APS
Cyber Information Assurance Analyst II
The Cyber Information Assurance Analyst II is responsible for the design and implementation of information assurance and data security in applications, software, databases, flat files and procedures. Assesses and mitigates data security threats and risks throughout the data life cycle and validates data security requirements through analysis. Operates as the Export Compliance program lead to ensure compliance with U.S. Export laws concerning Technical Controlled Data (TCD) and Non-U.S. Person onsite visitations. Minimum Requirements: - Bachelors' degree in computer science, business administration, finance, accounting, or related field and two (2) years prior relevant experience or equivalent combination of education and directly related experience. Preferred Special Skills, Knowledge or Qualifications: -Risk management and information security experience and a familiarity with the National Institute of Standards and Technology (NIST), Critical Infrastructure Protection (CIP) or Generally Accepted Privacy Principles (GAPP). -Knowledge of information assurance regulations and standards, cybersecurity requirements and control designs, and/or Information Assurance Vulnerability Management (IAVM) program. -Experience in or an ability to maintain and mature a compliance program which specializes in data protection and compliance with U.S. export control regulations. Major Accountabilities: 1) Perform risk management tasks to identify cybersecurity risks, measure the implementation of controls to achieve data protection requirements, and create processes to address gaps or concerns. 2) Follow information security and data protection frameworks to ensure adequate protection procedures exist around APS' sensitive information, with in-depth knowledge on technical controlled information. 3) Provides analysis, design, development, implementation and security assessments to ensure compliance and support vulnerability management activities. 4) Initiate improvements of processes, system(s), or products to enhance performance of the technical area. 5) Maintain and regularly reconcile the inventory of applications and databases containing Technical Controlled Data to ensure compliance with export control laws and regulations. 6) Assist data owners and IT in identifying technology and technical information that falls under U.S. export laws. 7) Verify Non-US Person resources (contractors and employees) hiring/onboarding qualification by confirming with leadership whether access to Export Controlled technical data is required. 8) In-take Non-US Persons' visitation requests and approve their access to APS facilities. 9) Coordinate with internal and external legal counsel to determine appropriate paths forward when sharing Export Controlled technical data with Non-US Persons. 10) Provide comments/feedback in contract negotiation process for export compliance-related terms and conditions. 11) Create and provide regulatory-required reporting to the U.S. Department of Energy. 12) Participate in vendor risk management processes to assess vendors who will be in possession of APS sensitive information. 13) Assist in cybersecurity and data protection awareness efforts to educate APS workforce on safe data use and handling. 14) Utilize systems that help prevent inadvertent over-sharing of data classified as confidential and above, operating as the subject matter expert concerning Technical Controlled Data. 15) May help train and assist entry level employees. Export Compliance / EEO Statement: This position may require access to and/or use of information subject to control under the Department of Energy's Part 810 Regulations (10 CFR Part 810), the Export Administration Regulations (EAR) (15 CFR Parts 730 through 774), or the International Traffic in Arms Regulations (ITAR) (22 CFR Chapter I, Subchapter M Part 120) (collectively, 'U.S. Export Control Laws'). Therefore, some positions may require applicants to be a U.S. person, which is defined as a U.S. Citizen, a U.S. Lawful Permanent Resident (i.e. 'Green Card Holder'), a Political Asylee, or a Refugee under the U.S. Export Control Laws. All applicants will be required to confirm their U.S. person or non-US person status. All information collected in this regard will only be used to ensure compliance with U.S. Export Control Laws, and will be used in full compliance with all applicable laws prohibiting discrimination on the basis of national origin and other factors. For positions at Palo Verde Nuclear Generating Stations (PVNGS) all openings will require applicants to be a U.S. person. Pinnacle West Capital Corporation and its subsidiaries and affiliates ('Pinnacle West') maintain a continuing policy of nondiscrimination in employment. It is our policy to provide equal opportunity in all phases of the employment process and in compliance with applicable federal, state, and local laws and regulations. This policy of nondiscrimination shall include, but not be limited to, recruiting, hiring, promoting, compensating, reassigning, demoting, transferring, laying off, recalling, terminating employment, and training for all positions without regard to race, color, religion, disability, age, national origin, gender, gender identity, sexual orientation, marital status, protected veteran status, or any other classification or characteristic protected by law. For more information on applicable equal employment regulations, please refer to EEO is the Law poster. Federal law requires all employers to verify the identity and employment eligibility of every person hired to work in the United States, refer to E-Verify poster. View the employee rights and responsibilities under the Family and Medical Leave Act (FMLA). Arizona Public Service is a smoke free workplace.
