Southern Company Security Risk & Compliance Analyst in Atlanta, Georgia
Security Risk & Compliance Analyst
Purpose: This position supports the Southern Company technology security program to ensure the company’s information and energy assets are adequately protected. The incumbent will build and maintain strategic partnerships with Southern’s electric and gas utilities and commercial business units, analyze business partner environments, define and implement business security requirements and goals, and identify and resolve business security issues. The position also supports information security governance functions including policy and procedures and compliance programs including NERC CIP, PCI, FACTA, as well as other state, local, and federal security regulations.
Education / Experience:
A Bachelor’s degree in Engineering, Computer Science or related field
Possess a broad-based and in-depth knowledge of information security methodologies, tools, technologies and best practices and how they relate to the organization
Ability to understand technical information security issues/concepts and bring to senior management in an understandable manner
Strong risk assessment skills required in order to adequately convey and remediate information security risks
Experience with information security policies, processes, and standards as they apply to the energy and utility industry preferred
Ability to lead a project from concept through implementation and anticipate potential problems
Experience with security frameworks and standards such as NIST 800, Cyber Security Framework, C2M2, etc.
Familiarity with information security regulation as it applies to the energy and electric utility industry a plus, especially NERC CIP
Experience with PCI DSS controls and assessments
3 years experience in positions directly related to risk assessment, information security, information technology
Industry certifications highly preferred (CISSP, CISA, CISM, GIAC)
Support enterprise in all aspects of information security administration; trusted to handle confidential situations and data;
Build and maintain strategic partnerships with key business stakeholders to apply knowledge of the business and appropriate best practices for the purpose of streamlining business processes, reducing costs, and improving customer satisfaction while increasing our overall security posture
Work with business partners to assess and identify potential cyber risks and recommend solutions to address threats to the company and its customers
Educate business partners to understand and apply information security concepts, processes, and technologies
Analyze business data use processes against vulnerabilities and threats and counsel business units on consequences
Conduct risk assessments on business partner environments, compare to known standards, and communicate metrics to influence security growth
Audits business unit security activities to ensure compliance with all corporate information security policies and procedures
Evaluate industry best practices and regulatory requirements for applicability to Southern Company
Understand, relate and transform cyber security best practices and regulatory requirements into information security policy, standards, procedures and requirements
Plan, coordinate, and lead information security projects
Influence the utility industry’s creation, adoption and implementation of information security practices by participating in and leading industry forums, events, and committees
United States citizenship is required
Must be able to pass background requirements
This position requires frequent (up to 10%) travel to office locations. Overnight travel is expected.
Southern Company (NYSE: SO) is America's premier energy company, with 44,000 megawatts of generating capacity and 1,500 billion cubic feet of combined natural gas consumption and throughput volume serving 9 million electric and gas utility customers through its subsidiaries. The company provides clean, safe, reliable and affordable energy through electric utilities in four states, natural gas distribution utilities in seven states, a competitive generation company serving wholesale customers across America and a national recognized provider of customized energy solutions, as well as fiber optics and wireless communications. Southern Company brands are known for excellent customer service, high reliability and affordable prices that are below the national average. Through an industry-leading commitment to innovation, Southern Company and its subsidiaries are inventing America's energy future by developing the full portfolio of energy resources, including carbon-free nuclear, 21st century coal, natural gas, renewables and energy efficiency, and creating new products and services for the benefit of customers. Southern Company has been named by the U.S. Department of Defense and G.I. Jobs magazine as a top military employer, recognized among the Top 50 Companies for Diversity by DiversityInc, listed by Black Enterprise magazine as one of the 40 Best Companies for Diversity and designated a Top Employer for Hispanics by Hispanic Network. The company has earned a National Award of Nuclear Science and History from the National Atomic Museum Foundation for its leadership and commitment to nuclear development and is continually ranked among the top utilities in Fortune's annual World's Most Admired Electric and Gas Utility rankings. Visit our website at www.southerncompany.com.
Southern Company is an equal opportunity employer where an applicant's qualifications are considered without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity or expression, or any other basis prohibited by law.
Job Field: Information Technology
Job Type: Standard
Primary Location: Georgia-Metro Atlanta-Atlanta
Operating Company: Southern Company Services
Job Type: Standard
Travel (Up to...): Yes, 25 % of the Time
Georgia Power Headquarters - 241 Ralph McGill Blvd. NE (241ATLANTA)
241 Ralph McGill Blvd. NE
Req ID: SCS2008082