Senior Cybersecurity Analyst - Risk, GRC And Controls
- Full-Time
- Miami, FL
- NextEra Energy
- Posted 2 years ago – Accepting applications
Requisition ID: 61643
Our reliability is one of the best in the nation, and we’re working to make it even better. We live here too. That’s why we’re committed to making Florida a better place. Join our team today Learn more
Position Specific Description
We're looking for a highly skilled Cybersecurity Analyst to join our cyber risk team within the NextEra cybersecurity program.
NextEra’s cyber risk team analyzes complex risks from our multiple platforms, programs, and domains, which are all processed through our GRC platform. Our mission is to deliver cybersecurity analysis, risk evaluations, security services to BU, and enterprise customers. In this role, you will 1) join a team of cyber risk analysts and continuously improve the current processes. You will 2) help balance company resources while still maintaining a high level of deliverables across an array of risk technology platforms and data sets. You will 3) participate as a member of highly skilled team to collaborate with Product Management, Education & Awareness, Data Science, and Security Architecture to improve and remediate internal risks. You will also 4) add value to the team by building positive long-term relationships with key stakeholders across all of NextEra Energy.
Highly desired qualifications include:
- Experience with assessing third party risks associated with a diverse group of vendors, experience could include;
- Exceptions Management, Issues Management, Risk Register, 3rd Party
- Strong experience working with GRC platforms and data sets
- Experience, or background working with IT SOX Controls, Critical Systems Architecture, SSAE16 or 18, HIPPA, etc.
- Strong communications abilities both written and verbal
- Strong process control experience - Prefer a Six Sigma or Lean belt – Yellow or Green
- Ability to operate positively in a team environment
- Critical thinking skills that lead to solutions which can be offered to business leads across the organization to reduce cyber security risks to NEE.
Job Overview
This position will perform ongoing cybersecurity risk reviews for new and existing technologies and services and support ongoing and new cybersecurity projects. The position will contribute to the development, design and implementation of technology solutions to meet business needs. Analysts in this role collaborate with business units and provide direction to protect and secure NextEra Energy networks and technical assets. Individuals will be accountable for the reliability, performance, security, and continuity of IT systems and supported business processes.
Job Duties & Responsibilities
- Provides leadership, influence, vision, and direction to the organization to contribute to achieving the company's goals
- Works with IT leaders to develop overall IT strategy in alignment with business strategy
- Oversees value stream by focusing on cost and risks of technology portfolio to meet business needs
- Supports and fosters innovative technologies to deliver new ideas that enable business transformation
- Ensures high levels of ongoing system and application performance in production environments
- Oversees development of processes and tools to automate code releases from development to operations (DevOps)
- Attracts, develops and retains a high-performing and diverse team
- Establishes and drives technology roadmaps that align with current and future business needs
- Manages third party technical and outsourcing relationships to deliver project and operational support objectives
- Ensures technology processes are conducted in line with applicable standards and company policies
- Performs other job-related duties as assigned
Preferred Qualifications
- Bachelor's Degree - 5 + Years’ Experience
- CISA (Certified Information Systems Auditor)
- CRISC (Certified in Risk and Information System Control)
This job performs ongoing cybersecurity risk reviews for new and existing technologies and services and supports ongoing and new cybersecurity projects. Individuals develop requirements for and implement technical security projects and tools, as well as define the company’s cybersecurity policies and control framework. This position collaborates with the company’s IT department and business units to identify the need for, select, and deploy technical controls to meet specific security requirements. Employees in this role build processes and standards to ensure security requirements continue to be met.
Job Duties & Responsibilities- Administers, operates and monitors NextEra Energy (NEE) information security sensors, logging, alerting and other detection mechanisms to identify and respond to threats
- Acts as subject matter expert for one or multiple assigned cybersecurity technology stacks (e.g., identity and access management, network intrusion detection and prevention, host based security tools)
- Collaborates with security architecture to identify, evaluate and recommend new security technologies for suitability within NEE’s environment and security posture
- Communicates ongoing cybersecurity activities, priorities and risk measurements or mitigations at multiple organizational levels
- Provides guidance for security activities and requirements in the system development life cycle (SDLC) and application development efforts. Participates in organizational projects, as required
- Performs other job-related duties as assigned
- High School Grad / GED
- Bachelor's or Equivalent Experience
- Experience:5+ years
- Certified Information Systems Aud (CISA) certification
Employee Group: Exempt
Employee Type: Full Time
Job Category: Information Technology
Organization: Florida Power & Light Company
Relocation Provided: Yes, if applicable
Where permitted by applicable law, NextEra Energy requires all employees and new hires to be fully vaccinated for COVID-19 or be willing to receive the COVID-19 vaccination on or before the first day of employment.
NextEra Energy is an Equal Opportunity Employer. Qualified applicants are considered for employment without regard to race, color, age, national origin, religion, marital status, sex, sexual orientation, gender identity, gender expression, genetics, disability, protected veteran status or any other basis prohibited by law. We are committed to a diverse and inclusive workplace.
NextEra Energy provides reasonable accommodation in its application and selection process for qualified individuals, including accommodations related to compliance with conditional job offer requirements, consistent with federal, state, and local laws. Supporting medical or religious documentation will be required where applicable and permitted by applicable law. To request a reasonable accommodation, please send an e-mail to recruiting-coordinator.sharedmailbox@nexteraenergy.com, providing your name, telephone number and the best time for us to reach you. Alternatively, you may call 1-844-694-4748. Please do not use this line to inquire about your application status.
NextEra Energy will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information.
NextEra Energy does not accept any unsolicited resumes or referrals from any third-party recruiting firms or agencies. Please see our policy for more information.