TECO Energy
Cyber Risk Analyst
TECO Energy - Tampa, Florida, us, 33646
Work at TECO Energy
Overview
- View job
Overview
Power Up A Career With Us
At Tampa Electric, dependable electricity starts with dedicated individuals whose talent, skill, and passion drive our success. We've been lighting the way for West Central Florida for more than 125 yearsand we're just getting started. Join us and build a rewarding career with competitive pay, comprehensive benefits, and a culture that supports your growth. Your potential finds its purpose at Tampa Electric. We proudly deliver 99.98% electric service reliability to nearly 860,000 customers across 2,000 square miles of Hillsborough County and parts of Polk, Pasco, and Pinellas counties. Through innovation and strategic investments, we're creating a cleaner, brighter energy futurewhile delivering exceptional service every step of the way. We reflect the communities we serve and foster a workplace where every employee feels welcomed, valued, and engaged. Join our team of energy experts and help shape the future of power. Storm Duty Requirements Tampa Electric and its sister companies serve a role in providing critical services to our community during an emergency. Team members are required to participate in the response/recovery activities related to emergencies/disasters to maintain service to our Tampa Electric customers. Team members are required to work in their normal job duties or other assigned activities. Proper compensation will be made in accordance with the company's rules and procedures. Responding to storms will be considered a condition of employment. Title:
Sr Enterprise Cyber Risk Mgmt Analyst, Vulnerability Assessment, Progression Company:
Tampa Electric Company Location:
Ybor Data Center State and City:
Florida - Tampa Shift:
M-F, 4 days in office per week / 1 home office day Hiring Manager:
Alexis A Avila-Gonzalez Recruiter:
Mark E Koener Position Concept
The Enterprise Cyber Risk Analyst assumes a role in the implementation of the Enterprise Cyber Risk Management Framework which adheres to industry best practices and aligns with the organization's risk tolerance. Helps the organization protect assets from evolving cyber threats, stay in compliance with regulatory mandates, and foster a cyber risk aware culture. Serve as a solution orientated problem-solver with demonstrated knowledge of Information Security best practices. Ensures the integrity of the company's information resources at the network, operating system, and application levels. Provides support in a team setting, contributing to the systematic approach to cyber risk management to identify TECO's needs regarding information security requirements and the management of systems dedicated to monitoring and safeguarding enterprise assets. Performs cyber risk management activities and provides a methodology when performing risk analysis and risk evaluation. Primary Duties and Responsibilities
Responsible for the Identification of Risks on an ongoing effort to identify actions or conditions that can have adverse impacts on continuity of business or the cyber security of TECO. Responsible for the Classification and Prioritization of Risks, an ongoing analysis of the probability and impact associated with risks along with timeframes, where applicable, and their prioritization relative to other identified risks. Assists with Risk Mitigation decisions, actions, implementations, controls, or other activities that reduce the likelihood of a risk being realized, reduce the impact of the risk if realized, or improve TECO's response time and efficacy. 25% Assists with the oversight and Review of risks, their current probability and impact assessments, associated mitigation plans, and status of corrective measures currently underway or already undertaken along with efficacy review, where applicable, and a review of changing prioritization of said risks. Participate in developing and updating risk-related policies and procedures to align with industry standards and best practices. 25% Utilizes risk assessment tools and technologies for effective threat identification and analysis. Regularly report risk findings to relevant stakeholders, including creating detailed risk assessment reports and presentations for management. Maintains a strong working relationship with individuals and groups involved in managing information risks across the organization. 25% Participates in projects to recommend risk reduction. Exchange knowledge and information with other TECO facilities to ensure best practices are shared throughout the TECO organization. Partners and collaborate with other functional teams in support of cyber risk processes. 25% Qualifications
Education
Required: High School Diploma. Preferred: Bachelor's Degree in Computer Science, Information Systems or other Information Technology related field. Licenses/Certifications
Required: From the list of certification vendors, one related Information Security professional certification or ability to obtain via self-study within one year of hire date (ex: (ISC)2, GIAC, ISACA, CompTIA, e-Council, etc.). Preferred: ITIL v3 and two or more of the following or similar Information Security professional certifications (ex: ACE, CCE, CEH, CISA, CISM, CISSP, CRISC, EnCE, GCCC, GCDA, GCED, GCFA, GCFE, GCIA, GCIH, GCWN, GICSP, GMON, GNFA, GPEN, GPPA, GREM, GWAPT, GXPN, OSCP, SSCP). Related Experience
Required: 6 years of related Cyber Security or IT experience in Information Systems Audit or Assessor, Information Security, systems management, systems administration, information systems security, system certification, risk analysis). May consider a degree in lieu of experience. Associates degree with 4 years related experience required or Bachelor's Degree in Computer Science, Information Systems or other IT related discipline with 2 years related experience. Knowledge/Skills/Abilities (KSA) Required
