Cybersecurity Risk Assurance Analyst

at Southern Company
Location Atlanta, GA
Date Posted March 24, 2021
Category Default
Job Type Full-time

Description

**Cybersecurity Risk Assurance Analyst**

•*Description**

At Southern Company, our core objective is to ensure a safe and reliable computing environment for the consumers of our services, both internally and externally. Our complex environment generates a constant stream of challenges which require continual innovation with an evolving set of technologies. Keeping the network safe and reliable ensures that our users stay connected with our applications, products and services.

•*Position Overview:**

This role is within the Southern Company Technology Security organization and reports directly to Southern Company’s Cybersecurity Assurance Manager. This position is an analyst role responsible for building and maintaining strategic partnerships between Southern Company’s Technology Security Organization and its business owners, analyzing the expectations of the businesses to achieve effective security governance and risk management, and ensuring the confidentiality, integrity and availability of the company’s information assets. The analyst will combine broad cybersecurity and technology domain knowledge to reduce cybersecurity risk.

Working closely with business owners, the Cybersecurity Risk and Assurance analyst will collaborate to effectively manage risk through security assessments and developing contractual requirements, ensuring implemented solutions meet business and regulatory needs. She/he will also evaluate security industry best practices and regulatory requirements for applicability to Southern Company. The analyst will also leverage information security frameworks and supporting technical architecture to provide security expertise and consulting.

•*Job Responsibilities:**

+ Collaborate closely with solution owners from the business, seeking to understand business imperatives while educating them as needed regarding relevant requirements and controls

+ Leverage both technology and your knowledge to effectively validate and govern implemented solutions and related security controls

+ Ensure new products and services conform to information security policies, standards and best practices; conduct risk assessments of key company engagements and develop appropriate mitigation plans

+ Conduct service maturity and risk/impact assessments against known standards to support strategic initiatives

+ Present ideas, findings, education, and other concepts in a concise and focused manner to audiences at various levels within the organization. Quantify and communicate both technical and linked business risk in a way that drives prioritization of effort and smart investment decisions

+ Build and maintain strategic partnerships with key business stakeholders to apply knowledge of the business and appropriate best practices for the purpose of streamlining business processes, reducing costs, and improving customer satisfaction while increasing our overall security posture

+ Support cross-functional teams to investigate, analyze, and make recommendations to leadership on current security strategy

+ Assist in the development of Southern Company’s security architecture – identify areas of opportunity, research alternatives, and recommend solutions informed by an accurate risk picture

+ Provide internal technology security expertise by defining and influencing appropriate policies, technologies, processes and controls to reduce risk

+ Influence the utility industry’s creation, adoption and implementation of information security practices by participating in and leading industry forums, events, and committees

+ Maintain current knowledge of information security concepts, technologies, and practices

•*Requirements and qualifications:**

+ Demonstrated ability to manage a program/process across multiple teams in multiple disciplines

+ Prior experience advocating security policies, practices, controls, and standards to business and IT teams, internally and externally to the organization

+ Prior experience promoting security as a business enablement function using documentation, metrics, and strong verbal communication

+ Strong technical consulting experience: ability to understand business requirements and present appropriate solutions to a non-technical audience

+ Demonstrated critical, independent thinking; demonstrated ability to conceive and present creative solutions

+ Knowledge and understanding of information security concepts and best practices

+ Scripting skills (e.g. Python, Perl) desirable to facilitate automation or ingest data into appropriate security tooling

+ Energy industry experience desirable

+ Working familiarity with information security frameworks (e.g. COBIT, NIST, OWASP, CIS, MITRE ATT&CK) preferred

+ 4 years of experience in security infrastructure, security operations, security risk analysis, cybersecurity governance, or security architecture required

+ Bachelor’s degree or equivalent applicable experience required

+ One or more of the following certifications is required: CISSP, CCSP, CISM, GIAC, CompTIA Security , CompTIA Advanced Security Practitioner, public cloud architecture certification (e.g. Azure Solutions Architect)

+ Must be able to obtain and maintain security clearance

+ Must pass NERC CIP & Insider Threat Program background checks

\#LI

With 4.4 million customers and more than 46,000 megawatts of generating capacity, Atlanta-based Southern Company is the premier energy company serving the Southeast through its subsidiaries. A leading U.S. producer of clean, safe, reliable and affordable electricity, Southern Company owns electric utilities in four states and a growing competitive generation company, as well as fiber optics and wireless communications. Southern Company brands are known for energy innovation, excellent customer service, high reliability and retail electric prices that are below the national average. Southern Company and its subsidiaries are leading the nation's nuclear renaissance through the construction of the first new nuclear units to be built in a generation of Americans and are demonstrating their commitment to energy innovation through the development of a state-of-the-art coal gasification plant. Southern Company has been recognized by the U.S. Department of Defense and G.I. Jobs magazine as a top military employer and listed by DiversityInc as a top company for Blacks. The company received the 2012 Edison Award from the Edison Electric Institute for its leadership in new nuclear development, was named Electric Light & Power magazine's Utility of the Year for 2012 and is continually ranked among the top utilities in Fortune's annual _World's Most Admired Electric and Gas Utility_ rankings. Visit our website at www.southerncompany.com/

**We offer a competitive compensation package. Equal Opportunity Employer.**

•*Job Field:** Information Technology

•*Job Type:** Standard

•*Primary Location:** Georgia-Metro Atlanta-Atlanta

•*Operating Company:** Southern Company Services

•*Job Type:** Standard

•*Travel (Up to...):** No

•*Work Location(s):**

Georgia Power Headquarters - 241 Ralph McGill Blvd. NE (241ATLANTA)

241 Ralph McGill Blvd. NE

Atlanta, 30308

•*Req ID:** SCS2009293

Drop files here browse files ...