Cyber & Information Security Analyst

FirstEnergy at a Glance

We are a forward-thinking electric utility powered by a diverse team of employees committed to making customers’ lives brighter, the environment better and our communities stronger.

FirstEnergy (NYSE: FE) is dedicated to integrity, safety, reliability and operational excellence. Headquartered in Akron, Ohio, FirstEnergy includes one of the nation's largest investor-owned electric systems, more than 24,000 miles of transmission lines that connect the Midwest and Mid-Atlantic regions, and a regulated generating fleet with a total capacity of more than 3,500 megawatts.

About the Opportunity

This is an open position with FirstEnergy Service Co., a subsidiary of FirstEnergy Corp. [SC00]

This position’s base reporting location is in Wadsworth Township, Ohio, and reports to the Manager of Cyber Security Compliance. This position is eligible for FirstEnergy’s Flexible Workplace program and may be performed 100% remote with infrequent multi-day trips to the Akron, Ohio area as needed (a few times per year). The Cyber and Information Security Analyst works closely with the Cyber Security teams and across all FirstEnergy subsidiaries and business units to protect the cyber assets of FirstEnergy. We seek an individual experienced with current cyber security and information protection strategies with the skills to effectively apply such strategies to a large, dynamic, heterogeneous landscape, in support of compliance and regulatory requirements.

Responsibilities include:

Act as a subject matter expert (SME) between Cyber Security Compliance, IT, and others business units in the development of appropriate policies, standards, and frameworks as relates to federal, state, and internal compliance requirements

Support FirstEnergy’s compliance with NERC CIP, protecting the Bulk Electric System.

Follow all risk remediation protocols to ensure issues are mitigated, risks are accounted for, and exceptions are tracked in accordance with frameworks, policies and standards set by the organization

Educate stakeholders on Cyber Security Compliance-related matters to increase awareness and improve culture

Interpret new and modified regulatory standards and work with stakeholders to implement and maintain compliance programs

Participate in the standards drafting process, when appropriate, to make certain the company’s best interests are represented

Oversee and guide ongoing compliance, evidence collection, and audit support by business units

Qualifications:

Bachelor's Degree in Computer Science, Information Security, Corporate Compliance, or similar discipline is preferred. A bachelor’s degree in another field with relevant industry experience in cyber/information security will be considered.

Familiarity with the NERC CIP standards a plus

Ability to identify and assess the severity and potential impact of risks. Communicate risk assessment findings to risk owners outside the cyber security program in a way that consistently drives objective, fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance.

Effective communication skills which include creating and delivering reports, presentations, briefs, and training sessions. Must compose well-written, professional documents with minimal editorial and proofing support.

Familiarity with web based GRC tools (ServiceNow IRM and GRC, AssurX CATSWeb, etc.) and related compliance processes

Previous compliance audit experience a plus

Translate technical output from systems and assessment tools into understandable reports and action plans

Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate option

An ability to work on several tasks simultaneously and pay attention to sources of information from inside and outside one’s network within an organization.

An ability to effectively influence others to reassess their opinions, plans or behaviors.

Ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative and actionable manner.

Infrequent business travel to Akron, OH may be required.