Senior Cybersecurity Risk Analyst

Company Summary Statement

As one of the largest investor-owned utility companies in the United States, PPL Corporation (NYSE: PPL), is committed to creating long-term, sustainable value for our 3.5 million customers, our shareowners and the communities we serve. Our high-performing regulated utilities — PPL Electric Utilities, Louisville Gas and Electric, Kentucky Utilities and Rhode Island Energy — provide an outstanding experience for our customers, consistently ranking among the best utilities in the nation. PPL’s companies are also addressing challenges head-on by investing in new infrastructure and technology that is creating a smarter, more reliable and resilient energy grid. We are committed to doing our part to advance a cleaner energy future and drive innovation that enables us to achieve net-zero carbon emissions by 2050 while maintaining energy reliability and affordability for the customers and communities we serve. PPL is a positive force in the cities and towns where we do business, providing support for programs and organizations that empower the success of future generations by helping to build and maintain strong, diverse communities today.

LI-Hy #INDPPL

PPL is seeking a Senior Cybersecurity Risk Analyst to join its Enterprise Cybersecurity Governance, Risk, and Compliance team. This role is responsible for leading the execution of cybersecurity and IT risk assessments, identifying and analyzing risk exposures, and supporting the development of risk mitigation strategies across the enterprise. The analyst will work closely with cross-functional teams compromised of cybersecurity, IT, and business stakeholders to continuously improve PPL’s risk posture.

- Collaborate with cybersecurity, IT, and business stakeholders to identify, assess, and mitigate risk exposure.

- Lead and conduct cybersecurity and IT risk assessments across systems, applications, and business processes.

- Maintain and enhance risk register, dashboards, and risk reporting mechanisms.

- Analyze risk trends and develop actionable insights to inform strategic enterprise decision-making.

- Develop and refine cybersecurity policies, standards, and procedures in alignment with industry best practices.

- Monitor emerging threats, vulnerabilities, and regulatory changes, and assess their impact on enterprise risk.

- Provide mentorship and guidance to junior analysts and contribute to team knowledge sharing.

- Participate in incident response and post-incident risk analysis to identify root causes and recommend improvements.

- All other duties and projects as assigned

Qualifications

Required Qualifications: Education:

- Bachelor’s Degree in relevant field (e.g., Cybersecurity, Risk Management, Computer Science, Computer Information Systems)

Experience:

- 5+ years of progressive IT experience working within modern IT environments, including cloud-based platforms, enterprise infrastructure, or cybersecurity.

- Knowledge of risk management frameworks, particularly NIST Cybersecurity Framework, NIST Risk Management Framework, and the FAIR model.

- Excellent communication and stakeholder engagement skills, including the ability to clearly and concisely translate complex technical details into business-relevant terms for non-technical stakeholders, and effectively communicate high-risk issues for timely escalation and decision-making.

Licensure / Other Qualifications

- Holds, or must be willing to obtain professional certification such as CRISC, CISA, or CISSP, within 12-18 months of hire.

Note: Must meet all requirements within this section before considered as a candidate.

- 5+ years' work experience in cybersecurity, risk management, audit, or related field.

- Proficiency in risk analysis, documentation, and reporting.

- Experience with industry recognized GRC platforms

- Proficiency in one or more programming or scripting languages (e.g., Python, PowerShell) to automate risk analysis tasks, streamline reporting, and integrate with APIs for data collection and system integration.

- Technical expertise in system architecture, virtualization, and network security, with the ability to assess and mitigate risks across hybrid environments.