Under general supervision, this position works as part of the Cyber Security Team to implement the enterprise cyber security goals and is responsible for identifying, implementing, and maintaining compliant cyber security solutions and addressing cyber related issues that may pose an immediate or long-term risk to the Grant PUD business operations and data.
Responsible for recommending and enhancing security controls, performing risk assessments, and assisting in the development of policies and procedures for the Enterprise Cyber Security Program to ensure that the identification, protection, detection, response and recovery objectives are met.
The position includes responsibilities for maintaining compliance with NERC CIP regulations and guidance.
Essential Functions: -- Essential functions, as defined under the Americans with Disabilities Act, may include any of the following representative duties, knowledge, and skills. This is not a comprehensive listing of all functions and duties performed by incumbents of this class; employees may be assigned duties which are not listed below; reasonable accommodations will be made as required. The job description does not constitute an employment agreement and is subject to change at any time by the employer. Essential duties and responsibilities may include, but are not limited to, the following:
Assists in ensuring that the confidentiality, integrity, and availability of Grant PUD Enterprise Technologies and data, through planning, implementation and operation of cyber solutions meeting the objectives of the Cyber Security Program and supporting frameworks.
Performs cyber risk assessments of the enterprise processes, systems, information, data, rights, privileges and 3rd party partners to identify potential threats. Researches, analyzes, recommends and implements cyber security tools, solutions and processes to mitigate identified cyber security risks. Maintains and operates cyber systems to identify, detect, protect, respond and recover from cyber threats and incidents.
Manages and investigates potential and actual cyber security incidents, following processes to enable chain of custody of any potential evidence while containing the threat and minimizing operational impacts.
Maintains awareness of relevant and emerging cyber security trends, technology, frameworks, tools and best practices.
Ensures technologies and procedures comply with all Grant PUD’s internal computing control requirements, cyber related legislations (e.g., Sarbanes-Oxley legislation), industry regulation and guidance (NERC CIP, FERC) and all other Federal, State, and Local regulations. Performs, operates, and audits all assigned NERC CIP responsibilities.
Accountable for assisting in the development, implementation, maintenance and oversight of the automated cyber security controls (e.g., firewalls, SIEM, etc.), implementing ideas to improve processes based on lessons learned over time in performing assigned duties.
Provides subject matter expertise and cyber security perspective in assisting in the development, implementation and testing of the enterprise disaster recovery and business continuity plan.
Develops, compiles and produces operational and trend reports and/or dashboards supporting the Key Performance Indicators (KPIs) and detailing the health of the Cyber Security functions.
Develops and employs scripts, cookbooks, checklists and other tools/methods to automate tasks and enable efficient and repeatable outcomes of operational security controls.
Identifies and implements improvement opportunities for their job function. Engages in larger department transformation initiatives to improve quality and professionalism of work.
Demonstrates excellent communication and ability to work with others in potentially stressful situations; works quickly and is able to analyze, deduce, and present viable solutions to cyber issues and problems. Able to follow projects and activities through to completion.
- Demonstrated commitment to Grant PUD’s mission, vision, values, strategic plan and Vision 2021. The incumbent should be familiar with these organizational priorities and behave in a way that aligns with these expectations.
- Understand and adhere to compliance requirements for this position that may include laws, regulations, security guidelines, Grant PUD policies & procedures
Actively participate in all aspects of our safety program, including but not limited to:
- Following all safety policies and procedures;
- Alerting supervisors and coworkers to unsafe or hazardous working conditions;
- Reporting any safety incidents or close calls within 24 hours to your supervisor; and
- Accepting feedback from supervisors and coworkers regarding your own safety performance.
Actively support programs and actions that improve our Safety Culture by:
- Supporting the presence of safety in your Department (e.g. Include safety messages in business conversations; begin meetings as appropriate with a safety minute).
- Ensuring supervisors are monitoring the safety actions of their teams (such as completing safety training, reporting incidents timely, etc.).
- Being viewed as a safety champion by stopping work if necessary, promoting safety activities (Continuous improvement team processes, Safety & Health Improvement Plan (SHIP) activities, etc.).
- Acknowledging compliant safety behaviors and good safety performance from members of your team(s).
Bachelor’s Degree in Cyber Security, Information systems, Engineering, or related degree required. Three (3) years’ experience in a cyber security role preferred. Business Systems Analysis, Cybersecurity, ITIL, IT Service Management certifications and Customer Service experience are desirable but not required. Must have or be willing to obtain, cyber security industry certification such as CISSP, CISA, GCCC, GCEH, etc.
Knowledge, Skills, Abilities and Other Characteristics (KSAOs)
Knowledge and Skills
Knowledge of - Cyber Security controls to include but not limited: Regulatory compliance requirements (NERC CIP) and policies or similar, National Institute of Standards and Technology (NIST) frameworks and guidelines for Cybersecurity, the Critical Information Security controls, Federal/State/Local Cyber laws, Understanding of firewalls, proxies, SIEM, antivirus, and IDP/S concepts, vulnerability assessment and mitigation, penetration testing, threat hunting, security log analysis and monitoring Incident Response and recovery; Business Continuity Planning, Risk management, Project management, enterprise network architecture and design, application interoperability, and cloud solutions security; Data Security software and procedures; CBK security domains; process and procedure development and auditing; computers and related technologies to support CIP operation; data infrastructure, architecture requirements and components of network operating systems; wide and local area network protocols and diagnostic tools.
Skills in - communicating effectively with all levels of system operations employees; managing simultaneous projects with attention to detail; exercising independent judgment and be a team player; organizational and time management.
Special Requirements - A valid State driver’s license is required. Occasional travel to other Grant County PUD locations required.
Majority of work is performed in a standard office setting.
*applicant/incumbent should refer to the Physical Capacity Evaluation (PCE).
Closing Date to Apply: Open Until Filled
Excellent Compensation and Benefits Package
Equal Opportunity Employer
References and Background Checks are done as part of our employment process.