Tampa Electric
Sr. Enterprise Cyber Risk Mgmt Analyst, Progression
Tampa Electric, Tampa, Florida, 33646
Power up a career with us. Ourpeopleare our greatest investments. Be the light tohelp uskeep our customers connected.If you are interested in a career and not just a position, Tampa Electric is the place to beTampa Electric offers competitive pay, acomprehensivebenefitspackageand opportunities for growth and development in a friendly and professional work environment.We embrace diversity and the inclusion of all. We believe our differences, unique perspectives and talents are our strengths and integral to the success of our company. We're honored to serve approximately 780,000 customers across West Central Floridaand safely providethem with clean, affordable and reliable electricity. We've been doing it formore than 100 years, and there's so much more ahead. Join our team of energy experts as we build on that legacy through innovation, continued solar investments, cost-effective and sustainable energy solutionsallwhile keepingtop-notchcustomer service at the center of all we do. Tampa Electric is a subsidiary of Emera Inc., a family of energy companies which alsoincludes TECO Peoples Gas and New Mexico Gas Company. Emera provides energy to residential and commercial customers in the United States, Canada, and the Caribbean, with career opportunities available inall ofthese locations. TITLE: Sr. Enterprise Cyber Risk Management Analyst, Progression PERFORMANCE COACH: Enterprise Cyber Risk Management Lead COMPANY: Tampa Electric DEPARTMENT: Information Security JOB FAMILY: Information Technology POSITION CONCEPT The Enterprise Cyber Risk Management Analyst is a solution orientated problem-solver with demonstrated knowledge of Information Security best practices. Ensures the integrity of the company's information resources at the network, operating system, and application levels. Incorporates elements of the Enterprise Cyber Risk Management Framework, aligning with industry best practices and the organization's risk tolerance. Contributes to fostering a cyber risk-aware culture and protecting assets from evolving cyber threats. Analyzes risk, establishes appropriate security controls and responds to potential threats. Delivers support in a team setting, contributing to the systematic approach to cyber risk management to identify TECO's needs regarding information security requirements and the management of systems dedicated to monitoring and safeguarding enterprise assets. Performs cyber risk management activities and provides a methodology when performing risk analysis and risk evaluation. Please note that this position can be hired at any level within the job family progression, based on Education and years of experience. Enterprise Cyber Risk Management Analyst PRIMARY DUTIES AND RESPONSIBILITIES 1. Responsible for the Identification of Risks on an ongoing effort to identify actions or conditions that can have adverse impacts on continuity of business or the cyber security of TECO. Responsible for the Classification and Prioritization of Risks, an ongoing analysis of the probability and impact associated with risks along with timeframes, where applicable, and their prioritization relative to other identified risks. Assist with Risk Mitigation decisions, actions, implementations, controls, or other activities that reduce the likelihood of a risk being realized, reduce the impact of the risk if realized, or improve TECO's response time and efficacy. 25% 2. Assist with the Oversight and Review of risks, their current probability and impact assessments, associated mitigation plans, and status of corrective measures currently underway or already undertaken along with efficacy review, where applicable, and finally a review of changing prioritization of said risks. Participate in developing and updating risk-related policies and procedures to align with industry standards and best practices. 25% 3. Utilize risk assessment tools and technologies for effective threat identification and analysis. Regularly report risk findings to relevant stakeholders, including creating detailed risk assessment reports and presentations for management. Maintain a strong working relationship with individuals and groups involved in managing information risks across the organization. 25% 4. Participate in projects to recommend risk reduction. Exchange knowledge and information with other TECO facilities to ensure best practices are shared throughout the TECO organization. Partner and collaborate with other functional teams in support of cyber risk processes. 