Job Description

Cybersecurity Risk Assurance Analyst- ARB Coordinator (Atlanta or Birmingham)

Description

At Southern Company, our core objective is to ensure a safe and reliable computing environment for the consumers of our services, both internally and externally. Our complex environment generates a constant stream of challenges which require continual innovation with an evolving set of technologies. Keeping the network safe and reliable ensures that our users stay connected with our applications, products and services.

Position Overview:

This role is within the Southern Company Technology Security organization and reports directly to Southern Companys Cybersecurity Assurance Manager. This position is an analyst role responsible for coordinating Security Architecture Review, Technology Securitys risk-based approach to evaluating new technology solutions proposed by the business. The Coordinator will combine broad cybersecurity and technology domain knowledge to reduce cybersecurity risk prior to solution go live.

Working closely with business owners, the Coordinator will evaluate planned technology solution designs, identifying necessary integration points with Southern information assets and appropriate security controls based on existing Technology Organization policy, requirements, and security best practices. She or he will then engage other security subject matter experts for focused assessment and feedback, enabling iterative design improvement and final validation by a panel of Technology Security architects and Technology Organization representatives.

Job Responsibilities:

* Collaborate closely with solution owners from the business, seeking to understand busines imperatives while educating them as needed regarding relevant requirements and controls

* Manage a review process involving multiple teams, balancing the need for varied input with the need to finalize designs in a timely manner

* Evaluate proposed technology solution designs, leveraging familiarity with:

* The Companys technology ecosystem

* Available security tools/controls

* Technology Organization requirements and industry security best practices

* Common adversary tactics/techniques

* Continuously improve the Security Architecture Review process, addressing both pain points and looming opportunities

* Collect metrics and leverage regular reporting to highlight both wins and shortfalls to management and key stakeholders

* Collaborate with other Technology Organization governance process owners to ensure alignment as well as low-friction and seamless interaction with the customer (business)

* Proactively engage with key Technology Organization teams regarding the Security Architecture Review process to enable more effective collaboration and to solicit feedback

* Support cross-functional teams to investigate, analyze, and make recommendations to leadership on current security strategy

* Maintain current knowledge of information security concepts, technologies, and practices

Requirements and qualifications:

* Demonstrated ability to manage a program/process across multiple teams in multiple disciplines

* Prior experience advocating security policies, practices, controls, and standards to business and IT teams, internally and externally to the organization

* Prior experience promoting security as a business enablement function using documentation, metrics, and strong verbal communication

* Strong technical consulting experience: ability to understand business requirements and present appropriate solutions to a non-technical audience

* Demonstrated critical, independent thinking; demonstrated ability to conceive and present creative solutions

* Knowledge and understanding of information security concepts and best practices, especially around identity and access management

* Energy industry experience desirable

* Working familiarity with information security frameworks (e.g. COBIT, NIST, OWASP, CIS, MITRE ATT&CK) preferred

* 5 years in security risk analysis, governance, compliance, or architecture preferred

* Bachelors degree or equivalent applicable experience required

* One or more of the following certifications is desirable: CISSP, CCSP, CISM, public cloud architecture certification (e.g. Azure Solutions Architect), CompTIA Cloud

* United States citizenship is required

* Must pass NERC CIP & Insider Threat Program background checks

LI

With 4.4 million customers and more than 46,000 megawatts of generating capacity, Atlanta-based Southern Company is the premier energy company serving the Southeast through its subsidiaries. A leading U.S. producer of clean, safe, reliable and affordable electricity, Southern Company owns electric utilities in four states and a growing competitive generation company, as well as fiber optics and wireless communications. Southern Company brands are known for energy innovation, excellent customer service, high reliability and retail electric prices that are below the national average. Southern Company and its subsidiaries are leading the nation's nuclear renaissance through the construction of the first new nuclear units to be built in a generation of Americans and are demonstrating their commitment to energy innovation through the development of a state-of-the-art coal gasification plant. Southern Company has been recognized by the U.S. Department of Defense and G.I. Jobs magazine as a top military employer and listed by DiversityInc as a top company for Blacks. The company received the 2012 Edison Award from the Edison Electric Institute for its leadership in new nuclear development, was named Electric Light & Power magazine's Utility of the Year for 2012 and is continually ranked among the top utilities in Fortune's annual World's Most Admired Electric and Gas Utility rankings. Visit our website at http://www.southerncompany.com/

We offer a competitive compensation package. Equal Opportunity Employer.

Job Field: Information Technology

Job Type: Standard

Primary Location: Georgia-Metro Atlanta-Atlanta

Operating Company: Southern Company Services

Other Locations: Alabama-Metro Birmingham/Eastern AL-Birmingham

Job Type: Standard

Travel (Up to...): Yes, 25 % of the Time

Work Location(s):

Georgia Power Headquarters - 241 Ralph McGill Blvd. NE (241ATLANTA)

241 Ralph McGill Blvd. NE

Atlanta, 30308

APC Corporate Headquarters - 600 North 18th Street (600BIRMINGHAM)

600 North 18th Street

Birmingham, 35203

Req ID: SCS2009198