SrCyber Sec Perf Analyst/Oversight

Job Description

Job DescriptionWHO WE AREAs the nation’s largest producer of clean, carbon-free energy, Constellation is focused on our purpose: accelerating the transition to a carbon-free future. We have been the leader in clean energy production for more than a decade, and we are cultivating a workplace where our employees can grow, thrive, and contribute. Our culture and employee experience make it clear: We are powered by passion and purpose.

Together, we’re creating healthier communities and a cleaner planet, and our people are the driving force behind our success. At Constellation, you can build a fulfilling career with opportunities to learn, grow and make an impact. By doing our best work and meeting new challenges, we can accomplish great things and help fight climate change. Join us to lead the clean energy future.

TOTAL REWARDSConstellation offers a wide range of benefits and rewards to help our employees thrive professionally and personally. We provide competitive compensation and benefits that support both employees and their families, helping them prepare for the future.

In addition to highly competitive salaries, we offer a bonus program, 401(k) with company match, employee stock purchase program; comprehensive medical, dental and vision benefits, including a robust wellness program; paid time off for vacation, holidays, and sick days; and much more. Expected salary range of $120,600 to $134,000, varies based on experience, along with comprehensive benefits package that includes bonus and 401(k). PRIMARY PURPOSE OF POSITIONThe Cyber Security Analyst (CSA) will work closely with functional areas throughout the Constellation cyber security program to execute the strategy for technical security controls, providing pro-active cyber security risk management analysis and technical oversight.

The CSA will act as a team lead to the Cyber Security Technical Compliance team to effectively communicate and execute the Constellation technical oversight plan. The CSA will assist the manager in leading the technical oversight program. The CSA will assist in the development of appropriate security risk management plans.

The CSA will work closely with all business areas responsible for regulated systems, as well as unregulated OT and IT systems to ensure effective implementation of security controls; providing analytical and technical recommendations where needed. Work closely with the Cyber Technical Compliance team to assist with the identification, analysis, and remediation of cyber security risk.

PRIMARY DUTIES AND ACCOUNTABILITIESWork closely with technical teams and various Constellation business units to provide oversight to security standards subject to regulatory enforcement, as well as internal IT/OT security controls including:Conduct technical oversite activities, conduct briefs for site leadership, provide recommendations (technical and non-technical). Assist business areas identify cost effective solutions to meet compliance, when necessary. Conduct interviews with contractors and employees to ensure policy, procedures, and processes are being followed accordingly.

Verify security requirements are in place for all applications related to NERC CIP, TSA Gas, CMMC, Maritime Transportation Security, etc. Create reporting metrics on the health of the various internal security controls programs. Provide analytical and data analysis of security assessments to other team members, technical teams, and business clients, including:Work with stakeholders to resolve issues around regulatory compliance and determine root cause analysis of underlining issue/s.

Develop specific risk mitigation strategies for systems and/or applications. Support Constellations cyber security incident response program as needed for. Plan and support annual regulatory cyber security incident response drills and tabletops.

Ensure lessons learned and the Cyber Security Incident Response Plan (CSIRP) is updated as required. Work closely with the IT regulatory disaster recovery programs. Support Constellations cyber/IT disaster recovery program as needed.

EWJD3