At PGE, our work involves dreaming about, planning for, and realizing a smarter, cleaner, more enduring Oregon neighborhood. Its core to our DNA and we haven’t stopped since we started in 1888. We energize lives, strengthen communities and drive advancements in energy that promote social, economic and environmental progress. We’re always on the lookout for people passionate about leading and being a part of teams that are advancing innovative clean energy solutions that are also affordable and accessible to all.

Summary

Join our dynamic Insider Risk Team, where you'll play a crucial role in safeguarding our organization from internal risks. As a Senior Analyst, you'll be responsible for developing, executing, and refining processes to detect and mitigate high-risk insider activities, whether accidental or malicious. You'll collaborate with key stakeholders to identify trends, analyze large data sets, and provide expert guidance on security issues. If you have a keen eye for detail, strong analytical skills, and a passion for protecting critical infrastructure company from internal threats, this role offers an exciting opportunity to lead and innovate within our growing program.

Career Level Summary

Senior - P4:

• Requires specialized depth and/or breadth of expertise

• Interprets internal or external business issues and recommends best practices

• Solves complex problems; takes a broad perspective to identify innovative solutions

• Works independently, with guidance in only the most complex situations

• May lead functional teams or projects

Key Responsibilities

• Develop and perform processes for the Insider Risk Program, including which types of alerts to evaluate, report, respond and remediate steps in collaboration with key Stakeholders.

• Responsible for daily operations and execution of the Insider Risk Program.

• Utilize understanding of Insider Risk principles to identity trends and patterns which can assist the team in the development of new detection rules and models.

• Follow insider threat hunting methodology to validate hypothesis, provide input based on known and unknown threats,

• Build, implement, and mature processes and technologies to detect high-risk insider activities that are accidental or malicious in nature.

Threat Research and Analytics

• Conduct analytical and critical thinking; understand problem set, review facts, make accurate observations and judgments and provide recommendations/reporting.

• Provide advice and expert guidance on security issues affecting business process and procedures exploitable by insiders (both accidental and malicious actions)

• Ability to find patterns or abnormalities in large data sets and/or search results and clearly articulate your findings (e.g., methodology, results, assumptions, constraints) using various suites of tools.

• Manage and maintain detailed investigative information and case documentation

• Recommend strategies to prevent potential insider threat behavior or incidents.

• Monitor and Respond to Suspicious or Disruptive Behavior

Intelligence Gathering and Management

• Ensure analytic processes are executed in accordance with policy, laws, ethical practices, privacy, civil liberties, and whistle blower protections.

• Conduct quality control on all analytic products developed by members of your team.

• Knowledge of open-source information sources and excellent internet research skills.

• Maintain and curate insider risk intelligence tools and platforms to optimize threat data collection and analysis.

• Validate reporting and data provided for accuracy using industry standard toolsets

• Perform self-inspections, identify discrepancies, and report security incidents

Reporting and Communication

• Coordinate and collaborate with the stakeholder groups to remediate/mitigate identified risks.

• Possess excellent organizational skills and ability to communicate effectively both verbally and written

• Ability to properly handle and protect highly sensitive information

• Develop baseline of normal Network Device Behaviors

• Implement User Behavior Analytics tool

• Conduct risk assessments (on a regular basis), including risks to trade secrets, salary data, proposal data, proprietary data, strategic plans, Personally Identifiable Information (PII), and IT systems and servers, etc.

• Develop insider threat analytic reports based off information that is received, information that has been analyzed and insider threat concerns that have been validated against established insider threat thresholds, and guidelines within personnel security.

• Create clear and concise reports and briefings to communicate complex insider threat information to both technical and nontechnical audiences at all levels within the organization (executives, management, other stakeholders).

• Demonstrate excellent written and verbal communication skills.

• Present briefings to personnel/key stakeholders

Leadership

• Senior analyst to take on a leadership role, mentoring other analysts and staying up to date on the insider risk intelligence tools and technologies.

• Work with team of analysts in the identification and development of new processes and techniques to analyze information with the goal of detecting risks and gaps in the areas of people, processes, and technology.

• Ability to work independently and as a team member.

• Requires excellent collaboration/liaison skills to work closely with physical and cyber security Teams, industry experts, internal, and external peers and stakeholders to enhance the Insider Risk Program and continue learning development on behavioral models and detection techniques.

• Creativity and entrepreneur spirit.

• Demonstrate sound judgment and critical thinking

• Ability to adapt and thrive in a fast-paced environment

• Takes the initiative to introduce new ideas and offers solutions to improve efficiency and organization

Required Qualifications

Bachelor’s Degree - in a related field or equivalent work experience.

10 years’ experience with Insider Threat Program; and Information Security and network best practices, with at least 4+ years’ experience providing advice and expert guidance on security issues affecting business process and procedures exploitable by insiders (both accidental and malicious actions).

Willingness to travel.

Understanding of the US energy sector including NIST and CIS standards.

Ability to maintain up to date with changes in security practices.

Valid driver’s license

Preferred Qualifications

3+ years’ experience with security issues, vulnerabilities, regulatory and legal changes, and security standards that may impact Information Security.

Master’s Degree in a related field.

Briefing experience.

Formal training in intelligence analysis.

Insider Threat Program Manager Certification

Competencies

• Develop Self & Others

• Empower to grow

• Collaborate and Share

• Be a role model

• Focus to achieve results

• Be agile

• Technical Skills

Compensation Range:

$104,325.00 - $173,875.00

Actual total compensation, including a performance based incentive bonus, is commensurate with experience, skills, qualifications, education, training, and internal equity. While we anticipate the selected candidate for this position will fall towards the middle or entry point of the compensation range, the decision will be made on a case-by-case basis.

PGE believes in rewarding dedicated performance. We provide a total rewards package that is designed to reward your contributions to the company, and, at the same time, support your well-being and professional development, both now and into the future. To find out more, click here (https://portlandgeneral.com/hrcs5511) .

Join us today and power your potential!

Assisting with storms or other Company emergencies is a part of all positions at Portland General Electric.

PGE is committed to diversity and inclusion in the workplace and is an equal opportunity employer. PGE will not discriminate against any employee or applicant for employment based on race, color, national origin, gender, gender identity, sexual orientation, age, religion, disability, protected veteran status, or other characteristics protected by law.

PGE does not discriminate on the basis of disability. We recognize individuals have a variety of abilities to offer and we believe there is much to value and celebrate by incorporating different abilities into the work we do. One very important way we live this out is in our application and interview process. We work hard to support individuals who may need an accommodation to fully participate in these processes. If you feel you may need an accommodation, or would like to request one, please notify the Talent Acquisition Specialist (Recruiter) associated with the job posting. You may also make this request by contacting talentacquisition@pgn.com or by calling 503-464-7250. The Recruiter will provide information and next steps for the accommodation process. Our Diversity, Equity & Inclusion (DEI) team is also available for support. You can contact them at dei@pgn.com .

To be considered for this position, please complete the following employment application by the posting close date. Posting closes at midnight (Pacific Time) on the closing date below. If no date is listed, job is open until filled.