Analyst II, Cyber Security Programs

Position Overview:

• Support the Director of Cyber Security Programs in managing the organization's information security and cybersecurity governance, risk, and compliance programs. 
• Assist in the development, enhancement, and enforcement of cybersecurity policies, standards, and procedures across the enterprise. 
• Partner with IT and business units to communicate policy requirements, ensure understanding, and drive compliance. 
• Coordinate third-party risk management (TPRM) activities, including vendor security assessments and due diligence. 
• Conduct assessments to evaluate the design and operating effectiveness of IT controls, identify control gaps, and assist in remediation planning. 
• Support the development and delivery of security awareness training to promote a security-first culture across the organization. 
• Act as a liaison for cybersecurity-related requests, collaborating with internal teams including Legal, Information Governance, Security Operations and Security Architecture. 
• Assist in maintaining compliance with NERC CIP standards through evidence collection, audit support, and tracking follow-up actions. 
• Track, analyze, and report on cybersecurity KPIs and metrics, identifying trends and opportunities for improvement. 
• Manage or support cybersecurity projects and initiatives, ensuring they are delivered on time and aligned with organizational goals. 
• Participate in cybersecurity incident response activities and post-incident reviews in a support role. 

Minimum Qualifications:

• Minimum 3 years of professional experience in cybersecurity, IT security, or GRC.
• Security Frameworks: Strong knowledge of Cyber Security frameworks such as NIST SP 800-53, CIS Controls, or ISO/IEC 27001.
• Experience conducting security risk assessments. 
• Eligible to work in the United States without the need for employer visa sponsorship now or in the future.

Preferred Qualifications:

• Bachelor's degree in related field.
• Industry Experience: Background in the energy or utilities sector, particularly with experience in NERC CIP compliance or other critical infrastructure regulations. 
• Consulting/Audit Background: Experience in consulting, advisory, or IT audit roles with a focus on cybersecurity or compliance. 
• Certifications: Professional certifications such as CISA, CISSP, CISM, CEH, GIAC GSEC, or equivalent credentials.
• Tools & Technologies: Hands-on experience with GRC platforms and security tools, especially Microsoft 365 Security, Azure Security, and tools like UpGuard, Servicenow and Smartsheet. 
• Project Management: Strong organizational skills with the ability to manage multiple tasks, meet deadlines, and prioritize work effectively. 
• Communication: Excellent written and verbal communication skills, with the ability to produce clear documentation and engage diverse stakeholders. 
• Professionalism: Self-starter with a proactive mindset, strong attention to detail, and the ability to work independently and collaboratively. 
• Regulatory compliance: Experience with NERC CIP. ​

#LI-ONSITE