Con Edison

Sr System Cyber Analyst - NERC CIP Cyber Security

Bronx, NY

$125,000-$135,000

About This Job

Overview

This position is responsible to insure compliance to NERC Critical Infrastructure Protection Standards that are applicable to Substation Operations. This position will support the design, development and implementation of computer system networks, cyber security tools & monitoring, PC systems and applications, and telecommunication applications for Substation Operations associated with Bulk Electric Systems (BES) Cyber Systems. Violations of the NERC CIP standards will diminish system reliability and can result in significant consequences to the Con Edison Bulk Electric System, and the Company as a whole. A dedicated professional with continuous oversight responsibility to standard compliance is essential to continued reliable operations.Under the general supervision of the Protective System and Testing Section Manager, the Senior System Cyber Analyst will be active in and be responsible for functional compliance with NERC Critical Infrastructure Protection related to the operation of BES Cyber Systems/Assets associated with Substation Operations. This activity will include preparation, review and approval of necessary procedures and evidence to demonstrate compliance prior to reporting to local, state and federal regulatory agencies and regional authorities. The Sr. System Cyber Analyst is responsible for contributing, guiding, to the analysis of Cybersecurity incidents and events. The Sr. System Cyber Analyst will help in protecting the company from all cyber threats and risks.

Responsibilities

Core Responsibilities

•

The Sr. System Cyber Analyst is responsible for contributing, guiding, to the analysis of Cybersecurity incidents and events. The Sr Cyber Analyst will design, install, monitor IT computing infrastructure, provide timely response and troubleshoot alerts generated by various security tools.

•

Assist in the design, development and implementation of Network Systems including cabling, servers, firewalls, routers, HMIs, IED etc. to effectively comply with CIP Standards

•

Assist regional PST areas in matters of CIP compliance. Provide guidance and instruction on performing necessary field activities to meet CIP compliance requirements.

•

Responsible for BES Cyber System Categorization.

•

Maintain databases, records, passwords and baseline configurations associated with BES Cyber Systems.

•

Develop training modules for cyber security training program and aspects of Personnel Risk Assessment Program.

•

Responsible for the designation and management of Electronic and physical security perimeters associated with BES Cyber Systems.

•

Responsible for the management of System Security associated with BES Cyber Systems.

•

Responsible for incident reporting and response planning associated with BES Cyber Systems including but not limited to participation on the NERC Alerts incident team.

•

Administer access management and access revocation of BES Cyber Systems

•

Conduct vulnerability assessments on the BES Cyber Systems.

•

Review and comment on revised NERC CIP standards. Develop required protocols and procedural revisions to address revised NERC CIP standards to ensure continued compliance with such revised standards.

•

Monitor and report on status of compliance with NERC CIP requirements.

•

Represent substation operations in NPCC and NERC related compliance issues both internal to Con Edison and with external organizations such as NYISO, NPCC, NERC, FERC and other neighboring TOs and reliability coordinators.

•

Make compliance program presentations as required and at the executive level.

•

Ensure the timely, accurate and well-documented submittal of data to NPCC, as required to address compliance requirements

•

Perform other related assignments as required.

Qualifications

Required Education/Experience

•

Bachelor's Degree with three (3) years of IT experience preferably in Cybersecurity or

•

Master's Degree with two (2) years of IT experience preferably in Cybersecurity

Preferred Education/Experience

•

Bachelor's Degree In Engineering, Computer Science, Information Technology, or relevant concentration

•

Master's Degree In Engineering, Computer Science, Information Technology, or relevant concentration

Relevant Work Experience

•

Requires work experience in any of the following areas: Computer Networking, Cyber Security, Computer Engineering or Information Technologies Required

•

Proficiency in Microsoft Office suite and productivity tools is required Required

•

Ability to present at different levels of management Required

•

Knowledge and experience in real-time production environments, TCP/IP, active directory, LINUX, SQL servers and oracle. Preferred

•

Strong knowledge of network protocols, network analysis tools, and network architecture is preferred. Preferred

•

Knowledge of vulnerability, threat and risk management and assessment Preferred

•

Scripting knowledge using industry standard scripting tools Preferred

Skills and Abilities

•

Strong written and verbal communication skills

•

Must be proficient in Microsoft Office including Word, Excel, Outlook and PowerPoint, etc.

•

Demonstrated time management and priority setting skills

•

Well organized, detail oriented and flexible to handle multiple assignments

•

Highly thorough and dependable

Licenses and Certifications

•

Driver's License Required

•

Other: Technical certifications (e.g. CISSP, CISM, CIPP etc.) Preferred

Additional Physical Demands

•

The selected candidate will be assigned a System Emergency Assignment (i.e., an emergency response role) and will be expected to work non-business hours during emergencies, which may include nights, weekends, and holidays.

•

This position requires local and out-of-town travel and representation of the Company at regulatory meetings including NPCC and NERC meetings.

•

Must be able and willing to travel within Company service territory, as needed.

•

Must be willing and available to be on call, work off shifts, weekends, holidays and overtime as operations and system conditions require.

•

Must be able to respond to Company emergencies by performing a System Emergency Assignment to restore service to our customers.

Similar Jobs