Senior Enterprise Cyber Risk Management Analyst

Verified Job On Employer Career Site

Job Summary:

Tampa Electric Company is seeking a Senior Enterprise Cyber Risk Management Analyst who will play a vital role in implementing the Enterprise Cyber Risk Management Framework. The analyst will help protect the organization from evolving cyber threats, ensure compliance with regulatory mandates, and foster a culture of cyber risk awareness.

Responsibilities:

• Responsible for the Identification of Risks on an ongoing effort to identify actions or conditions that can have adverse impacts on continuity of business or the cyber security of TECO. Responsible for the Classification and Prioritization of Risks, an ongoing analysis of the probability and impact associated with risks along with timeframes, where applicable, and their prioritization relative to other identified risks. Assists with Risk Mitigation decisions, actions, implementations, controls, or other activities that reduce the likelihood of a risk being realized, reduce the impact of the risk if realized, or improve TECO’s response time and efficacy.

• Assists with the oversight and Review of risks, their current probability and impact assessments, associated mitigation plans, and status of corrective measures currently underway or already undertaken along with efficacy review, where applicable, and a review of changing prioritization of said risks. Participate in developing and updating risk-related policies and procedures to align with industry standards and best practices.

• Utilizes risk assessment tools and technologies for effective threat identification and analysis. Regularly report risk findings to relevant stakeholders, including creating detailed risk assessment reports and presentations for management. Maintains a strong working relationship with individuals and groups involved in managing information risks across the organization.

• Participates in projects to recommend risk reduction. Exchange knowledge and information with other TECO facilities to ensure best practices are shared throughout the TECO organization. Partners and collaborate with other functional teams in support of cyber risk processes.

• Perform focused risks assessments within areas of the organization: capital projects, firewalls, threat advisories, cloud, network security, third-party risk, reputational risk, financial risk, and other areas as warranted. Communicate risk assessment findings to risk owners. Provide consultative advice to risk owners that enable them to make informed risk management decisions. Participate in projects to assist in identifying risk findings through vulnerabilities, security incidents, audits, and other cybersecurity programs and determine how to integrate these into TECO’s risk register. Identify appropriate controls to effectively manage cyber risks as needed. Identify opportunities to improve risk posture by ensuring that remediating or mitigating controls are identified and assess the residual risk. Drive continuous improvement through trend reporting analysis and metrics management. Participate in updating Enterprise Cyber Risk Management policies and procedures. Review risk management practices and comply with relevant laws and regulations.

• Responsible for the Identification of Risks on an ongoing effort to identify actions or conditions that can have adverse impacts on continuity of business or the cyber security of TECO. Responsible for the Classification and Prioritization of Risks, an ongoing analysis of the probability and impact associated with risks along with timeframes, where applicable, and their prioritization relative to other identified risks. Assist with Risk Mitigation decisions, actions, implementations, controls, or other activities that reduce the likelihood of a risk being realized, reduce the impact of the risk if realized, or improve TECO’s response time and efficacy. Report risk findings to risk owners, through risk assessment process and presentations for management.

• Perform ongoing cyber risk management activities within various IT and OT environments, including threat and vulnerability analysis. Leverage existing support tools and techniques when performing risk analysis and risk evaluation. Identify appropriate security solutions based on risk minimization and risk tolerance. Review the cyber risk management process to ensure that the outcome of the risk assessment, risk treatment, and management plans remain relevant and appropriate to the circumstances. Recommend and coordinate the implementation of corrective actions to close remediation items.

• Maintain a working relationship with risk owners across the organization. Exchange knowledge and information with other TECO facilities to ensure best practices are shared throughout the TECO organization. Partner and collaborate with other functional teams in support of cyber risk processes.

Qualifications:

Required:

• High School Diploma.

• From the list of certification vendors, one related Information Security professional certification or ability to obtain via self-study within one year of hire date (ex: (ISC)2, GIAC, ISACA, CompTIA, e-Council, etc.).

• 6 years of related Cyber Security or IT experience in Information Systems Audit or Assessor, Information Security, systems management, systems administration, information systems security, system certification, risk analysis). May consider a degree in lieu of experience. Associates degree with 4 years related experience required or Bachelor's Degree in Computer Science, Information Systems or other IT related discipline with 2 years related experience.

• Solid understanding of fundamental principles of cybersecurity, including threat landscape, vulnerabilities, and risk management.

• Familiarity with relevant security standards and frameworks such as NIST Special Publication 800-53, ISO 27001, and others depending on the industry.

• Knowledge of applicable laws and regulations governing information security, privacy, and data protection.

• Understanding of information technology systems, network architecture, and common technologies to assess security controls effectively.

• Knowledge of security control frameworks and their implementation, including access controls, encryption (certificates, PKI, Data Loss Prevention, multi factor authentication), and incident response.

• Knowledge of advanced cybersecurity tools and platforms, such as SIEM, IDS/IPS, endpoint protection, and threat intelligence solutions, for effective risk analysis and mitigation.

• Knowledge of Internet protocols, communication protocols, data and network security, and network monitoring tools.

• Proficiency in control testing to assess the effectiveness of security controls, including designing and executing test procedures to evaluate control performance against established criteria and standards.

• Ability to conduct comprehensive risk assessments, identifying and analyzing security risks to information systems.

• Technical skills to assess security controls, perform vulnerability assessments, and understand the technical aspects of security implementations.

• Strong communication skills to effectively convey assessment findings, risks, and recommendations to technical and non-technical stakeholders. Ability to create clear and detailed documentation, including assessment plans, reports, and recommendations.

• Critical thinking and problem-solving skills to analyze complex security issues and recommend appropriate solutions.

• A keen eye for detail to identify vulnerabilities, weaknesses, and discrepancies in security controls and documentation.

• Ability to adapt to evolving cybersecurity threats, technologies, and regulatory requirements.

• Adherence to ethical standards and professionalism, as SCAs often have access to sensitive information and play a critical role in maintaining the integrity of security assessments.

• Collaboration with various stakeholders, including system owners, security teams, and management, to ensure a comprehensive understanding of the information system and its security controls.

• Commitment to continuous learning and staying updated on the latest developments in cybersecurity, technology, and regulatory landscapes.

Preferred:

• Bachelor’s Degree in Computer Science, Information Systems or other Information Technology related field.

• ITIL v3 and two or more of the following or similar Information Security professional certifications (ex: ACE, CCE, CEH, CISA, CISM, CISSP, CRISC, EnCE, GCCC, GCDA, GCED, GCFA, GCFE, GCIA, GCIH, GCWN, GICSP, GMON, GNFA, GPEN, GPPA, GREM, GWAPT, GXPN, OSCP, SSCP).

• Bachelors Degree in Computer Science, Information Systems or other Information Technology related field.

• ITIL v3 and three or more of the following or similar Information Security professional certifications (ex: ACE, CCE, CEH, CISA, CISM, CISSP, CRISC, EnCE, GCCC, GCDA, GCED, GCFA, GCFE, GCIA, GCIH, GCWN, GICSP, GMON, GNFA, GPEN, GPPA, GREM, GWAPT, GXPN, OSCP, SSCP).

• Associates degree with 6 years related experience required or Bachelor's Degree in Computer Science, Information Systems or other IT related discipline with 4 years related experience.

Company:

TECO Energy Inc. is an energy-related holding company. Founded in 1899, the company is headquartered in Tampa, Florida, USA, with a team of 1001-5000 employees. The company is currently Late Stage.