At Exelon, we've got a place for you!
Join the nation's leading competitive energy provider, with one of the largest electricity generation portfolios and retail customer bases in the country. You will be part of a family of companies that strives for the highest standards of power generation, competitive energy sales, and energy delivery. Our team of outstanding professionals is focused on performance, thought leadership, innovation, and the power of ideas that come from a diverse and inclusive workforce.
Exelon will provide you the tools and resources you need to design, build and enhance a successful career. We are also dedicated to motivating the success of our employees through competitive base salary, incentives, and health and retirement benefits.
Join Exelon and share your passion at a forward-thinking Fortune 150 company. Establish yourself in a place where you can truly shine and create a brighter, more sustainable tomorrow. Energize your career at Exelon!
This role serves in a technical lead capacity providing oversight, direction and technical reviews adhering to North American Electric Reliability Corporation (NERC) Standards supporting Configuration Management, Change Management, and Cyber Vulnerability Assessments.
PRIMARY PURPOSE OF POSITION
In this position the Technical Analyst serves as the primary contract in supporting North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) requirements and deliverables. The core responsibilities focus on Change Management practices, adherence to Configuration Management execution and Compliance Vulnerability Assessment oversight. The Technical Analyst manages daily Change Management and Configuration reviews supporting technical support areas in successfully meeting compliance requirements. This role requires understanding of Security Vulnerability Assessment practices, lead paper based and active compliance assessments, assist in creation of findings reports and performing assessment vendor management. This position will be responsible for assisting with firewall reviews of rules, ports and services, supporting development of mitigation plans to address findings and engage in remediation reviews. Other responsibilities include understanding of general business functions including Corrective Action programs, regulatory requirements (NERC CIP, SOX and other appropriate standards), reports directly to IT Compliance Manager and provides additional support to Transmission, Generation business groups and Central Compliance organizations. Limited travel to other Exelon location maybe required.
PRIMARY DUTIES AND ACCOUNTABILITIES
- Provide daily review of IT SCADA system changes ensure compliance requirements for change management are maintained with appropriate evidence validation.
- Accountability as the Subject Matter Expert (SME) for NERC CIP Configuration requirements, reviewing and ensuring configuration guides are accurate, align to modifications and Exelon standards are enforced.
- Lead annual NERC CIP assessments for various business units that will include but not limited to primary contact for Corporate and Information Security Services, planning and technical team engagement.
- Develop and maintain knowledge of NERC CIP compliance standards and Exelon Management Model program supporting Configuration and Change Management and Vulnerability Assessments.
- Provide technical support for regulatory and internal audits. Will be accountable for providing evidence, response to audit inquires and support to IT Compliance Central Organization.
- Manage multiple concurrent assignments with varying deliverables and dates.
- Support NERC CIP Compliance projects with analysis, design, build and test solutions in accordance NERC standards.
- Active participant in annual Cyber Security Incident response exercises supporting IT Compliance Operations
- Assist and mentor individuals to build NERC CIP Compliance understanding and awareness
- Actively build Information Technology, Business and Industry relationships gaining broader knowledge to support innovative solutions with NERC CIP.
- Bachelor's degree in Computer Science or related discipline and 5 to 8 years' experience in NERC Compliance , Cyber Security, Information Technology or equivalent combination of education and work experience.
- Broad Technical expertise with deep technical knowledge in at least one area of IT platforms such as Cisco Networking, Windows, Unix/Linux, Firewalls or Security scanning solutions.
- Understanding of Change and Configuration Management principles associated with new technology implementations.
- Basic understanding of NERC CIP Standards, FERC Regulations and Internal Controls
- Excellent communications skills - Able to effectively communicate highly technical information in non-technical terminology (written and verbal) and effective interpersonal skills.
- Ability to work independently and across geographic dispersed team and support groups.
- Demonstrated leadership ability
- Understanding of project management principles
The role of the NERC CIP Operations Technical Analyst is to support various business unit technical teams with successfully maintaining IT NERC CIP compliance standards for Change and Configuration management. A successful candidate will be required to work independently and demonstrate security awareness with sound project management skills leading compliance vulnerability assessments in diverse environments. This position requires maintaining a thorough knowledge of NERC CIP standards, compliance requirements and executing to industry best practices. Continued self-improvement will include maintaining Compliance awareness through seminars, presentation and publications, enhancing the IT NERC CIP Compliance Organization by promoting technological innovations to drive improved process enabling consistent repeatable processes and executing to NERC CIP Standards as an industry leader.
Exelon is proud to be an equal opportunity employer and employees or applicants will receive consideration for employment without regard to: age, color, disability, gender, national origin, race, religion, sexual orientation, gender identity, protected veteran status, or any other classification protected by federal, state, or local law.
VEVRAA Federal Contractor
EEO is the Law Poster