Share this Job
Lead Analyst IT (Security) Job
Date: Jun 6, 2013
Location: Chicago, IL, US
Job Title: Lead Analyst IT (Security)
Job ID: 3002117
Location: IL - Chicago
Full/Part Time: Full-Time
Job Family: Information Systems
At Exelon, we've got a place for you. Exelon is developing sustainable energy to provide for the communities of today and planning for a brighter tomorrow. Exelon knows the future of energy is you.Exelon Corporation is one of the nation's largest electric utilities, with more than $32 billion in annual revenues. The company has one of the industry's largest portfolios of electricity generation capacity, with a nationwide reach and strong positions in the Midwest and Mid-Atlantic. Exelon distributes electricity to approximately 6.6 million customers in northern Illinois, central Maryland and southeastern Pennsylvania and natural gas to more than 1.1 million customers in the Baltimore and Philadelphia areas. Exelon is headquartered in Chicago and trades on the NYSE under the ticker EXC.We know that before we can generate more than 34,000 megawatts of electricity and deliver electric and gas service safely to millions of families and businesses, we need to recognize that each of our employees plays an integral part in the process. Join Exelon and you can share your ideas at a forward-thinking company and the next big idea could be yours. You've just found Exelon, a place where you can truly shine.
Business Unit Overview
Business Services provides Exelon and its subsidiaries with financial, human resource, legal, information technology, supply management and corporate governance services.
PRIMARY PURPOSE OF POSITION
The primary purpose of this position is to provide information security expertise in the analysis, assessment, development, and evaluation of security solutions and architectures to secure applications, operating systems, databases, and networks. The Lead Analyst IT develops security requirements, conducts security risk assessments, designs security solutions, evaluates application and system architectures, and develops and reviews information security policies and procedures. This role serves as a senior technical staff member who provides technical information security expertise and guidance to business units, operational units, and other IT functions to assist in identifying, managing, and mitigating security risks.
PRIMARY DUTIES AND ACCOUNTABILITIES (means principal, main, major or most important duties / accountabilities that the employee performs)
1. Serves as a lead cyber and information security consultant to internal business units and support organizations by providing research, analysis, and guidance on management, operational, and technical security requirements and solutions for business and technology initiatives. Provides technical guidance and expertise in the areas of secure application development, security risk management and assessment, security policies and procedures, security architectures and implementations, and effective security risk assessment practices. Provides security project management, risk assessments, security requirements analysis, design reviews, security testing oversight, and risk remediation planning.
2. Conduct application risk assessments, security requirements analysis, design reviews, and support the acquisition and deployment of security software, systems, and services.
3. Provides guidance on the development and integration of a security development lifecycle (SDL) to include secure development, testing, and configuration of application and web architectures.
4. Review and assess vendors¿ cyber and information security solutions and deliverables, including technologies and architectures, security controls and procedures, and contracting documentation.
5. Provide knowledge transfer and guidance to other team members while also striving to maintain technical knowledge and business acumen within the information security discipline.
-Bachelor's degree in Computer Science or related discipline and a minimum of 7 to 8 years relevant experience.
-Appropriate technical skills in security risk assessment, requirements development, secure design analysis, architecture assessment and development, and security testing of applications and systems.
-Strong knowledge of business practices and processes in developing, evaluating, and implementing cyber and information security architectures, technologies, standards, and practices to secure applications and IT systems.
-Knowledge and demonstrated experience in security architecture, design, and policy guidance consultation to IT organizations and Business Units.
-Solid knowledge and experience in assessing and implementing information security governance frameworks, policies and procedures, and risk management processes and tools.
-Knowledge and experience with information security for energy and utility systems.
-Working knowledge of energy industry cyber security standards such as NERC CIP, and relevant NIST and IEC standards.
-Experience leading small IT projects or sub-teams and knowledge of IT project management.
-Strong problem solving and analytical skills.
-Excellent communications skills (written and verbal)
-Ability to work with remote or virtual project teams
-Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM), or other equivalent security certifications
-Experience and proven capabilities in application risk assessment, application security architecture development, web application security, and application security testing.
-Extensive experience developing, evaluating, and implementing cyber and information security architectures, technologies, standards, and practices to secure applications and IT systems.
-Demonstrated experience in application and technology design reviews, requirements development, architecture assessments, and security testing of applications and systems.
-Experience with information security frameworks, such as the ISO, NIST, and COBIT and compliance with industry regulations, such as NERC CIP standards.
-Strong knowledge and experience in security project management, risk assessments, security requirements analysis, design reviews, security testing oversight, and risk remediation planning and coordination.
-Ability to demonstrate analytical skills, technical knowledge, and practical application of cyber and information security principles to business leaders and technical staff. POSITION SCOPE
-Serves as a lead cyber and information security consultant to internal business units and support organizations by providing research, analysis, and guidance on management, operational, and technical security requirements and solutions for business and technology initiatives.
-Develops and reviews information security strategies, policies and procedures, and governance processes for the security organization, IT organizations, and business units.
-Develops, reviews, and maintains security risk management policies, procedures, and practices, including technical IT security standards for applications, web architectures, operating systems, databases, and networks.
-Utilizes understanding of customer's business needs to determine security requirements, controls, standards, and technologies for applications, web architectures, operating systems, databases, and networks.
-Applies technical and consulting expertise to analyze, plan, design, build or support required security artifacts and processes to secure systems, applications, databases, and networks.
-Manages and directs the efforts of 3rd party security consultants supporting business and IT security projects.
-Demonstrates ability to meet project objectives, priorities, and problem solve in aggressive timeframes.
-Effectively interact and communicate with vendors, business partners, and/or cross functional teams to manage and coordinate activities as required
-Work as a lead staff member requiring minimal supervision
-Provides knowledge transfer, guidance and support to other staff members and colleagues.
-Other duties as assigned or required.
Equal Employment Statement
Exelon is proud to be an Equal Opportunity Employer.
Nearest Major Market: Chicago
Job Segments: Risk Management, Security, Corporate Security, Energy, Nuclear, Finance
Find similar jobs: