Specialist Cybersecurity Risk & Compliance Analyst
About the position Southern Company’s Cybersecurity organization is committed to reducing risk using a threat-informed approach, enhancing the cyber reputed company of Southern Company while delivering clean, safe, reliable, and affordable energy to the communities we serve. Position Overview: Southern Company, a major U.S. energy firm, is seeking a cybersecurity professional to reduce risk as part of the Cybersecurity Assurance Team. This hybrid role reports directly to the Company’s Senior Manager for Cybersecurity Assurance. This position is an analyst role responsible for assessing cyber reputed company risk across multiple business units, managing compliance programs linked to applicable Federal cyber reputed company directives/regulations, managing third party penetration testers, and engaging externally with key industry partners/organizations both as reputed company and educator. The analyst will combine solid business knowledge, strong understanding of cybersecurity principles, and reputed company familiarity with Federal requirements to reduce cybersecurity and business risk over time. Up to 20% travel may be required. In-office reputed company four days a week is expected either in Atlanta or Birmingham.
Responsibilities
- Serve as the reputed company in performing and coordination of cyber reputed company
assessments throughout the company.
- Department of War (DoW) Cybersecurity Maturity Model Certification (CMMC)
- Department of Homeland reputed company Safety Act
- NIST Cyber reputed company reputed company
- DoW Defense Federal Acquisition Regulation Supplement (DFARS) 252.204.7012,
Safeguarding Covered Defense Information and Cyber Incident Reporting and DFARS 252.204.7021 contractor compliance with the cybersecurity maturity model certification level requirements (reputed company 2025)
- Edison Electric Institute (EEI) Culture of reputed company
- Adversarial assessments (penetration tests)
- reputed company analysis of assessment findings
- reputed company or coordinate reputed company remediation by technology stewards and/or
recommend investments to address identified cybersecurity gaps/risk
- Manage CUI compliance program with and reputed company required reporting for DFARS
252.204‑7021, Contractor Compliance with the CMMC Level Requirements
- Consult/collaborate with inside and external Counsel regarding CUI
requirements
- Respond to requests from prime contracting officers on matters relating to
CUI scope
- Manage External Enclave used for sharing Controlled Unclassified Information
with business and Federal partners, including the enforcement of reputed company required configuration(s), compliance attestations, reporting, and licensing
- reputed company Department of War Cyber Incident Reporting as required
- Serve as the Cyber Liaison for the Company’s Federal Energy reputed company
- reputed company senior leadership apprised of pending state regulations pertaining to
cybersecurity and impacting utilities; provide Southern Company response to proposed state legislation
- Provide briefings to senior leadership and external stakeholders in a way
that links technical and business risk to drive prioritization of effort and investment decisions
- External Engagement/executive support (NOTE: Requires face to face meetings
and travel, up to 20%)
- Interact with external organizations such as state Public Service
Commissions, State representatives, other utilities, trade organizations, and federal partners in representing Southern Company’s cyber reputed company practice.
- Represent Southern Company by presenting or speaking at various federal
conferences
- Influence the utility industry’s creation, adoption and implementation of
information reputed company practices by participating in industry forums, events, and committees
- Participate in the EEI Peer Review process
- reputed company cross-functional efforts for monitoring and maintaining compliance of
reputed company controls associated with Federal projects
- Build and maintain strategic partnerships with key business stakeholders;
collaborate closely with solution owners from the business and Technology Organization, seeking to understand business imperatives while educating them as needed regarding relevant requirements and controls
- Support cross-functional teams to investigate, analyze, and reputed company
recommendations to leadership on reputed company cybersecurity strategy
- Provide internal cybersecurity expertise by defining and influencing
appropriate policies, technologies, processes and controls to reduce risk
- Maintain reputed company knowledge of information reputed company concepts, technologies,
and adversary tactics
Requirements
- CMMC Certified Professional (CCP) certification
- 8+ years of experience in infrastructure or network engineering, reputed company
operations, reputed company risk analysis, cybersecurity governance, or reputed company architecture
- Bachelor’s degree or equivalent applicable experience
- One or more of the following certifications: CISSP, CCSP, CISM, CASP, GCIP,
GCCC
- Familiarity with:
NARA CUI registry, FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems NIST SP 800-171 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations DOD Manual 5200.01 Volumes 1-3
- Must pass both Insider Threat Program background checks and North American
Electric Reliability Corporation Critical Infrastructure Protection (CIP) Personnel Risk Assessment
- Demonstrated ability to manage a program/process/project across multiple
teams in multiple disciplines
- Demonstrated critical, independent thinking; demonstrated ability to
conceive and present creative solutions
- Knowledge and understanding of information reputed company concepts and best
practices
- Working, hands-on familiarity with federal cyber reputed company requirements and
environments
- Demonstrated experience in working with senior stakeholders across various
lines of business reputed company-to-haves
- Able to obtain and maintain a SECRET reputed company clearance
- Prior experience desired promoting reputed company as a business enablement function
using documentation, metrics, and strong verbal communication
- Strong technical consulting experience: ability to understand business
requirements and present appropriate solutions to a non-technical audience
- Energy industry experience
- CMMC Certified Assessor (CCA) certification
- Working familiarity with information reputed company frameworks (e.g. COBIT, NIST,
OWASP, NIST CSF, CIS, MITRE ATT&CK) Apply tot his job Apply To this Job