IT Security Analyst

Join to apply for the IT Security Analyst role at PPL Corporation

Company Summary Statement

As one of the largest investor-owned utility companies in the United States, PPL Corporation (NYSE : PPL), is committed to creating long-term, sustainable value for our 3.5 million customers, our shareowners and the communities we serve. Our high-performing regulated utilities — PPL Electric Utilities, Louisville Gas and Electric, Kentucky Utilities and Rhode Island Energy — provide an outstanding experience for our customers, consistently ranking among the best utilities in the nation. PPL's companies are also addressing challenges head-on by investing in new infrastructure and technology that is creating a smarter, more reliable and resilient energy grid. We are committed to doing our part to advance a cleaner energy future and drive innovation that enables us to achieve net-zero carbon emissions by 2050 while maintaining energy reliability and affordability for the customers and communities we serve. PPL is a positive force in the cities and towns where we do business, providing support for programs and organizations that empower the success of future generations by helping to build and maintain strong, diverse communities today.

Overview

PLEASE NOTE : THIS POSITION IS HYBRID - IN OFFICE 3 DAYS A WEEK - TO ONE OF OUR LOCAL OFFICES IN : LOUISVILLE, KY OR ALLENTOWN, PA.

The Cybersecurity organization advances the overall state of security at PPL through critical initiatives and coordination of large security and customer-focused projects. The organization builds and procures technologies, tools, and processes to better enable teams at PPL to develop secure platforms and protect data and systems with appropriate security controls. Enterprise Cybersecurity also develops systems to monitor and respond to attacks against our systems, provides educational awareness to the corporation on security best practices, and ensures data sharing relationships with third parties securely protect PPL information.

Purpose

As a key member of the Enterprise Cybersecurity Compliance team, the Enterprise Cybersecurity Compliance Analyst is an experienced and detail-oriented compliance professional. The position will oversee technical and business controls, within their scope, and work on a team of cybersecurity professionals to help build a strong strategy and culture of compliance for the NERC Critical Infrastructure Protection (CIP) Reliability Standards, TSA gas pipeline security directive, Controls & Regulatory Compliance for the IT department, and other cybersecurity compliance regulations, directives, and frameworks. This position will assist with developing and implementing policies, procedures, technologies, and programs to maintain, demonstrate, and improve compliance. The position drives compliance direction for Cybersecurity in NERC CIP, TSA security directive, and other compliance areas including participating as a subject matter expert (SME).

Responsibilities

• Participates in compliance activities including providing consulting assistance with business areas and IT groups for cybersecurity compliance standards, policies, procedures, and measures.
• Performs assessments, helps the organization institute, and monitor compliance with cybersecurity framework and regulatory requirements.
• Supports teams in regulatory audits, spot-checks, and self-certifications including mock audits.
• Assists in preparing for compliance audits where responsibilities include developing Reliability Standard Audit Worksheets (RSAWs) and compiling supporting evidentiary documentation.
• Collaborates with relevant stakeholders in the development of audit responses and remediation plans for any identified findings.
• Coordinates event and root cause analysis to identify gaps in controls including advising and supporting management in defining appropriate remedial actions and tracking.
• Provides high level research on internal projects, recommending strategic directions and plans that address company-wide security issues. This includes projects related to CIP implementations.
• Maintains accurate and up-to-date documentation related to NERC CIP Compliance, and other compliance frameworks.
• Balances security best practices and business drivers against framework requirements, business risk, and impact to make recommendations that minimize PPL's risk profile.
• Plays a role in complex problem analysis and makes recommendations for how to advance PPL's cybersecurity compliance profile and culture with a team of motivated individuals.
• Contributes to developing, implementing, and evaluating project plans, goals, and timelines for the implementation of internal controls across all applicable standards.
• Effectively communicates with clients, peers and management in security matters in both verbal and written form.
• Identifies opportunities for continuous improvement in Cybersecurity's compliance program.
• Performs other duties as assigned.

Qualifications

Education

Experience

J-18808-Ljbffr