Get Into Energy Jobs

Job Information

Exelon Sr. Analyst, OT Security Governance - HYBRID in WASHINGTON, District Of Columbia


We're powering a cleaner, brighter future.

Exelon is leading the energy transformation, and we're calling all problem solvers, innovators, community builders and change makers. Work with us to deliver solutions that make our diverse cities and communities stronger, healthier and more resilient.

We're powered by purpose-driven people like you who believe in being inclusive and creative, and value safety, innovation, integrity and community service. We are a Fortune 200 company, 19,000 colleagues strong serving more than 10 million customers at six energy companies -- Atlantic City Electric (ACE), Baltimore Gas and Electric (BGE), Commonwealth Edison (ComEd), Delmarva Power & Light (DPL), PECO Energy Company (PECO), and Potomac Electric Power Company (Pepco).

In our relentless pursuit of excellence, we elevate diverse voices, fresh perspectives and bold thinking. And since we know transforming the future of energy is hard work, we provide competitive compensation, incentives, excellent benefits and the opportunity to build a rewarding career.

Are you in?


JOB EXPECTATION: Engage in job duties outlined below, to reduce risk exposure in areas of cyber and physical security; and to promote our mission of safeguarding the people, property, reputation and shareholder value of the corporation. PURPOSE Collaborate, verify, advise, and communicate with Corporate Functional Area Managers (CFAMs) related to Management Model document updates, ensuring consistency. Facilitate Peer Group Meetings in order to determine appropriate actions. Update and socialization of program documents, policies, and procedures. Responsible for the day-to-day execution and maintenance of security exceptions. Maintain, track, and review security exception to clearly assess risks to established security procedures. Maintain, track, and review security exception remediations to ensure proper measures are taken place where applicable. Perform, track, and document controls certification results. Manage Security Controls Program (SCP) Remediation Project Plans. Update job aids to accommodate changes and test prior to implementation to ensure quality messaging. Provide the business and technical team with a more holistic view of risk, regarding the system or technology of interest. Design and distribute change management materials with respect to security controls certification, exceptions, and remediation. Identify possible controls, countermeasures, and safeguards that can reduce the risk exposure to an acceptable level. Perform document risk analysis. Interact with internal business stakeholders to define, execute, and deliver appropriate analysis. Process ad-hoc requests for security exception reporting and analysis.


  • Drive and execute relevant Management Model document update activities

  • Respond to, approve, and dispatch security exception requests, including the risk assessments of those exceptions, in a timely manner

  • Process security exceptions and perform risk analyses and remediation (where applicable) for those exceptions

  • Track and document certification results analysis


  • Interact with internal stakeholders to deliver risk analyses and perform related tasks

  • Work under minimal supervision, following standard procedures to accomplish assigned tasks



  • Bachelor's degree or in lieu of a degree, 6-9 years of relevant experience.

  • 4-7 years of experience in security, risk, or related technical fields

  • Strong communication skills, both written and oral

  • Strong analytical and problem-solving skills with the ability to analyze data, identify opportunities, determine solutions, identify and obtaining needed resources, and execute to completion

  • Knowledge of PC/desktop workstation applications: Microsoft Word, Excel, Outlook, PowerPoint

  • Knowledge of security concepts, terminology, and tools

  • Advanced technical knowledge of databases, database queries, and database reporting


  • Advanced degree

  • Experience with managing cybersecurity requirements with GRC

  • Certification: Information Systems Audit and Control Association (ISACA), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), SANS, and other related technical certifications

  • Relevant security certifications (CISSP, SABSA, GIAC, GICSP, CSSA, GCIP)

  • At least 5 years of experience as part of an electric utility

  • Demonstrated experience and subject matter knowledge of SCADA, ICS, Distribution Automation, Smart Grid, DMS, and EMS systems architecture.

  • Demonstrated knowledge and experience in the implementation of NIST cyber security framework.

  • Ability to demonstrate analytical skills, technical knowledge, and practical application of cyber and information security principles to business leaders and technical staff.

    REQNUMBER: 250774-OTHLOC-8610020116

Exelon is proud to be an equal opportunity employer and employees or applicants will receive consideration for employment without regard to: age, color, disability, gender, national origin, race, religion, sexual orientation, gender identity, protected veteran status, or any other classification protected by federal, state, or local law. If you are an individual with a disability and need an accommodation to complete the application, please email us at