IT Security Analyst

Job description

Company Summary Statement

As one of the largest investor-owned utility companies in the United States, PPL Corporation (NYSE: PPL), is committed to creating long-term, sustainable value for our 3.5 million customers, our shareowners and the communities we serve.

Our high-performing regulated utilities — PPL Electric Utilities, Louisville Gas and Electric, Kentucky Utilities and Rhode Island Energy — provide an outstanding experience for our customers, consistently ranking among the best utilities in the nation.

PPL’s companies are also addressing challenges head-on by investing in new infrastructure and technology that is creating a smarter, more reliable and resilient energy grid.

We are committed to doing our part to advance a cleaner energy future and drive innovation that enables us to achieve net-zero carbon emissions by 2050 while maintaining energy reliability and affordability for the customers and communities we serve.

PPL is a positive force in the cities and towns where we do business, providing support for programs and organizations that empower the success of future generations by helping to build and maintain strong, diverse communities today.
Overview

**PLEASE NOTE: THIS POSITION IS HYBRID - IN OFFICE 3 DAYS A WEEK - TO ONE OF OUR LOCAL OFFICES IN: LOUISVILLE, KY OR ALLENTOWN, PA.**

The Cybersecurity organization advances the overall state of security at PPL through critical initiatives and coordination of large security and customer-focused projects.

The organization builds and procures technologies, tools, and processes to better enable teams at PPL to develop secure platforms and protect data and systems with appropriate security controls.

Enterprise Cybersecurity also develops systems to monitor and respond to attacks against our systems, provides educational awareness to the corporation on security best practices, and ensures data sharing relationships with third parties securely protect PPL information.

**Purpose**
As a key member of the Enterprise Cybersecurity Compliance team, the Enterprise Cybersecurity Compliance Analyst is an experienced and detail-oriented compliance professional.

The position will oversee technical and business controls, within their scope, and work on a team of cybersecurity professionals to help build a strong strategy and culture of compliance for the NERC Critical Infrastructure Protection (CIP) Reliability Standards, TSA gas pipeline security directive, Controls & Regulatory Compliance for the IT department, and other cybersecurity compliance regulations, directives, and frameworks.

This position will assist with developing and implementing policies, procedures, technologies, and programs to maintain, demonstrate, and improve compliance.

The position drives compliance direction for Cybersecurity in NERC CIP, TSA security directive, and other compliance areas including participating as a subject matter expert (SME).

LI-Hybrid

#INDPPL

Responsibilities

+ Participates in compliance activities including providing consulting assistance with business areas and IT groups for cybersecurity compliance standards, policies, procedures, and measures.
+ Performs assessments, helps the organization institute, and monitor compliance with cybersecurity framework and regulatory requirements.
+ Supports teams in regulatory audits, spot-checks, and self-certifications including mock audits.
+ Assists in preparing for compliance audits where responsibilities include developing Reliability Standard Audit Worksheets (RSAWs) and compiling supporting evidentiary documentation.
+ Collaborates with relevant stakeholders in the development of audit responses and remediation plans for any identified findings.
+ Coordinates event and root cause analysis to identify gaps in controls including advising and supporting management in defining appropriate remedial actions and tracking.
+ Provides high level research on internal projects, recommending strategic directions and plans that address company-wide security issues.

This includes projects related to CIP implementations.
+ Maintains accurate and up-to-date documentation related to NERC CIP Compliance, and other compliance frameworks.
+ Balances security best practices and business drivers against framework requirements, business risk, and impact to make recommendations that minimize PPL’s risk profile.
+ Plays a role in complex problem analysis and makes recommendations for how to advance PPL’s cybersecurity compliance profile and culture with a team of motivated individuals.
+ Contributes to developing, implementing, and evaluating project plans, goals, and timelines for the implementation of internal controls across all applicable standards.
+ Effectively communicates with clients, peers and management in security matters in both verbal and written form.
+ Identifies opportunities for continuous improvement in Cybersecurity’s compliance program.
+ Performs other duties as assigned.

Qualifications

**Education** :

+ Bachelor’s degree in Computer Science, Information Security, and/or a related field or an equivalent level of work related experience.

