Easter Seals Jobs

Title: Senior Cybersecurity Risk Specialist

Department: Cybersecurity Governance, Risk and Compliance

Location:

Sacramento, CA, US, 95817

Category: Information Technology/Telecommunications

Minimum Pay Rate: $125,694.40

Maximum Pay Rate: $166,483.20

Limited Term Position: No

Civil Service Status: Civil Service

Apply by Date: 07/28/2024

Posting Type: Open

SMUD invites you to join the high performing Cybersecurity Governance, Risk and Compliance team as a Senior Cyber Security Risk Specialist. In this position you will act as a Compliance Liaison for designated NERC CIP standards, performing validation and tracking of calendar based and event driven tasks to ensure compliance with assigned standards. Work with Subject Matter Experts (SMEs) across the organization to document and diagram processes to support compliance with new and existing NERC CIP standards. You will help maintain SMUD's CIP Compliance tool by creating and tracking automated workflows and reports in support of SMUD's cyber security posture and compliance with NERC CIP Standards. You will work with the CIP Governance team to evaluate security controls for effectiveness and make recommendations to mitigate potential failure points. Working closely with Subject Matter Experts and SMUD's Reliability Compliance and Coordination department, you will facilitate the collection of evidence and the development of documentation to demonstrate SMUD's compliance with NERC CIP Standards.

Purpose

Leads specialized enterprise-wide cybersecurity risk management to assist with maintaining an acceptable level of cyber and privacy risk while ensuring cybersecurity resilience of SMUD’s IT and OT systems, information, and network infrastructure. The cybersecurity risk specialist is responsible for assisting in the development and delivery of a comprehensive security and privacy risk management framework and the evaluation of defense-in-depth layering of security principles and controls to reduce and manage IT/OT risks and ensure the protection of SMUD’s people, processes, and technology.

Nature and Scope

This series is comprised of four levels: Level "E" is the entry level where incumbents acquire knowledge, skills and abilities to perform the tasks associated within the series. The incumbent is promoted/progressed to level "J" upon demonstrating the required skills and knowledge to independently perform the full scope of the job. The Senior "Sr" level is comprised of the advanced journey level resource who is responsible for advanced assignments. The Principal level is comprised of the subject matter expert/lead level and is responsible for leading the most advance work. Promotion to the Senior or Principal levels are not through a progression and will happen through SMUD's standard civil service hiring process.

This is a progressive series and incumbents hired at the entry level are required to successfully progress to the journey level within 60 months of appointment to remain within the job series.

Duties and Responsibilities

• Protection – Leads in the oversight and management of the organization’s cybersecurity and privacy risk management framework and processes. Evaluate defense-in-depth implementation and effectiveness of physical, technical, and administrative controls to protect SMUD’s IT and OT cyber assets.

• Risk Assessment – Guides the analysis and development recommendations of risk that considers the impact and likelihood of impairment or destruction of systems, and the cost effectiveness of countermeasures to enable executives and directors to make informed decisions for managing organizational-wide cybersecurity and privacy risks to people, processes and technology.

• Risk Effectiveness – Leads in the conducting of comprehensive assessment of implemented controls and control enhancements to determine the effectiveness of the controls (i.e., the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security and privacy requirements for systems and the organization).

• Risk Correction – Oversees the assessment of the severity of the deficiencies discovered in SMUD systems, environment of operation, and common controls and can recommend corrective actions to address the identified vulnerabilities.

• Directive – Leads as the common cybersecurity risk management resource for executives and directors and ensures that risk considerations for systems are viewed from an organization-wide perspective regarding the organization’s strategic goals and objectives in carrying out its core purpose and business functions.

• Strategy – Guides and implement an organization-wide risk management strategy that provides a strategic view of security risks for the organization and that guides and informs organizational risk decisions (including how risk is framed, assessed, responded to, and monitored over time)

• Threat Identification & Management – Leads in the identification of the organizational cybersecurity and privacy risk posture based on the aggregated risk from the operation and use of systems and the respective environments of operation. Manages threat, vulnerability, and security and privacy risk (including supply chain risk) information for organizational systems and the environments in which the systems operate.

• Communication - Supports an organization-wide forum (e.g. ERM and EROC) to consider all sources of risk (including aggregated risk) to SMUD’s operations, people, processes, and technology.

• Accountability - Ensures shared responsibility for supporting organizational purpose and business functions using external providers receives the needed visibility and is elevated to appropriate decision-making executives and directors.

• Other related duties as assigned

Required Education

• Bachelor's degree in Cybersecurity, Information Security, Information Technology or other closely related field (i.e Computer Science or Systems Engineering) or equivalent experience.

Required Experience Qualifications

• Five (5+) or more years of progressively relevant professional or technical experience in cybersecurity and/or information security.

Knowledge Of

Principles and practices of cybersecurity and information technology systems, security engineering, design, development, analysis, testing and security administration. Advanced methods and techniques of evaluating security and privacy requirements and developing secure solutions for SMUD systems. Methods and techniques of developing data security, integrity, backup and recovery processes. Project management methodologies. Principles and practices of systems and procedures analysis and design. English composition and business writing and vocabulary standards; methods and techniques for report preparation and writing; methods and techniques for record keeping; modern office practices and procedures.