The Cyber Information Assurance Analyst II is responsible for the design and implementation of information assurance and data security in applications, software, databases, flat files and procedures. Assesses and mitigates data security threats and risks throughout the data life cycle and validates data security requirements through analysis. Operates as the Export Compliance program lead to ensure compliance with U.S. Export laws concerning Technical Controlled Data (TCD) and Non-U.S. Person onsite visitations. Minimum Requirements: - Bachelors' degree in computer science, business administration, finance, accounting, or related field and two (2) years prior relevant experience or equivalent combination of education and directly related experience. Preferred Special Skills, Knowledge or Qualifications: -Risk management and information security experience and a familiarity with the National Institute of Standards and Technology (NIST), Critical Infrastructure Protection (CIP) or Generally Accepted Privacy Principles (GAPP). -Knowledge of information assurance regulations and standards, cybersecurity requirements and control designs, and/or Information Assurance Vulnerability Management (IAVM) program. -Experience in or an ability to maintain and mature a compliance program which specializes in data protection and compliance with U.S. export control regulations. Major Accountabilities: 1) Perform risk management tasks to identify cybersecurity risks, measure the implementation of controls to achieve data protection requirements, and create processes to address gaps or concerns. 2) Follow information security and data protection frameworks to ensure adequate protection procedures exist around APS' sensitive information, with in-depth knowledge on technical controlled information. 3) Provides analysis, design, development, implementation and security assessments to ensure compliance and support vulnerability management activities. 4) Initiate improvements of processes, system(s), or products to enhance performance of the technical area. 5) Maintain and regularly reconcile the inventory of applications and databases containing Technical Controlled Data to ensure compliance with export control laws and regulations. 6) Assist data owners and IT in identifying technology and technical information that falls under U.S. export laws. 7) Verify Non-US Person resources (contractors and employees) hiring/onboarding qualification by confirming with leadership whether access to Export Controlled technical data is required. 8) In-take Non-US Persons' visitation requests and approve their access to APS facilities. 9) Coordinate with internal and external legal counsel to determine appropriate paths forward when sharing Export Controlled technical data with Non-US Persons. 10) Provide comments/feedback in contract negotiation process for export compliance-related terms and conditions. 11) Create and provide regulatory-required reporting to the U.S. Department of Energy. 12) Participate in vendor risk management processes to assess vendors who will be in possession of APS sensitive information. 13) Assist in cybersecurity and data protection awareness efforts to educate APS workforce on safe data use and handling. 14) Utilize systems that help prevent inadvertent over-sharing of data classified as confidential and above, operating as the subject matter expert concerning Technical Controlled Data. 15) May help train and assist entry level employees. Export Compliance / EEO Statement: This position may require access to and/or use of information subject to control under the Department of Energy's Part 810 Regulations (10 CFR Part 810), the Export Administration Regulations (EAR) (15 CFR Parts 730 through 774), or the International Traffic in Arms Regulations (ITAR) (22 CFR Chapter I, Subchapter M Part 120) (collectively, 'U.S. Export Control Laws'). Therefore, some positions may require applicants to be a U.S. person, which is defined as a U.S. Citizen, a U.S. Lawful Permanent Resident (i.e. 'Green Card Holder'), a Political Asylee, or a Refugee under the U.S. Export Control Laws. All applicants will be required to confirm their U.S. person or non-US person status. All information collected in this regard will only be used to ensure compliance with U.S. Export Control Laws, and will be used in full compliance with all applicable laws prohibiting discrimination on the basis of national origin and other factors. For positions at Palo Verde Nuclear Generating Stations (PVNGS) all openings will require applicants to be a U.S. person. Pinnacle West Capital Corporation and its subsidiaries and affiliates ('Pinnacle West') maintain a continuing policy of nondiscrimination in employment. It is our policy to provide equal opportunity in all phases of the employment process and in compliance with applicable federal, state, and local laws and regulations. This policy of nondiscrimination shall include, but not be limited to, recruiting, hiring, promoting, compensating, reassigning, demoting, transferring, laying off, recalling, terminating employment, and training for all positions without regard to race, color, religion, disability, age, national origin, gender, gender identity, sexual orientation, marital status, protected veteran status, or any other classification or characteristic protected by law. For more information on applicable equal employment regulations, please refer to EEO is the Law poster. Federal law requires all employers to verify the identity and employment eligibility of every person hired to work in the United States, refer to E-Verify poster. View the employee rights and responsibilities under the Family and Medical Leave Act (FMLA). Arizona Public Service is a smoke free workplace.