Get Into Energy Jobs

Job Information

Portland General Electric IRM Cyber Security Analyst / Senior IRM Cyber Security Analyst in Portland, Oregon

This is an exciting time to join Portland General Electric. As Oregon’s largest electric utility, Portland General Electric is leading an energy transformation that will harness the power of clean and renewable resources. Our vision for a clean energy future relies on three interrelated and overarching strategies: de-carbonize through investing in clean and reliable energy; modernize through a smarter more resilient grid; and empower our customers in their energy technology choices.

We’re searching for innovative, customer and results-obsessed leaders to help power our mission and lead the way in championing the world’s clean energy future!

This position is posted at 2 levels.

IRM Cyber Security Analyst / Senior IRM Cyber Security Analyst

Evaluates, tests, recommends, develops, coordinates, monitors and maintains information systems (IS) and cyber security policies, procedures and systems, including access management for hardware, firmware and software. Ensures that IS and cyber security architecture/designs, plans, controls, processes, standards, policies and procedures are aligned with IS standards and overall IS and cyber security. Identifies security risks and exposures, determines the causes of security violations and suggests procedures to halt future incidents and improve security. Develops techniques and procedures for conducting IS and cyber security risk assessments and compliance audits; evaluation and testing of hardware, firmware and software for possible impact on system security; and the investigation and resolution of security incidents. Implements IS and cyber security policies and takes measures against intrusion, frauds, attacks or leaks

Job Function - Information Risk Management

Design information systems security infrastructure. Develop policies and procedures to prevent unauthorized access. Educate and communicate security requirements and procedures to users and new employees. Ensure compliance with regulations and privacy laws. May oversee internal or external systems security (i.e., cloud services). Needs may include performance in the capacity of analyst, auditor or consultant.

This position is posted at two levels.

Key Job Information – IRM Cyber Security Analyst

Requires in-depth knowledge and experience. Uses best practices and knowledge of internal or external business issues to improve products or services. Solves complex problems; takes a new perspective using existing solutions. Works independently; receives minimal guidance. Acts as a resource for colleagues with less experience

Key Responsibilities

  • Develop and Communicate Policy and Standards - Advises internal business and IT stakeholders on information security requirements, policies and standards. Assists in promoting awareness of security issues among management and employees. Explains the purpose of and provides advice and guidance on the application and operation of physical, procedural and technical security controls. Contributes to the development and update of information security policies and processes

  • Risk Assessment - Performs security risk, vulnerability assessments and business impact analysis for medium complexity information systems. Identifies observed or emerging security exposures that create potential threats to infrastructure, systems or data. Prepares reports of findings.

  • Tracking and Reporting - Monitors and follows up to ensure that appropriate mitigation and remediation actions have been taken on risk-assessment findings. Gathers and creates information security metrics reports for management using appropriate visualization techniques.

  • Vendor Risk Management - Conducts technical and policy-based information security risk reviews of third-party vendors. Reviews RFPs to ensure information security requirements are fully and correctly stated

Education / Experience

  • Requires a bachelor’s degree in computer science, information systems or other related field or equivalent experience preferred.

  • Typically, five or more years in related field.

Key Job Information - Senior IRM Cyber Security Analyst

Requires specialized depth and/or breadth of expertise. Interprets internal or external business issues and recommends best practices. Solves complex problems; takes a broad perspective to identify innovative solutions. Works independently, with guidance in only the most complex situations. May lead functional teams or projects.

Key Responsibilities

  • Develop and Communicate Policy and Standards - Advises internal business and IT stakeholders on information security requirements, policies and standards. Promotes awareness of security issues among management and employees. Provides information to management regarding the negative impact of the business caused by noncompliance with security standards and requirements. Contributes to other risk, security and privacy initiatives across the company by providing information risk management expertise. Contributes to the development and update of information security policies and processes.

  • Risk Assessment - Obtains and acts on vulnerability information and conducts security risk assessments, business impact analysis and accreditation on complex information systems. Identifies analyzes, investigates and reports information system threats. Provides advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards. Provides expert advice and direction to colleagues.

  • Tracking and Reporting - Monitors and follows up to ensure that appropriate mitigation and remediation actions have been taken on risk- assessment findings. Gathers, creates and presents information security metrics to middle, senior and executive management levels using appropriate visualization techniques.

  • Vendor Risk Management - Leads or conducts technical and policy-based information security risk reviews of significant or key third-party vendors. Reviews RFPs to ensure information security requirements are fully and correctly stated.

Education/Experience/Certifications

  • Requires a bachelor’s degree in computer science, information systems or other related field or equivalent experience preferred.

  • Typically, eight or more years in related field.

Competencies – Both Levels

  • Intermediate / Advanced knowledge of information system risk management principles and best practices.

  • Intermediate / Advanced knowledge of Windows, UNIX and network administration

  • Intermediate / Advanced knowledge of hardening systems.

  • Intermediate knowledge of network and communication systems and equipment.

  • Intermediate knowledge of PC and productivity software.

  • Working / Advanced knowledge of the utility industry.

  • Intermediate / Advanced knowledge of relevant technology standards (e.g., ISO, ITIL, OBIT, NIST) Intermediate / Advanced knowledge of security issues, techniques and implications across all existing computer platforms.

  • Intermediate / Advanced knowledge of hardware and software products that enhance the security of systems, such as intrusion prevention systems (host and network based), firewalls, security event management systems, port scanning and vulnerability identification, monitoring and logging mechanisms.

  • Intermediate / Advanced knowledge of security architecture models and principles Intermediate skill in using a variety of visualization techniques to effectively present information.

  • Intermediate / Advanced ability to communicate security and risk-related concepts to technical and nontechnical audiences, including all levels of management both orally and in writing.

Join us today and power your potential!

To be considered for this position, please complete the following employment application by the posting close date. A cover letter may be needed with your application to be considered for this position.

PGE believes in rewarding strong performance. We provide a total compensation package that is designed to reward your contributions to the company, and, at the same time, support your well-being and professional development, both now and into the future.

PGE is committed to diversity and inclusion in the workplace and is an equal opportunity employer. PGE will not discriminate against any employee or applicant for employment based on race, color, national origin, gender, gender identity, sexual orientation, age, religion, disability, protected veteran status, or other characteristics protected by law.

Assisting with storms or other Company emergencies is a part of all positions at Portland General Electric.

Talent Acquisition Contact:

Staffing@pgn.com

This job posting will close at 12:01 am Pacific Time on the closing date listed below:

At Portland General Electric, we’re innovators, builders, and achievers. We’re committed to powering our customers’ potential and making a difference for our community and the planet. Today, that commitment includes developing an intelligent and resilient electric grid, electrifying transportation and de-carbonizing the energy sector.

We’re proud to deliver an exceptional experience to help our customers thrive. Our mission is to make clean, reliable and affordable energy services available to all. We obsess over serving customers and are committed to growing employee career paths with purpose. Equity and inclusion are core business values; we celebrate our differences and are committed to developing teams that reflect the communities we serve.

DirectEmployers