Cyber Security Analyst (Local - AZ Only)

Plays a crucial role in supporting the mission of providing affordable, reliable water and power to customers by participating in cyber security initiatives that protect operations. Collaborates with Information Technology and Operational Technology personnel to assess configurations and conditions to recommend cyber security control implementations based on risk. Coordinates risk and compliance assessments of most critical systems to determine if systems are in alignment with cyber security policies. Ensures security remediation is appropriately addressed by business groups and system owners. Applies industry knowledge and experience to advance strategic security objectives while ensuring business interests are served. Monitors and analyzes relevant trends, regulatory action, and other activities. Priorities also include consulting and advising business groups, projects teams, and individuals on translating cyber security policies and standards into requirements, ensuring effective cyber security / technology risk management, and guiding appropriate control and compliance activities. Supports risk management activities to identify, rank, prioritize, and follow up on remediation progress to cyber security address risk. Job Responsibilities Advising the Telecom Cyber Security Manager on cyber security compliance and risk matters. Facilitating the Telecom Network Cyber Security Governance program Participating in programs and projects that cross intra-organizational boundaries, requiring the employee to coordinate with organization-wide teams. Communicating, expanding, and contributing to cyber security compliance and risk management programs. Creating reports, presentations, dashboards, and other forms of written and visual deliverables to communicate risk and compliance activity, status, and results. Consulting and advising business groups, projects teams and individuals on translating cyber security regulations into requirements, ensuring effective cyber security / technology risk management and appropriate control and compliance activities Developing and maintaining cyber security compliance strategies for adherence to applicable standards, including but not limited to NERC CIP, National Institute of Standards and Technology Cyber Security Framework (NIST CSF), NIST Special Publication SP 800-53, Department of Energy’s Cybersecurity Capability Maturity Model (C2M2) Conducting cyber security assessment activities for internal technologies / systems. Ensuring security risks are appropriately addressed by following up with business groups and system owners to complete assigned security remediation. Informing cyber security leadership of emerging cyber compliance and risk trends. Participating in internal technical cyber compliance and risk groups. Knowledge, Skills, and Abilities Experience conducting security compliance and risk assessments, testing controls to determine security risk, and providing recommendations to technology groups. Knowledge of, and experience with, cyber security risk, compliance, and control framework implementations (NERC CIP, NIST 800-53, NIST CSF, Center for Internet Security Critical Security Controls (CIS CSC), etc.). Ability to analyze conditions / configurations and provide cyber security guidance in a variety of business process and technical scenarios. Capable of managing multiple compliance and remediation workstreams and communications, often with overlapping and competing deadlines and priorities. Familiar with cloud computing technologies, models, and security strategies. Understanding of Industrial Control System (ICS) and Operational Technology (OT) concepts, processes, and functionality. Special Licensing Industry security certifications preferred, including : CISSP - ISC2 Certified Information Systems Security Professional GIAC Certifications (example : GSEC, GSTRT, GCIP, etc.) CRISC - Certified in Risk and Information Systems Control CISA - Certified Information Systems Auditor Education Completion of a bachelor's degree from an accredited institution that prepares the employee for the assignment. Preference for Computer Information Systems, Information Assurance, Computer Science, Cyber Security, Engineering or Business degrees Experience 5 years professional experience in related field. Must demonstrate strong communication skills; familiarity with cyber security compliance and risk concepts; and an understanding of cyber security compliance and risk frameworks. Experience working with Information Technology and Operational Technology infrastructure components, operating systems, and applications from a security compliance and risk perspective. Experience participating in cyber security compliance and risk programs. Experience with common cyber security compliance and risk tools, such as Governance, Risk, and Compliance software, is preferred.