25% QUALIFICATIONS Education Required: Bachelor's Degree in Computer Science, Information Systems or other Information Technology related field. In lieu of Bachelors degree, an additional 4 years of related Information Technology experience may be considered. Licenses/Certifications Preferred: CISSP, ITILv3, and two related Information Technology Security professional or vendor certifications (ex: CEH, CSSA, GIAC, etc.) EXPERIENCE Required: 4 years of practical technical experience in an Information Technology role, Information Systems Audit role, or Information Security role. Knowledge/Skills/Abilities (KSA) Required: Knowledge of Internet protocols, communication protocols, data and network security, and network monitoring tools. Knowledge of encryption technologies and techniques (certificates, PKI, Data Loss Prevention, multi factor authentication) and best practices. Knowledge of various Operating system and Database security hardening controls and best practices. A solid understanding of fundamental principles of cybersecurity, including threat landscape, vulnerabilities, and risk management. Familiarity with relevant security standards and frameworks such as NIST Special Publication 800-53, ISO 27001, and others depending on the industry. Knowledge of applicable laws and regulations governing information security, privacy, and data protection. Understanding of information technology systems, network architecture, and common technologies to assess security controls effectively. Knowledge of security control frameworks and their implementation, including access controls, encryption, and incident response. Knowledge of advanced cybersecurity tools and platforms, such as SIEM, IDS/IPS, endpoint protection, and threat intelligence solutions, for effective risk analysis and mitigation. Proficiency in control testing to assess the effectiveness of security controls, including designing and executing test procedures to evaluate control performance against established criteria and standards. Ability to conduct comprehensive risk assessments, identifying and analyzing security risks to information systems. Technical skills to assess security controls, perform vulnerability assessments, and understand the technical aspects of security implementations. Strong communication skills to effectively convey assessment findings, risks, and recommendations to technical and non-technical stakeholders. Ability to determine security requirements by evaluating business strategies and requirements; researching information security standards; studying architecture/platform; and identifying integration issues. Ability to create clear and detailed documentation, including assessment plans, reports, and recommendations. Critical thinking and problem-solving skills to analyze complex security issues and recommend appropriate solutions. Keen eye for detail to identify vulnerabilities, weaknesses, and discrepancies in security controls and documentation. Ability to adapt to evolving cybersecurity threats, technologies, and regulatory requirements. Adherence to ethical standards and professionalism, as SCAs often have access to sensitive information and play a critical role in maintaining the integrity of security assessments. Collaboration with various stakeholders, including system owners, security teams, and management, to ensure a comprehensive understanding of the information system and its security controls. Commitment to continuous learning and staying updated on the latest developments in cybersecurity, technology, and regulatory landscapes. Enterprise Cyber Risk Management Analyst Sr POSITION CONCEPT: The Enterprise Cyber Risk Management Analyst Sr serves as Information Security and Cyber Risk Management subject matter expert. Provides recommendations for additional security solutions or enhancements. Mentor and provide expert level security guidance and support to junior team members. Assumes a role in the implementation of the Enterprise Cyber Risk Management Framework which adheres to industry best practices and aligns with the organization's risk tolerance. Help protect assets from evolving cyber threats, stay in compliance with regulatory mandates, and foster a cyber risk aware culture. Collaborates with business units on cybersecurity, privacy, protection, and resilience of company assets, technology, and information. Ensures that the outcome of the risk assessment, risk treatment, and management plans remain relevant and appropriate to the circumstances, by using their extensive technical expertise and industry experience. Helps the business identify appropriate security solutions based on risk minimization and risk tolerance. Proposes technologies in sync with industry regulatory requirements, anticipated trends, and corporate business plans to accomplish company goals and strategies. Delivers support in a team setting, contributing to the systematic approach to cyber risk management to identify TECO's needs regarding information security requirements and the management of systems dedicated to monitoring and safeguarding enterprise assets. Performing cyber risk management activities and providing a methodology when performing risk analysis and risk evaluation. QUALIFICATIONS Education Required: Bachelor's Degree in Computer Science, Information Systems or other Information Technology related field. In lieu of Bachelors degree, an additional 4 years of related Information Technology experience may be considered. Licenses/Certifications Required: Certified Information Systems Security Professional (CISSP) and Information Technology Infrastructure Library (ITIL) certification. EXPERIENCE Related Experience Required: 7 years of practical technical experience in an Information Technology role, Information Systems Audit role, or Information Security role. LI-SAC TECO offers a competitive Benefits package Competitive Salary 401k Savings plan w/ company matching Pension plan Paid time off Paid Holiday time Medical, Prescription Drug, & Dental Coverage Tuition Assistance Program Employee Assistance Program Wellness Programs On-site Fitness Centers Bonus Plan and more