Analyst Physical Security GRC 3

Deadline to Apply: October 27, 2024
We are engineers, high line workers, power plant managers, accountants, electricians, project coordinators, risk analysts, customer service operators, community representatives, safety and security specialists, communicators, human resources partners, information technology technicians and much, much more. We are 3,500 people committed to enhancing the lives of the communities we serve.  Together, we are powering the growth and success of our community progress every day!

Pay Grade

14

Position Summary

This position operates on a hybrid schedule, and an applicant must be willing to reside within 120 miles of San Antonio, TX.
The position develops and/or maintains security roles for access and compliance risk. business applications, analytic systems, third-party systems and responsible for managing application risk. The position also develops and/or maintains security operations and NERC-related processes, procedures and performs administrative tasks necessary to control several types of organizational risks, govern NERC requirements and security access authorizations. The position must also monitor and interpret the various regulatory statutes and protocols as well as coordinate and implement new initiatives related to governance, risk and compliance for internal and external audits.
 

Tasks and Responsibilities

• Internal consultant for governance, risk, and compliance (GRC) activities.
• Assist in the development and implementation of programs, processes, and procedures used to support governance, risk, and compliance efforts.
• Provides system security design, administration, risk analysis, and supports tasks across all Enterprise Resource Planning (ERP) modules.
• Responsible for analyzing and determining if a segregation of duties (SoD) conflict/risk exists within a group of transactions, and work with stakeholders to address risk.
• Collaborate with security staff, audit team, risk management, ERP support teams, and business owners to ensure proper controls are in place for ERP roles and authorizations, and that governance is supported.
• Understand, communicate and translate authorization concepts to business owners, ERP support teams, and security staff.
• Develop security deliverables for enhancements to production systems.
• Utilize GRC tools to manage list of external authoritative sources, information technology controls, corporate policies and procedures, vendor management system, and risk management workflows.
• Interpret various regulatory standards and requirements impacting CPS Energy and the security organization.
• Collaborate with various business units to understand constraints impacting their operations and their risks associated with GRC controls.
• Perform IT Security Reviews.
• Prepare internal and external audit evidence.
• Maintain proficiency with applicable laws, regulations, and standards.
• Perform cyber vulnerability assessments and risk assessment to proactively secure the organization.
• Performs other duties as assigned.
   

Minimum Skills

Minimum Knowledge and Abilities

Solid knowledge of data governance and privacy.Solid knowledge of compliance related activities (NERC, PCI, HIPAA).Solid knowledge of integrated processes in an ERP System.Solid knowledge of authorization concepts in an ERP System.Proficient with Microsoft Office suite, including word processing, spreadsheets, and presentation software.Proficient with Database administration to include (MS SQL Server and Oracle).Strong ability to diagnose and troubleshoot moderately complex security issues (ex: security authorizations, account provisioning/deprovisioning, compliance issues).Ability to speak in public as a subject matter expert.Strong ability to comprehend results from security assessment and analyze impacts of those assessments.Ability to provide after hours and/or on-call system support.Effectively handles moderately complex assignments collaboratively or independently, occasionally under time constraints.Mid-level experience or additional experience will be considered as a substitute for degree.

Preferred Qualifications

• Advanced knowledge of the Energy Sector (Gas and Electric)
• Advanced knowledge of GRC practices
• Security, GRC or audit related professional certifications
• Experience of State, local, and Federal law enforcement
• Excellent Presentation skills
   

Competencies

Demonstrating InitiativeCommunicates EffectivelyCoordinating Project ActivitiesCreating and Maintaining NetworksDelivering High Quality WorkDriving Continuous Improvement

Minimum Education

Bachelor’s Degree in Business Administration, Information Systems, Information Technology, Information Technology Security, Computer Science, Management Information Systems, Security Operations, Criminal Justice, Accounting.

Required Certifications

Working Environment

The work environment includes extensive indoor work, computer usage, manual dexterity, talking on the phone and in-person, hearing, and performing repetitive motions.Must have the ability to travel to and from meetings, training sessions, and other business related events. Work responsibilities include being on-call as needed after the normal workday and/or on weekends.

Physical Demands

Exerting up to 10 pounds of force occasionally, and/or a negligible amount of force frequently or constantly to lift, carry, push, pull or otherwise move objects, including the human body.Sedentary work involves sitting most of the time. Jobs are sedentary if walking and standing are required only occasionally, and all other sedentary criteria are met.

CPS Energy does not discriminate against applicants or employees. CPS Energy is committed to providing equal opportunity in all of its employment practices, including selection, hiring, promotion, transfers and compensation, to all qualified applicants and employees without regard to race, religion, color, sex, sexual orientation, gender identity, national origin, citizenship status, veteran status, pregnancy, age, disability, genetic information or any other protected status. CPS Energy will comply with all laws and regulations.