's data governance strategy and implement initiatives sponsored by the Data Privacy Office.

  Qualifications

  Required:

• Bachelor's degree in a technical/engineering discipline; or a combination of education and work experience that provides the necessary skills to perform the essential job functions.

• 7 years of relevant work experience in IT risk management, Information Security, Internal Audit, Information Technology, risk management, compliance or other relevant field.

• Knowledge and experience with Information Assurance (IA) technology, NIST standards, or other security risk frameworks (Experience with NERC-CIP, CMMC, ISO 27001, PCI DSS, SOC 1, SOC 2)

• CRISC or related information security certification

• Third party, technology, and project risk assessment experience.

• Experience with Governance, Risk, and Compliance (GRC) tools

• Knowledge of security methodologies, policies, standards and industry practices

  Desired:

• Master's degree in a technical/engineering discipline

• Ability to gain NERC and nuclear unescorted access as needed and support vulnerability and account management programs in the following compliance areas (NERC, NRC (NEI 08-09), PCI).

• Knowledge of key information technology systems, infrastructure and operations

• Experience performing information security assessments and compliance audits in the global high-tech industry; demonstrable and deep understanding of common security controls, processes and technical solutions to safeguard network, system, application and data in on premise and cloud environments.

• Experience in developing information security policies, standards and other forms of information security program documentation.

• Knowledge of training and development best practices

• Knowledge or working experience of data privacy and governance operations, principles, and practices

  Closing Statement

Level: S5

Foundation: $94,112

Maximum: $141,168

Where the Light Starts

What does it mean to be the source of light? On a basic level, it means operating from a place of honesty and integrity. It's how we achieve things. How we provide affordable, reliable, environmentally sensitive energy. Because it matters. We've pledged to serve, honor, and care for this community. That means the 13 counties we service, and it means one another. It means the people right here at OPPD proudly comprised and welcoming of every creed, race, age, orientation, and color. Being where the light start's means showing up for each other and the people we serve. Doing the right thing even when no one's watching. We're proud of our commitment. We reward creative problem solving. We recognize that consistency and reliability are tremendous resources. That providing these things to the community and each other is a privilege. Because we are leading the way the future is powered. We are the source of light. Out there. In here. Everywhere.

Org Marketing Statement

EOE: Protected Veterans/Disability

How To Apply

Apply online at www.oppd.com on or before June 06,2024

Recruiter: Patique Collins - pncollins@oppd.com #LI-PC

PLEASE NOTE - Your application has not been submitted unless you have applied for a specific requisition. If you have not chosen a specific opening, your application will remain in 'DRAFT' form and will not be viewed by our Human Capital staff.