Senior Cybersecurity Governance & Risk Analyst

More than a career - a chance to make a difference in people's lives.

Build an exciting, rewarding career with us – help us make a difference for millions of people every day. Consider joining the Duke Energy team, where you'll find a friendly work environment, opportunities for growth and development, recognition for your work, and competitive pay and benefits.

Job Summary:

The Candidate will be expected to manage work in multiple governance and risk areas with minimal supervision. The individual will be expected to have the ability to plan, design, and implement a cybersecurity risk and governance program and to work independently, with limited guidance. The individual is expected to be fully competent in the use of cyber risk and governance concepts and procedures, and demonstrate critical thinking skills to identify problems, develop solutions, and take actions to resolve or improve. The individual must have the capability to lead efforts with other team members. The individual will have working knowledge of governance and cybersecurity risk.

Responsibility and Duties:

• Demonstrates working knowledge of IT and Cybersecurity policy, standards, processes, controls, and functional areas.
• Competent in the use of IT and Cybersecurity tools, procedures, and research capabilities.
• Monitor and evaluate the effectiveness of the enterprise's cybersecurity safeguards to ensure they provide the intended level of protection.
• Perform or assist in security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in risk mitigation strategy.
• Perform or assist in cyber defense trend analysis and reporting as it relates to cybersecurity governance and risk management.
• Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation and reduction of the overall risk exposure for the organization.
• Assess or assist in the validation and effectiveness of security controls to reduce cybersecurity risk.
• Collaborate with Cybersecurity leadership and architects to make sure security technologies, processes, and people align with Duke Energy’s strategic plan and budget.
• Demonstrate working knowledge of standard exceptions and issues processes.
• Define Duke Energy’s security standards, security baselines, performance metrics, plan, and initiate periodic performance reviews for the cybersecurity architecture and assessment team and vendors.
• Conducts individual work assignments of a less complex nature to meet established work schedules.
• Receives work assignments and works with review and direction by management or senior analyst.
• Performs or assist in the performance of technical project work as needed to complete project deliverables.
• Able to apply process and controls knowledge to reduce cyber risk exposure through risk management or governance principles.
• Provides good customer support to deliver risk results to internal and external parties.
• Communicates with customers to understand cyber risk concerns.
• Communicates problems and resolutions to manager and/or customers.
• Communicate risk information in a clear and concise manner.

Basic/Required Qualifications:

• Bachelor’s degree in Cybersecurity, or related field.
• Minimum 5 years Required of Related Work Experience.
• In lieu of degree(s) listed above, High School/GED AND 9 year(s) related work experience

Desired Qualifications:

• Knowledge in validating the organization against policies/guidelines/procedures/regulations/laws to ensure proper governance.
• Knowledge in reviewing service performance reports identifying any significant issues and variances, initiating, where necessary, corrective actions and ensuring that all outstanding issues are followed up.
• Ability to evaluate, analyze, and synthesize copious quantities of data (which may be fragmented and contradictory) into high quality, fused targeting/intelligence products.
• Expert knowledge of Cybersecurity frameworks such as NIST (e.g., NIST CSF and NIST RMF)
• Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
• Demonstrate working knowledge of standard exceptions and issues processes.
• Skill in developing cyber risk processes and/or risk assessment for external services (e.g., cloud service providers, data center)
• Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risks.
• Collaborates directly with customers, external contractors, and vendors to ensure project goals are met and/or issues are escalated, classified, and documented properly.
• Interface with internal and external auditors for risk assessment.
• Validate minimum security requirements are being followed according to Cybersecurity standards.
• Review or conduct risk assessments of information technology (IT) programs and projects.
• Able to work effectively with defined direction.
• Demonstrated ability to work independently with supervisory review and direction.
• Demonstrated excellent listening and communication skills; able to present complex information in an understandable manner both verbal and written to peer levels within the organization and multiple levels within the organization.
• Demonstrated ability to absorb change and continue with positive results.
• Exhibits confidence and a proper level of assertiveness when needed; displays maturity in approach and ability to effectively manage stress and frustration.
• Skill in conducting risk assessments or reviews of technical systems.
• Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
• Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
• Knowledge of Personally Identifiable Information (PII) data security standards.
• Skill in performing impact/risk assessments.
• Skill in processing collected data for follow-on analysis.
• Review authorization and assurance documents to confirm the level of risk is within acceptable limits for each software application, system, and network.
• Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
• Review authorization and assurance documents to confirm the level of risk is within acceptable limits for each software application, system, and network.
• Ensure that all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals.
• Demonstrates good listening skills and puts forth the effort to understand other points of view. Has the ability to manage confidential information with a high degree of integrity. Responds well to supervisors, is easy to challenge and develop, and is easily coachable. Able to work effectively with defined direction.
• Perform cyber defense trend analysis and reporting.
• Skill in creating and utilizing mathematical or statistical models.
• Research current technology to understand capabilities of required system or network.
• Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.

Working Conditions:

• Hybrid Mobility Classification – Work will be performed from both remote and onsite locations after the onboarding period. However, hybrid employees should live within a reasonable daily commute to a Duke Energy facility.

**Travel Requirements

5-15%

Relocation Assistance Provided (as applicable)

No

Represented/Union Position

No

Visa Sponsored Position

No

**Posting Expiration Date

Thursday, September 26, 2024

All job postings expire at 12:01 AM on the posting expiration date.

Please note that in order to be considered for this position, you must possess all of the basic/required qualifications.

Privacy

Do Not Sell My Personal Information (CA)

Terms of Use

Accessibility