The Cyber Security Governance and Risk Analyst is crucial for ensuring compliance with NERC CIP Standards and TSA Security Directives.his role focuses on compliance with NERC CIP Standards and TSA Security Directives.

This position involves the collection and maintenance of evidence to enhance the cybersecurity posture of critical infrastructure. Key responsibilities include participating in regular NERC CIP and TSA compliance tasks and audits, working with various IT and cybersecurity teams to ensure compliance, identifying and addressing compliance violations, and developing and implementing corrective actions. Additionally, the role demands proficiency in using and understanding command syntax for tools and systems like Cisco switches, routers, ACI, Opengear terminals, SecureCRT, Citrix Web Interface, VPNs with RSA tokens, and Adobe PDF markup.

Success in this position requires a solid understanding of various IT systems and tools, including:

• Footprints and Service Now for IT service management
• Splunk for data analysis and security monitoring
• Tripwire Enterprise / IP360 for security and compliance monitoring
• Palo Alto Panorama for centralized network security management
• Microsoft applications (Word, Excel, Visio, PowerPoint)
• Other internal applications specific to the environment

Key Responsibilities:

• Collecting and maintaining evidence to support and improve the cybersecurity stance of critical infrastructure data networks
• Engaging in regular compliance tasks and audits (daily to annual), serving as a subject matter expert during audits as needed
• Collaborating with IT/Cybersecurity teams to ensure compliance with NERC CIP and TSA directives
• Reviewing, evaluating, and identifying the root causes of compliance issues and near misses
• Developing mitigation plans and completing corrective actions to address compliance violations
• Maintaining proficiency in command syntax for devices such as Cisco switches, routers, ACI, and using tools like Opengear terminals, SecureCRT, Citrix Web Interface, VPNs with RSA tokens, and Adobe PDF markup

Qualifications:

• Bachelor’s degree with at least five years of relevant work experience
• Alternatively, a High School/GED with ten years of related work experience

Desired Skills:

• Leadership capabilities and ability to work independently with minimal supervision
• Certifications such as CISSP, CISM, CISA, or Cisco CCNA
• Experience with NERC CIP or NIST frameworks
• Advanced degree in a related field (Computer Science, Engineering, Legal)
• Proficiency in programming languages and tools, including Python, Visual Basic, YAML, JSON, BASH, Bitbucket, and Linux
• Hands-on experience with orchestration and automation tools like Ansible