**Experience** :

+ 2 or more years of work experience in a compliance or audit focused position or equivalent (Intermediate)
+ 5 or more years of work experience in a compliance or audit focused position or equivalent (Senior)
+ Experience with NERC CIP regulatory requirements, such as standards development, controls framework development, or compliance.
+ Experience with applying compliance frameworks, to successfully comply with security policies, standards, and guidelines.
+ Experience in examining and evaluating internal controls based on regulatory requirements to ensure adherence to the requirements is performed.
+ Proven experience establishing, managing, and validating compliance requirements with internal and external parties.
+ Experience creating, implementing, and documenting internal processes and technology to enhance compliance, efficiency, and education.
+ Understanding of requirements gathering, discovery, service mapping, problem management, asset management, project management, and service catalogs as they relate to regulatory compliance.
+ Experience preparing and presenting complex topics to non-technical audiences, at various levels within the organization.
+ Effective written, verbal, and interpersonal communication skills along with outstanding attention to detail with dedication to encouraging a culture of compliance and security.
+ Critical thinking skills with the ability to identify and solve complex problems with limited managerial oversight.
+ Demonstrated ability to lead projects and assignments and perform multiple activities concurrently.
+ Working knowledge of security related frameworks and activities including, but not limited to, NIST Cybersecurity Framework, SOC 1, SOC 2, etc.
+ Collaborative and effective in cross-functional team environments.
+ Strong analytical skills to assess risks and vulnerabilities in complex systems.

**Education** :

+ Bachelor’s degree in Computer Science, Information Security, and/or a related field or an equivalent level of work related experience.

**Experience** :

+ 2 or more years of work experience in a compliance or audit focused position or equivalent (Intermediate)
+ 5 or more years of work experience in a compliance or audit focused position or equivalent (Senior)
+ Experience with NERC CIP regulatory requirements, such as standards development, controls framework development, or compliance.
+ Experience with applying compliance frameworks, to successfully comply with security policies, standards, and guidelines.
+ Experience in examining and evaluating internal controls based on regulatory requirements to ensure adherence to the requirements is performed.
+ Proven experience establishing, managing, and validating compliance requirements with internal and external parties.
+ Experience creating, implementing, and documenting internal processes and technology to enhance compliance, efficiency, and education.
+ Understanding of requirements gathering, discovery, service mapping, problem management, asset management, project management, and service catalogs as they relate to regulatory compliance.
+ Experience preparing and presenting complex topics to non-technical audiences, at various levels within the organization.
+ Effective written, verbal, and interpersonal communication skills along with outstanding attention to detail with dedication to encouraging a culture of compliance and security.
+ Critical thinking skills with the ability to identify and solve complex problems with limited managerial oversight.
+ Demonstrated ability to lead projects and assignments and perform multiple activities concurrently.
+ Working knowledge of security related frameworks and activities including, but not limited to, NIST Cybersecurity Framework, SOC 1, SOC 2, etc.
+ Collaborative and effective in cross-functional team environments.
+ Strong analytical skills to assess risks and vulnerabilities in complex systems.

+ Participates in compliance activities including providing consulting assistance with business areas and IT groups for cybersecurity compliance standards, policies, procedures, and measures.
+ Performs assessments, helps the organization institute, and monitor compliance with cybersecurity framework and regulatory requirements.
+ Supports teams in regulatory audits, spot-checks, and self-certifications including mock audits.
+ Assists in preparing for compliance audits where responsibilities include developing Reliability Standard Audit Worksheets (RSAWs) and compiling supporting evidentiary documentation.
+ Collaborates with relevant stakeholders in the development of audit responses and remediation plans for any identified findings.
+ Coordinates event and root cause analysis to identify gaps in controls including advising and supporting management in defining appropriate remedial actions and tracking.
+ Provides high level research on internal projects, recommending strategic directions and plans that address company-wide security issues.

This includes projects related to CIP implementations.
+ Maintains accurate and up-to-date documentation related to NERC CIP Compliance, and other compliance frameworks.
+ Balances security best practices and business drivers against framework requirements, business risk, and impact to make recommendations that minimize PPL’s risk profile.
+ Plays a role in complex problem analysis and makes recommendations for how to advance PPL’s cybersecurity compliance profile and culture with a team of motivated individuals.
+ Contributes to developing, implementing, and evaluating project plans, goals, and timelines for the implementation of internal controls across all applicable standards.
+ Effectively communicates with clients, peers and management in security matters in both verbal and written form.
+ Identifies opportunities for continuous improvement in Cybersecurity’s compliance program.
+ Performs other duties as assigned.

Remote Work
The company reserves the right to determine if this position will be assigned to work on-site, remotely, or a combination of both.

Assigned work location may change.

In the case of remote work, physical presence in the office/on-site may be required to engage in face-to-face interaction and coordination of work among direct reports and co-workers.

Equal Employment Opportunity

Our company is an equal opportunity employer.

All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, national origin, protected veteran status, sexual orientation, gender identify, genetic information, disability status, or any other protected characteristic.

Required Skill Profession

Other General