Job Information
FirstEnergy Corp Cyber and Information Security Analyst - Cyber Security & TSOC in Akron, Ohio
JOB DESCRIPTION
About the Opportunity
FirstEnergy (NYSE: FE) is dedicated to integrity, safety, reliability and operational excellence. Headquartered in Akron, Ohio, FirstEnergy includes one of the nation's largest investor-owned electric systems, more than 24,000 miles of transmission lines that connect the Midwest and Mid-Atlantic regions, and a regulated generating fleet with a total capacity of more than 3,500 megawatts. We are a forward-thinking electric utility powered by a diverse team of employees committed to making customers' lives brighter, the environment better and our communities stronger.
This position is within FirstEnergy Service Company, a subsidiary of FirstEnergy Corp. reporting to the Manager of Cyber Security Policy.
This position's is in Akron, Ohio but has remote work opportunities while the person must be able to reach the FirstEnergy HQ facility based on business need within one hour travel time. This position may, subject to conditions and availability, qualify to be filled under the same terms but report to a regional office in Greensburg PA, Holland (Toledo) OH, Holmdel NJ, or Reading PA instead.
The Cyber and Information Security Analyst works across all FirstEnergy subsidiaries and business units to protect the cyber assets of FirstEnergy. We seek a knowledgeable individual well-versed in current cyber security and information security strategies with skills to effectively apply such strategies to a large, dynamic, heterogeneous landscape.
Responsibilities include
Act as a subject matter expert (SME) between cybersecurity and the business units in the development of appropriate policies, standards, and frameworks
Continuously monitor trends to anticipate and plan for future impact of cyber risk on a specific business unit (BU) or function
Follow all risk remediation protocols to ensure issues are mitigated, risks are accounted for, and exceptions are tracked in accordance with frameworks, policies and standards set by the organization
Educate stakeholders on cybersecurity-related matters to increase awareness and improve culture
Performs focused information risk assessments of existing or new services and technologies, along with business counterparts
Identifies and facilitates implementation of appropriate controls to effectively manage cyber and information risks as needed
Understand software and system vulnerability processes, manage vulnerability patches through a process lifecycle, and perform vulnerability assessments on systems and services
Qualifications
Bachelor's Degree in Computer Science, Information Security, or similar discipline is preferred
A minimum of 10 years professional-level experience and subject matter expert knowledge in at least one major cyber security discipline required
Ability to identify and assess the severity and potential impact of risks. Communicate risk assessment findings to risk owners outside the cybersecurity program in a way that consistently drives objective, fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance
Familiarity with common cyber security related tools such as vulnerability scanners (Tenable preferred), ServiceNow IRM and GRC, Microsoft Power Automate, Microsoft Power BI, and other similar toolchains
Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one