Job Description

Description

At Exelon, we've got a place for you!

Join the nation's leading competitive energy provider, with one of the largest electricity generation portfolios and retail customer bases in the country. You will be part of a family of companies that strives for the highest standards of power generation, competitive energy sales, and energy delivery. Our team of outstanding professionals is focused on performance, thought leadership, innovation, and the power of ideas that come from a diverse and inclusive workforce.

Exelon will provide you the tools and resources you need to design, build, and enhance a successful career. We are also dedicated to motivating the success of our employees through competitive base salary, incentives, and health and retirement benefits.

Join Exelon and share your passion at a forward-thinking Fortune 100 company. Establish yourself in a place where you can truly shine and create a brighter, more sustainable tomorrow. Energize your career at Exelon!

PRIMARY PURPOSE OF POSITION
    
The Sr Cyber Security Vulnerability Assessment Analyst will work closely with the departmental team Manager and/or a compliance partner to assure that all of the NERC CIP Cyber Security Vulnerability Assessment requirements are met, including technical task performance, as well as verifying that reports, documentation, and evidence are generated and properly filed across all relevant business units.  The Sr Cyber Security Vulnerability Assessment Analyst will schedule, manage, and provide direction for the implementation of the NERC CIP-010 Vulnerability Assessment Program at all Exelon Registered Entities. Additionally, this analyst will support the utility Business Units in the implementation and updates to NERC CIP policies, standards, and processes supporting vulnerability assessments. This position will be responsible for continuing to mature the overall NERC CIP CVA program under the guidance of cybersecurity Leadership. This position also leads, coordinates, communicates, integrates, and is accountable for the overall success of the program, ensuring alignment with Exelon CIP program priorities and requirements. This position could be required to support additional vulnerability management in regulatory environments outside of NERC CIP as well as non-regulatory initiative workload.

    
PRIMARY DUTIES AND ACCOUNTABILITIES 

• Schedule, manage, and provide direction for the implementation of the NERC CIP-010 Vulnerability Assessment Program at all of the Exelon Entities. 
• Assure that all of the NERC CIP vulnerability assessment requirements are met and coordinate/perform the overall required services. 
• Assure that all reports, documentation, and evidence for NERC compliance are completed and properly finalized/submitted. 
• Establish, maintain, and enhance relationships with utility business and IT partners. Communicate status to key stakeholders on a regular basis.  Gather feedback on client satisfaction and internal service performance to foster continual improvement. 

POSITION SCOPE 
The Sr Cyber Security Vulnerability Assessment Analyst will work closely with the departmental team Manager and/or a compliance partner to assure that all of the NERC CIP Cyber Security Vulnerability Assessment requirements are met, including technical task performance, as well as verifying that reports, documentation, and evidence are generated and properly filed across all relevant business units.  The Sr Cyber Security Vulnerability Assessment Analyst will schedule, manage, and provide direction for the implementation of the NERC CIP-010 Vulnerability Assessment Program at all Exelon Registered Entities. Additionally, this analyst will support the utility Business Units in the implementation and updates to NERC CIP policies, standards, and processes supporting vulnerability assessments. This position will be responsible for continuing to mature the overall NERC CIP CVA program under the guidance of cybersecurity Leadership. This position also leads, coordinates, communicates, integrates, and is accountable for the overall success of the program, ensuring alignment with Exelon CIP program priorities and requirements. This position could be required to support additional vulnerability management in regulatory environments outside of NERC CIP as well as non-regulatory initiative workload.

Qualifications

Minimum Qualifications

• Bachelor’s Degree in Computer Science, Information Technology (IT), Engineering or a related discipline, and typically 5-8 or more years of solid, diverse experience in managing cyber security vulnerability assessments, or an equivalent combination of education and work experience.
• Ability to demonstrate analytical skills, technical knowledge, and practical application of cyber and information security principles to business leaders and technical staff.
• Experience managing complex projects.
• Knowledge and experience in the implementation of governance frameworks and security risk management processes, such as NIST, ISO, and COBIT guidelines and standards.
• Demonstrated experience in addressing regulatory compliance for the security requirements in applicable laws and regulations, such as NERC CIP, SOX, PCI DSS, and HIPAA. 
• Knowledge and experience in application security standards, methodologies, and technologies.
• Knowledge of asset management principles and techniques including a comprehensive understanding of change management techniques.
• Knowledge of risk threat assessment methodologies.
• Demonstrated leadership ability.
• Proven analytical, problem solving, and consulting skills.
• Excellent communication skills and the proven ability to facilitate solutions effectively with all levels of utility management.

Preferred Qualifications 

• Graduate degree in cyber security or a related area of expertise.
• Relevant security certifications (CISSP, GIAC, PMP)
• Experience and expert subject matter knowledge of SCADA, ICS, distribution automation, smart grid, DMS, and ECS systems architecture.
• Knowledge of network protocols (e.g., Transmission Control Protocol/Internet Protocol [TCP/IP],
• Knowledge of Dynamic Host Configuration Protocol [DHCP]), and directory services (e.g., Domain Name System [DNS]).      
• Knowledge of system administration, network, and operating system hardening techniques.
• Knowledge of system administration concepts for Unix, Linux, and/or Windows operating systems including server experience.
• Knowledge of Tenable Security Center and Nessus.
• Knowledge and experience in application and systems security standards, methodologies, and technologies.
• Demonstrated experience and subject matter knowledge in assessing cyber security vulnerabilities for OT applications, web architectures, operating systems, databases, and networks.
• Knowledge of system life cycle management principles, including software security and usability.