Cyber Security Analyst

Requisition ID: 18528

 

Join us in building a better future for Arizona!

SRP is one of the largest public power and water utilities in the U.S. providing electricity to approximately one million customers in the greater metropolitan Phoenix area. Since its founding in 1903, SRP has fostered a culture of stewardship and customer service consistently ranking as an industry leader in customer service according to J.D. Power and named one of Arizona's best employers by Forbes. SRP continues to adapt to its changing business environment by seeking innovative ways to reimagine utility service and the provision of critical resources essential to the life and economy of Arizona.

 

Why Work at SRP

At SRP, we foster an inclusive work environment and believe everyone should have a fair chance to work, regardless of who they are. That’s why we value teams with diverse perspectives, experiences, and backgrounds to help SRP deliver on its mission of providing reliable, affordable and sustainable water and power.

 

SRP's success is rooted in our employees' happiness, health, and safety. That's why we offer a comprehensive benefits package to meet the needs of our employees and enhance their well-being. In addition to competitive pay and performance incentives, eligible employees can take advantage of the following benefits:

 

• Pension Plan (at no cost to the employee)
• 401(k) plan with employer matching
• Available your first day: Medical, vision, dental, and life insurance
• Over 200+ hours of PTO (includes vacation days, holidays, floating holidays, and sick leave)
• Parental leave (up to 4 weeks) and adoption assistance
• Wellness programs (including access to a recreation and fitness facility)
• Short and long-term disability plans
• Tuition assistance for both undergraduate and graduate programs
• 10 Employee Resource Groups for career development, community service, and networking

 

Summary

The cyber security awareness and training analyst works under the direction of security leadership to manage and execute cyber security awareness programs for the organization and drive a security mindset across SRP. The analyst works with internal stakeholders and external cyber security awareness vendors to ensure the program is aligned with leadership’s expectations. Analysts in this role emphasize employee behavioral change by providing successful training and education content focused on mitigating business risk.

What You'll Do

• Work in tandem with risk management, security teams and business leaders to align security awareness and education initiatives focused on behavioral change.
• Measure the effectiveness of the awareness and training program, make recommendations and execute change.
• Complete regulatory obligations for employee awareness and training, then pivot to create and offer compelling and forward-thinking content exceeding minimum standards.
• Assess the cyber security threat landscape in coordination with subject matter experts and align the program with content focused on reducing risk.
• Create content employees can comprehend, regardless of their level of cyber security knowledge, while accommodating different learning styles using a variety of mediums, including, but not limited to, written and visual (video/images).
• Interest non-cyber security workers in becoming champions and ambassadors for the security program.
• Offer workshops and interactive sessions, including gamification, tabletop exercises, guest speakers and general awareness training across a broad range of business and personal security topics for the workforce.
• Pinpoint strengths and areas for improvement related to security posture and risk management/acceptance.
• Maintain a high degree of knowledge with current and proposed security changes impacting regulatory, privacy and security industry best practice guidance.
• Influence and validate metrics used in oversight and assessment of security program success and regularly report to security and business leadership.

What It Takes To Succeed

• Ability to combine business acumen, effective communication and technical aptitude to provide cyber security content serving all levels of proficiency, from beginners to experts. 
• Adept at developing trust and earning respect so that regardless of employee ability, all feel welcome to ask questions, share feedback and support the mission. 
• As a liaison between cyber security and the business units, the coordinator is people-centric, a security champion and an example for others to follow.

 

Skills and Experience

• At least three to five years’ experience in cyber security and/or education.
• Excellent communicator and storyteller, adept at collaborating with various groups of people.
• Awareness of various regulatory requirements and cyber security awareness obligations.
• Ability to deliver content across multiple business units, as well as remote and in-office teams.
• Familiar with how to track and measure awareness and efficacy of training using solutions like Power BI, ServiceNow, or Human Risk Management solutions.
• Ability to manage computer-based training (CBT) and learning management system (LMS).
• Experience developing and using materials to support various learning styles and roles.
• Project management, multitasking and organizational skills.
• Understanding of social engineering tactics, privacy, insider threats and data protection.
• Capable of facilitating a variety of event types, like Design Thinking Sessions, Training Needs Analysis, Stakeholder Engagement, etc.
• Ability to foster credibility with technical teams and external constituents through sustained industry knowledge.

 

 

Certification Requirements

Preferable, but not required: PMP, GSEC, GISP, CRISC, CISSP, Prosci

Experience

We are hiring this role at the Level 2, please see below years of experience needed.

 

• Level 2 (Journey), a minimum of two years of experience to four years related experience is required (if no degree, six-eight years of relevant experience or equivalent combination of education and related experience totaling six-eight years). 

Education

A bachelor’s degree related to the assignment from an accredited institution is preferred.

 

Hybrid Workplace

SRP currently offers a hybrid workplace, which allows employees whose jobs can be performed remotely, and who have sufficient technical capability, to telework up to three days per week. Although teleworking is available, all employees must live and work in Arizona. We are taking steps to protect the health and well-being of all team members, and by following a number of health and safety protocols, to reduce the risk of the coronavirus (COVID-19).

 

Drug/Alcohol Policy Statement

To promote the safety and well-being of our employees, customers, and the communities we serve, SRP is committed to maintaining a drug/alcohol free work environment. Although marijuana may now be legal in Arizona, except as otherwise specified under Arizona law, SRP considers it to be an illegal drug for the purpose of our drug/alcohol policy because marijuana remains illegal at the federal level. Any candidate found to be impaired during the hiring process or who has the presence of an illegal drug or unauthorized substance in their system during the pre-employment drug/alcohol test may be disqualified from further consideration in the hiring process.

 

Equal Opportunity Employer Statement

Salt River Project (SRP) is committed to equal employment opportunity regardless of race, color, religion, sex (including pregnancy), gender identity, sexual orientation, national origin, age, disability, genetic information, military status, or any other protected status under applicable federal, state or local law.

 

Work Authorization

All candidates must be legally authorized to work in the United States.
Currently, SRP does not sponsor H1B visas, OPT, or other employment-related visa's.