Solid understanding of fundamental principles of cybersecurity, including threat landscape, vulnerabilities, and risk management. Familiarity with relevant security standards and frameworks such as NIST Special Publication 800-53, ISO 27001, and others depending on the industry. Knowledge of applicable laws and regulations governing information security, privacy, and data protection. Understanding of information technology systems, network architecture, and common technologies to assess security controls effectively. Knowledge of security control frameworks and their implementation, including access controls, encryption, and incident response. Knowledge of advanced cybersecurity tools and platforms, such as SIEM, IDS/IPS, endpoint protection, and threat intelligence solutions, for effective risk analysis and mitigation. Ability to conduct comprehensive risk assessments, identifying and analyzing security risks to information systems. Technical skills to assess security controls, perform vulnerability assessments, and understand the technical aspects of security implementations. Strong communication skills to effectively convey assessment findings, risks, and recommendations to technical and non-technical stakeholders. Ability to create clear and detailed documentation, including assessment plans, reports, and recommendations. Critical thinking and problem-solving skills to analyze complex security issues and recommend appropriate solutions. Keen eye for detail to identify vulnerabilities, weaknesses, and discrepancies in security controls and documentation. Ability to adapt to evolving cybersecurity threats, technologies, and regulatory requirements. Ability to analyze complex datasets and identify trends and patterns that could indicate cybersecurity risks or vulnerabilities. Adherence to ethical standards and professionalism, as SCAs often have access to sensitive information and play a critical role in maintaining the integrity of security assessments. Collaboration with various stakeholders, including system owners, security teams, and management, to ensure a comprehensive understanding of the information system and its security controls. Commitment to continuous learning and staying updated on the latest developments in cybersecurity, technology, and regulatory landscapes. Working Conditions
Normal working conditions with occasional weekend and overtime requirements, including on-call rotational support. Physical Demands/Requirements
Normal physical demands related to an office workplace environment. Position Concept
The Enterprise Cyber Risk Analyst Senior assumes a role in the implementation of the Enterprise Cyber Risk Management Framework which adheres to industry best practices and aligns with the organization's risk tolerance. Helps the organization protect assets from evolving cyber threats, stay in compliance with regulatory mandates, and foster a cyber risk aware culture. Collaborates with business units on cybersecurity, privacy, protection, and resilience of company assets, technology, and information. Ensures that the outcome of the risk assessment, risk treatment, and management plans remain relevant and appropriate to the circumstances, by using their
At Tampa Electric, dependable electricity starts with dedicated individuals whose talent, skill, and passion drive our success. We've been lighting the way for West Central Florida for more than 125 yearsand we're just getting started. Join us and build a rewarding career with competitive pay, comprehensive benefits, and a culture that supports your growth. Your potential finds its purpose at Tampa Electric. We proudly deliver 99.98% electric service reliability to nearly 860,000 customers across 2,000 square miles of Hillsborough County and parts of Polk, Pasco, and Pinellas counties. Through innovation and strategic investments, we're creating a cleaner, brighter energy futurewhile delivering exceptional service every step of the way. We reflect the communities we serve and foster a workplace where every employee feels welcomed, valued, and engaged. Join our team of energy experts and help shape the future of power. Storm Duty Requirements Tampa Electric and its sister companies serve a role in providing critical services to our community during an emergency. Team members are required to participate in the response/recovery activities related to emergencies/disasters to maintain service to our Tampa Electric customers. Team members are required to work in their normal job duties or other assigned activities. Proper compensation will be made in accordance with the company's rules and procedures. Responding to storms will be considered a condition of employment. Title:
Sr Enterprise Cyber Risk Mgmt Analyst, Vulnerability Assessment, Progression Company:
Tampa Electric Company Location:
Ybor Data Center State and City:
Florida - Tampa Shift:
M-F, 4 days in office per week / 1 home office day Hiring Manager:
Alexis A Avila-Gonzalez Recruiter:
Mark E Koener Position Concept
The Enterprise Cyber Risk Analyst assumes a role in the implementation of the Enterprise Cyber Risk Management Framework which adheres to industry best practices and aligns with the organization's risk tolerance. Helps the organization protect assets from evolving cyber threats, stay in compliance with regulatory mandates, and foster a cyber risk aware culture. Serve as a solution orientated problem-solver with demonstrated knowledge of Information Security best practices. Ensures the integrity of the company's information resources at the network, operating system, and application levels. Provides support in a team setting, contributing to the systematic approach to cyber risk management to identify TECO's needs regarding information security requirements and the management of systems dedicated to monitoring and safeguarding enterprise assets. Performs cyber risk management activities and provides a methodology when performing risk analysis and risk evaluation. Primary Duties and Responsibilities
