Analyst Cyber Security Senior

Requisition ID: 17991

 

Join us in building a better future for Arizona!

SRP is one of the largest public power and water utilities in the U.S. providing electricity to approximately one million customers in the greater metropolitan Phoenix area. Since its founding in 1903, SRP has fostered a culture of stewardship and customer service consistently ranking as an industry leader in customer service according to J.D. Power and named one of Arizona's best employers by Forbes. SRP continues to adapt to its changing business environment by seeking innovative ways to reimagine utility service and the provision of critical resources essential to the life and economy of Arizona.

 

Why Work at SRP

At SRP, we foster an inclusive work environment and believe everyone should have a fair chance to work, regardless of who they are. That’s why we value teams with diverse perspectives, experiences, and backgrounds to help SRP deliver on its mission of providing reliable, affordable and sustainable water and power.

 

SRP's success is rooted in our employees' happiness, health, and safety. That's why we offer a comprehensive benefits package to meet the needs of our employees and enhance their well-being. In addition to competitive pay and performance incentives, eligible employees can take advantage of the following benefits:

 

• Pension Plan (at no cost to the employee)
• 401(k) plan with employer matching
• Available your first day: Medical, vision, dental, and life insurance
• Over 200+ hours of PTO (includes vacation days, holidays, floating holidays, and sick leave)
• Parental leave (up to 4 weeks) and adoption assistance
• Wellness programs (including access to a recreation and fitness facility)
• Short and long-term disability plans
• Tuition assistance for both undergraduate and graduate programs
• 10 Employee Resource Groups for career development, community service, and networking

 

Summary

The Cyber Security Analyst will work within SRP’s Identity and Access Management (IAM) team, with specific focus on securing SRP’s ERP applications including BI, ECC, S/4HANA, GRC, Fiori Gateway, Concur, SuccessFactors Employee Central, Payroll, etc.

Successful candidate will be able to apply technical expertise and cyber security best practices to identify opportunities to reduce risk, streamline operations, and improve the user experience. This role involves assisting SAP application users with access requirements and troubleshooting security issues.

What You'll Do

• Facilitate with design, build, test, and deployment of security for production and non-production systems
• Provide well researched, specific, relevant and reasonable input to secure and enable new technology initiatives
• Collaborate with cross functional teams – must have effective communication skills, verbal and written
• Manage SAP security roles and authorizations, ensuring compliance with internal and external audit requirements
• Ensure that account and access management operations occur efficiently and effectively through both automation and manual intervention.
• Facilitate the implementation of IAM solutions, including access governance, role-based access control (RBAC) and single sign-on (SSO) systems/applications

 

Additional Information 

• Role requires participation in department on-call rotation which involves responding to emergency callout during non-business hours, as needed.
• Role requires occasional contact with vendors of software, equipment, and services, and occasional travel to industry organization functions.
• Role requires interaction with confidential data such as payroll, employee, and customer information.

What It Takes To Succeed

• Knowledge of cyber security functions, especially identity and access management
• Ability to identify and implement improvements to the management of cyber accounts and access throughout their lifecycle
• Understanding of IT general controls and ICFR/SOX
• Ability to drive cyber security considerations during the software development lifecycle and technology deployment projects
• Deep understanding of SAP authorization concepts, objects and values for secure access control
• Willingness to constantly learn through industry involvement as well as formal and informal training
• Make decisions quickly, often based on imperfect information

Skills and Responsibilities

• Implement and maintain Access Control for SAP modules, e.g. BI, ECC, S/4HANA, GRC, Fiori Gateway, Concur, SuccessFactors Employee Central, etc.
• Identify and mitigate segregation of duty risks and coordinate remediation or mitigation with necessary user and business partners
• Manage and secure SAP transports across landscapes, ensuring appropriate security in all tiers
• Ensure SAP systems meet regulatory and internal/external audit requirements
• Understand technical constructs to properly secure programs, function modules and interface with SAP technical teams
• Proficiency with SAP GRC modules particularly Access Control to handle Access Requests, Risk Analysis and Role Management
• Configure and manage Firefighter roles and IDs to provide temporary access for critical or emergency tasks
• Conduct regular Access Risk Analysis to identify and address segregation of duties conflicts or other access risk
• Identify and implement new solutions or improvements to existing solutions to reduce risk, increase efficiency, and improve user experience.

Industry security certifications preferred, including CISSP, CISA, CISM, CEH, CPA, CRISC, OSCP, PMP, ITIL, SANS GIAC, SEI-CMMI or SSCP.

Experience

• Promotion to level 2 requires a minimum of two years of experience at level 1; demonstrated capability to perform advanced and more difficult work as determined by the supervisor.
• Promotion to senior level requires a minimum of three-years of experience at level 2; is fully competent in all aspects of functional area of assignment and as such would be recognized as a specialist in area of assignment and may have periodic or occasional lead responsibilities.

Education

Completion of a Bachelor's Degree from an accredited institution that prepares the employee for the assignment.

 

Hybrid Workplace

SRP currently offers a hybrid workplace, which allows employees whose jobs can be performed remotely, and who have sufficient technical capability, to telework up to three days per week. Although teleworking is available, all employees must live and work in Arizona. We are taking steps to protect the health and well-being of all team members, and by following a number of health and safety protocols, to reduce the risk of the coronavirus (COVID-19).

 

Drug/Alcohol Policy Statement

To promote the safety and well-being of our employees, customers, and the communities we serve, SRP is committed to maintaining a drug/alcohol free work environment. Although marijuana may now be legal in Arizona, except as otherwise specified under Arizona law, SRP considers it to be an illegal drug for the purpose of our drug/alcohol policy because marijuana remains illegal at the federal level. Any candidate found to be impaired during the hiring process or who has the presence of an illegal drug or unauthorized substance in their system during the pre-employment drug/alcohol test may be disqualified from further consideration in the hiring process.

 

Equal Opportunity Employer Statement

Salt River Project (SRP) is committed to equal employment opportunity regardless of race, color, religion, sex (including pregnancy), gender identity, sexual orientation, national origin, age, disability, genetic information, military status, or any other protected status under applicable federal, state or local law.

 

Work Authorization

All candidates must be legally authorized to work in the United States.
Currently, SRP does not sponsor H1B visas, OPT, or other employment-related visa's.