Cyber Security Analyst - IT (Remote)

Description

At Constellation, a freshly independent and soon-to-be Fortune 200 company, we're providing the energy and services to transform our future. Combining next generation technologies and product offerings with the country's lowest carbon generating fleet, our company is purpose-built to meet the challenges of the climate crisis.

Constellation has been the leader in clean energy production for more than a decade. Now we're speeding delivery of low-carbon or no-carbon power to help families, communities, governments, and businesses meet their sustainability and decarbonization goals. Constellation provides 10 percent of total clean power and 22 percent of clean baseload power in the United States and is the leading competitive retail supplier of energy products, services and clean energy solutions. The race is on to confront climate change, and no company is more ready to meet that challenge.

We are committed to advancing diversity, equity and inclusion and believe in attracting, retaining and advancing employees who will best serve and represent our customers, partners and communities. We provide a workplace that ensures mutual respect, where each individual has the opportunity to grow and contribute at their greatest potential. Constellation will provide you the tools and resources you need to design, build and power a successful career.

Constellation offers a wide range of benefits, designed to help our employees thrive professionally and personally. In addition to highly competitive salaries, we offer a bonus program, 401(k) with company match, employee stock purchase program; comprehensive medical, dental and vision benefits, including a robust wellness program; paid time off for vacation, holidays and sick days; and much more.

Join us as we accelerate the transition to a carbon-free future. Energize your career with Constellation.

PRIMARY PURPOSE OF POSITION

The Cyber Security Compliance Analyst will exist as part of the broader Cyber Security Governance function and works across Constellation teams to ensure compliance with cyber-specific laws, rules and regulations applicable to the organization. In addition to supporting certain internal and external audit activities in accordance with industry control frameworks such as Sarbanes-Oxley, CISA and NIST, this position is responsible for supporting the identification, evaluation and tracking of requirements related to new control frameworks in scope for Constellation's cyber security and business programs (e.g., DFARS, CMMC). This role coordinates across teams, including Supply, Legal, Regulatory, Compliance, and business partners.

PRIMARY DUTIES AND ACCOUNTABILITIES

• Support Constellation's implementation and establishment of sustainment model for new and/or evolving control/policy frameworks that will need to be adopted under the cyber governance team.

• Support coordination between Cyber Security, Legal, and business partners in support of establishing and sustaining Information Protection Governance programs

• Coordinate the establishment of critical data inventories, governing data classifications, and handling standards

• Develop metrics to convey the status and heath of applicable cyber-security compliance initiatives.

• Perform compliance activities including control testing, self-assessments and support engagements with internal and external auditors and support vendors.

• Support business partners and report compliance results with respect to the adherence to and compliance with applicable cyber laws, regulations, and control frameworks

• Read, analyze, and interpret business, professional, technical or government documents.

• Assist in the creation and maintenance of risk assessments, test plans and reports

• Lead the support of compliance data in internal systems like ServiceNow and/or Governance Risk and Compliance (GRC).

• Maintain comprehensive records for all concerns and/or findings during the compliance process; support issues tracking and drive corrective action/remediation efforts.

• Recommend and implement change and process improvements to the cyber compliance areas to ensure sustained compliance and operational efficiencies.

• Write reports, business correspondence and policy/procedural materials regarding applicable cyber compliance matters and guidance.

JOB SCOPE

• Working knowledge of cyber security practices for an enterprise environment

• Working knowledge of computer networking concepts and protocols, and network security methodologies

• Working knowledge of firewall operations

• As assigned, work effectively with other departments and team members

• Promotes and shares professional knowledge via seminars, presentations, and publications within your community (i.e. department, peers, educational institutions), as required

Qualifications

MINIMUM QUALIFICATIONS

• Bachelor's degree in Computer Science or related discipline and typically 2 to 5 years related experience or 6 to 9 years equivalent combination of education and work experience.

• Ability to solve problems using pre-defined procedures and guidelines.

• Communication skills Able to effectively communicate highly technical information in non-technical terminology (written and verbal)

• Flexible and adaptable to changing priorities, based on business needs

• Working knowledge of Server and Workstation Operating Systems (Windows / Linux), along with command prompt knowledge

• Working knowledgeable in IP based switching, routing, and network environments (ex. Cisco)

• Working knowledge of computer networking concepts and protocols, and network security methodologies.

• Working knowledge of cyber security practices for an enterprise environment

• Working knowledge of firewall operations (ex. Cisco & Checkpoint)

• Working knowledge of cyber security practices for an enterprise environment

• Experience with Implementing and sustaining Cyber Security Frameworks such as NIST 800-171, 172.

• Experience with Federal Gov Compliance in working with FIPS-199, SARS, SSPs, and POAMS.

PREFERRED QUALIFICATIONS

• Working knowledge of cyber security program elements such as Policy Development, Application Security, Information Security, Network Security, Disaster Recovery Planning, Operational Security, Incident Response, and End User Education

• Working knowledge of Security Information Event Management (SIEM) solutions (ex. Splunk, Nitro, Industrial Defender)

• Cisco Certified Network Associate (CCNA) certification acceptable with other network credentials. Security Plus training

Constellation is proud to be an equal opportunity employer and employees or applicants will receive consideration for employment without regard to: age, color, disability, gender, national origin, race, religion, sexual orientation, gender identity, protected veteran status, or any other classification protected by federal, state, or local law.

VEVRAA Federal Contractor

REQNUMBER: 242206-OTHLOC-~~~

Constellation is proud to be an equal opportunity employer and employees or applicants will receive consideration for employment without regard to: age, color, disability, gender, national origin, race, religion, sexual orientation, gender identity, protected veteran status, or any other classification protected by federal, state, or local law.