Skills To

Problem solve, analytical and troubleshooting capabilities; ability to learn new skills quickly with minimal guidance; ability to achieve project schedules and milestones; work in a team environment with aggressive deadlines and multiple priorities while staying a team player; facilitation and presentation skills; strong verbal and written communication skills as well as strong interpersonal skills; ability to listen, learn, speak up, and mentor; attention to detail; skill to work with different groups and diverse projects as a partner; skill to perform privacy and/or security reviews including regulatory and industry assessments, risk analyses, information inventory and data mapping, vendor management security assessments, and additional privacy or cybersecurity compliance related projects.

Desirable Qualifications

• 3 or more years of experience in Critical Infrastructure Protection reliability compliance with

• Strong knowledge of NERC CIP Reliability Standards.Current or previous experience working with computer hardware, virtualization technologies, network infrastructure and/or security tools

• Excellent verbal and written communication skills

• Experience developing policies, procedures, plans and diagramming processes

• Experience developing presentations and presenting in a group environment

• Expert level knowledge of SQL databases, coding and/or scripting

• Certifications: GCIP, CISSP, CISA, CISM, CRISC, GCIH, CPP, VCTA, CCNA, CEH, or other relevant Cyber Security certifications.

• Education: bachelor's or master's degree in Electrical Engineering or Computer Science

Required Licenses/Certificates

• Professional certifications with an emphasis on Cybersecurity, Information Security, or Audit (e.g., CISSP, GSLC, GCIP, CASP, CRISC, CIPP, CIPT, CAP, GSEC, GICSP, SSCP, CCSP, CSSLP, GSNA, CISM, CISA, CIA, CompTIA Security+) required or must be able to obtain and maintain an industry recognized certification within one year of hire.

Physical Requirements

Applicants must be able to perform the essential job functions with or without a reasonable accommodation.

Sacramento Municipal Utility District (SMUD) - Who We Are

As the nation's sixth-largest community-owned electric service provider, we're proud of our reputation as one of the best places to work in Sacramento. Our employees tell us in our engagement surveys they're "Happy, satisfied and engaged" which helps create a workplace that best serves our customers. Sacramento was named as the 2nd happiest place to work in America by Forbes Magazine. Lake Tahoe, San Francisco and the world-renowned Napa Valley are within easy driving distance of our locations.

Our Commitment to Diversity & Inclusion

SMUD celebrates diversity, and inspires an inclusive culture based on trust and respect to create belonging and connection among our employees, customers, and communities. By working together, we are powering positive, equitable opportunities for all. We aspire to be a workplace where you can be yourself, achieve your best, and thrive together.

An example of our commitment to Diversity, Equity, Inclusion, and Belonging is when SMUD signed the California Equal Pay Pledge in 2020. This requires equal pay for employees who perform “substantially similar work,” when viewed as a composite of skill, effort, and responsibility at the time those employees started within that classification. As such, initial hiring salary range is not subject to negotiation and salaries will vary over time based on performance.

SMUD is proud to be an equal opportunity employer. We do not discriminate in employment decisions on the basis of race, color, religion, gender (including pregnancy), national origin, political affiliation, sexual orientation, gender identity or expression, marital status, disability, genetic information, age, veteran status, or any other applicable legally protected characteristic. All employment decisions are made on the basis of individual qualifications, merit, and business needs and interests.

Why Sacramento, California?

The capitol of California, Sacramento is the state's sixth-largest city, and the 35th largest in the U.S. Local universities include California State University, University of the Pacific's McGeorge School of Law, and the University of California, Davis and several competitive community colleges. The UC Davis Medical Center, a world-renowned research hospital, is one of more than a dozen hospitals and shared services centers in the Sacramento region. Part of the agriculturally-rich Central Valley, Sacramento is at the forefront of the farm-to-fork food movement. Northern California is home to some of the country's top technology companies, including Google and LinkedIn, and a multitude of startups in many industries. Sacramento is home to the NBA Kings, the River Cats (AAA baseball), the Republic FC (soccer) and the San Francisco Giants, NBA Warriors and NFL 49er's aren't far away. Sacramento offers an affluent liberal arts community with Broadway, Mondavi Center, Crocker Museum and summer musical theater to name a few.

Hybrid Work

This position may be eligible for SMUD's remote work employee benefit, the schedule of which will be determined by the successful candidate and the Hiring Manager. SMUD takes pride in powering the Sacramento region community where we live and work. We value the strong working relationships we develop with our colleagues. Our approach to remote work will continue to evolve. Please be aware that should SMUD’s business needs change, emergencies occur, or various other reasons arise, you may be required to report onsite on a part-time or full-time basis.

Please note the successful candidate must reside in California or be willing to relocate to California prior to starting with SMUD and will be expected to come into the office once per pay period in accordance to our remote work policy.

SMUD provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state and local laws. SMUD complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including, but not limited to, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.

SMUD expressly prohibits any form of unlawful employee harassment based on race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status. Improper interference with the ability of SMUD employees to perform their expected job duties is absolutely not tolerated.

Req ID: 1520