PRIMARY PURPOSE OF POSITION

The Sr Cyber Security Vulnerability Assessment Analyst will work closely with the departmental team Manager and/or a compliance partner to assure that all of the Cyber Security Vulnerability Assessment requirements are met, including technical task performance, as well as verifying that reports, documentation, and evidence are generated and properly filed across all relevant business units. The Sr Cyber Security Vulnerability Assessment Analyst will schedule, manage, and provide direction for the implementation of the Vulnerability Assessment Program’s at all Exelon Registered Entities. Additionally, this analyst will support the utility Business Units in the implementation and updates to policies, standards, and processes supporting vulnerability assessments. This position will be responsible for continuing to mature the overall vulnerability management program under the guidance of cybersecurity Leadership. This position also leads, coordinates, communicates, integrates, and is accountable for the overall success of the program, ensuring alignment with Exelon priorities and requirements. This position could be required to support vulnerability management in regulatory environments as well as non-regulatory initiative workload.

Note: This is a hybrid position (in-office with remote flexibility). Employees are required to be in office at least three days per week (Tuesday, Wednesday, and Thursday). Candidates must sit out of Baltimore, Chicago, Washington DC or Philadelphia. This position is NOT eligible for relocation assistance.

PRIMARY DUTIES AND ACCOUNTABILITIES

• Schedule, manage, and provide direction for the implementation of the vulnerability assessment programs at all of the Exelon Entities.
• Assure that all of the vulnerability assessment requirements are met and coordinate/perform the overall required services.
• Assure that all reports, documentation, and evidence for compliance are completed and properly finalized/submitted.
• Establish, maintain, and enhance relationships with utility business and IT partners. Communicate status to key stakeholders on a regular basis. Gather feedback on client satisfaction and internal service performance to foster continual improvement.

JOB SCOPE

• The senior analyst will provide technical and work product guidance to junior analysts; however all Analysts (grades E01-E03) will report to the department manager directly. There are no supervisory duties associated with this role.
• The senior analyst position will execute the strategy and have some autonomy over day-to-day decisions.
• This role doesn’t have any budget responsibility, but the senior analyst may be tapped to support research related to budget planning

MINIMUM QUALIFICATIONS

• Bachelor’s Degree in Computer Science, Information Technology (IT), Engineering, Business Administration or a related discipline, and typically 4-7 years of solid, diverse experience in managing cyber security vulnerability assessments or other technical cybersecurity discipline, or an equivalent combination of education and work experience.
• Ability to demonstrate analytical skills, technical knowledge, and practical application of cyber and information security principles to business leaders and technical staff.
• Experience managing complex projects.
• Knowledge and experience in the implementation of governance frameworks and security risk management processes, such as NIST, ISO, and COBIT guidelines and standards.
• Demonstrated experience in addressing regulatory compliance for the security requirements in applicable laws and regulations, such as NERC CIP, SOX, PCI DSS, and HIPAA.
• Knowledge and experience in application security standards, methodologies, and technologies.
• Knowledge of asset management principles and techniques including a comprehensive understanding of change management techniques.
• Knowledge of risk threat assessment methodologies.
• Demonstrated leadership ability.
• Proven analytical, problem solving, and consulting skills.
• Excellent communication skills and the proven ability to facilitate solutions effectively with all levels of leadership, IT and utility management.

PREFERRED QUALIFICATIONS

• Graduate degree in cyber security or a related area of expertise.
• Direct experience with an Exelon utility business, or multiple.
• Experience developing management model documentation.
• Experience with OT automation industrial control systems and the corresponding instrumentation.
• Relevant certifications (CISSP, GIAC, PMP)
• Experience and expert subject matter knowledge of SCADA, ICS, distribution automation, smart grid, DMS, and/or ECS systems architecture.
• Knowledge of network protocols (e.g., Transmission Control Protocol/Internet Protocol [TCP/IP])
• Knowledge of Dynamic Host Configuration Protocol [DHCP]), and directory services (e.g., Domain Name System [DNS]).
• Knowledge of system administration, network, and operating system hardening techniques.
• Knowledge of system administration concepts for Unix, Linux, and/or Windows operating systems including server experience.
• Knowledge of Tenable Security Center and Nessus.
• Knowledge and experience in application and systems security standards, methodologies, and technologies.
• Demonstrated experience and subject matter knowledge in assessing cyber security vulnerabilities for operational technology applications.
• Knowledge of system life cycle management principles, including software security and usability.