Responsible for the Identification of Risks on an ongoing effort to identify actions or conditions that can have adverse impacts on continuity of business or the cyber security of TECO. Responsible for the Classification and Prioritization of Risks, an ongoing analysis of the probability and impact associated with risks along with timeframes, where applicable, and their prioritization relative to other identified risks. Assists with Risk Mitigation decisions, actions, implementations, controls, or other activities that reduce the likelihood of a risk being realized, reduce the impact of the risk if realized, or improve TECO's response time and efficacy. 25% Assists with the oversight and Review of risks, their current probability and impact assessments, associated mitigation plans, and status of corrective measures currently underway or already undertaken along with efficacy review, where applicable, and a review of changing prioritization of said risks. Participate in developing and updating risk-related policies and procedures to align with industry standards and best practices. 25% Utilizes risk assessment tools and technologies for effective threat identification and analysis. Regularly report risk findings to relevant stakeholders, including creating detailed risk assessment reports and presentations for management. Maintains a strong working relationship with individuals and groups involved in managing information risks across the organization. 25% Participates in projects to recommend risk reduction. Exchange knowledge and information with other TECO facilities to ensure best practices are shared throughout the TECO organization. Partners and collaborate with other functional teams in support of cyber risk processes. 25% Qualifications
Education
Required: High School Diploma. Preferred: Bachelor's Degree in Computer Science, Information Systems or other Information Technology related field. Licenses/Certifications
Required: From the list of certification vendors, one related Information Security professional certification or ability to obtain via self-study within one year of hire date (ex: (ISC)2, GIAC, ISACA, CompTIA, e-Council, etc.). Preferred: ITIL v3 and two or more of the following or similar Information Security professional certifications (ex: ACE, CCE, CEH, CISA, CISM, CISSP, CRISC, EnCE, GCCC, GCDA, GCED, GCFA, GCFE, GCIA, GCIH, GCWN, GICSP, GMON, GNFA, GPEN, GPPA, GREM, GWAPT, GXPN, OSCP, SSCP). Related Experience
Required: 6 years of related Cyber Security or IT experience in Information Systems Audit or Assessor, Information Security, systems management, systems administration, information systems security, system certification, risk analysis). May consider a degree in lieu of experience. Associates degree with 4 years related experience required or Bachelor's Degree in Computer Science, Information Systems or other IT related discipline with 2 years related experience. Knowledge/Skills/Abilities (KSA) Required
Solid understanding of fundamental principles of cybersecurity, including threat landscape, vulnerabilities, and risk management. Familiarity with relevant security standards and frameworks such as NIST Special Publication 800-53, ISO 27001, and others depending on the industry. Knowledge of applicable laws and regulations governing information security, privacy, and data protection. Understanding of information technology systems, network architecture, and common technologies to assess security controls effectively. Knowledge of security control frameworks and their implementation, including access controls, encryption, and incident response. Knowledge of advanced cybersecurity tools and platforms, such as SIEM, IDS/IPS, endpoint protection, and threat intelligence solutions, for effective risk analysis and mitigation. Ability to conduct comprehensive risk assessments, identifying and analyzing security risks to information systems. Technical skills to assess security controls, perform vulnerability assessments, and understand the technical aspects of security implementations. Strong communication skills to effectively convey assessment findings, risks, and recommendations to technical and non-technical stakeholders. Ability to create clear and detailed documentation, including assessment plans, reports, and recommendations. Critical thinking and problem-solving skills to analyze complex security issues and recommend appropriate solutions. Keen eye for detail to identify vulnerabilities, weaknesses, and discrepancies in security controls and documentation. Ability to adapt to evolving cybersecurity threats, technologies, and regulatory requirements. Ability to analyze complex datasets and identify trends and patterns that could indicate cybersecurity risks or vulnerabilities. Adherence to ethical standards and professionalism, as SCAs often have access to sensitive information and play a critical role in maintaining the integrity of security assessments. Collaboration with various stakeholders, including system owners, security teams, and management, to ensure a comprehensive understanding of the information system and its security controls. Commitment to continuous learning and staying updated on the latest developments in cybersecurity, technology, and regulatory landscapes. Working Conditions
Normal working conditions with occasional weekend and overtime requirements, including on-call rotational support. Physical Demands/Requirements
Normal physical demands related to an office workplace environment. Position Concept
The Enterprise Cyber Risk Analyst Senior assumes a role in the implementation of the Enterprise Cyber Risk Management Framework which adheres to industry best practices and aligns with the organization's risk tolerance. Helps the organization protect assets from evolving cyber threats, stay in compliance with regulatory mandates, and foster a cyber risk aware culture. Collaborates with business units on cybersecurity, privacy, protection, and resilience of company assets, technology, and information. Ensures that the outcome of the risk assessment, risk treatment, and management plans remain relevant and appropriate to the circumstances, by using their