Cyber Information Assurance Analyst II

Arizona Public Service generates reliable, affordable and clean energy for 2.7 million Arizonans. Our service territory stretches across the state, from the border town of Douglas to the vistas of the Grand Canyon, from the solar fields of Gila Bend to the ponderosa pines of Payson. As the state’s largest and longest-serving energy provider, our more than 6,000 dedicated employees power our vision of creating a sustainable energy future for Arizona.

Since our founding in 1886, APS has demonstrated a strong commitment to our customers in one of the country’s fastest growing states, earning a reputation for customer satisfaction, shareholder value, operational excellence and business integrity.

Our present and future success depends on the creative and dedicated people of our company who demonstrate the principles outlined in the APS Promise: Design for Tomorrow, Empower Each Other and Succeed Together.

The

is responsible for the design and implementation of information assurance and data security in applications, software, databases, flat files and procedures. Assesses and mitigates data security threats and risks throughout the data life cycle and validates data security requirements through analysis. Operates as the Export Compliance program lead to ensure compliance with U.S. Export laws concerning Technical Controlled Data (TCD) and Non-U.S. Person onsite visitations.

- Bachelors' degree in computer science, business administration, finance, accounting, or related field and two (2) years prior relevant experience or equivalent combination of education and directly related experience.

- Requires working technical knowledge gained through experience within a job area or system

Preferred Special Skills, Knowledge or Qualifications:

- Risk management and information security experience and a familiarity with the National Institute of Standards and Technology (NIST), Critical Infrastructure Protection (CIP) or Generally Accepted Privacy Principles (GAPP).

- Knowledge of information assurance regulations and standards, cybersecurity requirements and control designs, and/or Information Assurance Vulnerability Management (IAVM) program.

- Experience in or an ability to maintain and mature a compliance program which specializes in data protection and compliance with U.S. export control regulations.

Major Accountabilities

- Perform risk management tasks to identify cybersecurity risks, measure the implementation of controls to achieve data protection requirements, and create processes to address gaps or concerns.

- Follow information security and data protection frameworks to ensure adequate protection procedures exist around APS' sensitive information, with in-depth knowledge on technical controlled information.

- Provides analysis, design, development, implementation and security assessments to ensure compliance and support vulnerability management activities.

- Initiate improvements of processes, system(s), or products to enhance performance of the technical area.

- Maintain and regularly reconcile the inventory of applications and databases containing Technical Controlled Data to ensure compliance with export control laws and regulations.

- Assist data owners and IT in identifying technology and technical information that falls under U.S. export laws.

- Verify Non-US Person resources (contractors and employees) hiring/onboarding qualification by confirming with leadership whether access to Export Controlled technical data is required.

- In-take Non-US Persons’ visitation requests and approve their access to APS facilities.

- Coordinate with internal and external legal counsel to determine appropriate paths forward when sharing Export Controlled technical data with Non-US Persons.

- Provide comments/feedback in contract negotiation process for export compliance-related terms and conditions.

- Create and provide regulatory-required reporting to the U.S. Department of Energy.

- Participate in vendor risk management processes to assess vendors who will be in possession of APS sensitive information.

- Assist in cybersecurity and data protection awareness efforts to educate APS workforce on safe data use and handling.

- Utilize systems that help prevent inadvertent over-sharing of data classified as confidential and above, operating as the subject matter expert concerning Technical Controlled Data.15) May help train and assist entry level employees.