Item

Accountability

%

1

Schedule, manage, and provide direction for the implementation of the NERC CIP-010 Vulnerability Assessment Program at all of the Exelon Entities.

50

2

Assure that all of the NERC CIP Vulnerability Assessment requirements are met and coordinate and manage the overall services provided.

20

3

Assure that all reports, documentation and evidence for NERC compliance are completed and properly handled.

20

4

Establish, maintain, and enhance relationships with business and IT partners. Communicate status to key stakeholders on a regular basis.  Gather feedback on client satisfaction and internal service performance to foster continual improvement.

10

Minimum:

Preferred:

• Bachelor’s Degree in Computer Science, Information Technology (IT), or a related discipline, and typically 5-8 or more years of solid, diverse experience in managing cyber security vulnerability assessments, or equivalent combination of education and work experience.

• Relevant security certifications (CISSP, GIAC, PMP)

• Appropriate technical skills and in-depth knowledge of business unit functions and applications including:
  • Knowledge and experience in the implementation of governance frameworks and security risk management processes, such as NIST, ISO, and COBIT guidelines and standards.
  • Demonstrated experience in addressing regulatory compliance for the security requirements in applicable laws and regulations, such as NERC CIP, SOX, PCI DSS, and HIPAA.
  • Experience managing complex projects
  • Knowledge and experience in application security standards, methodologies, and technologies.
  • Ability to demonstrate analytical skills, technical knowledge, and practical application of cyber and information security principles to business leaders and technical staff.
  • Knowledge of capabilities and requirements analysis.
  • Knowledge of resource management principles and techniques.
  • Knowledge of risk threat assessment methodologies.

• Experience and expert subject matter knowledge of SCADA, ICS, Distribution Automation, Smart Grid, DMS, and ECS systems architecture.
• Knowledge and experience in application and systems security standards, methodologies, and technologies.
• Demonstrated experience and subject matter knowledge in assessing cyber security vulnerabilities for OT applications, web architectures, operating systems, databases, and networks.
• Knowledge of system life cycle management principles, including software security and usability.

• At least 3-5 years of demonstrable experience managing complex IT projects.

• Comprehensive understanding of change management

techniques associated with new technology

implementation.

• Demonstrated experience producing an economic business case.

• Demonstrated leadership ability.

• Proven analytical, problem solving, and consulting skills.

• Excellent communication skills and the proven ability to work effectively with all levels of IT and business management.