Date: May 9, 2022
Location: San Antonio, TX, US, 78205
Company: CPS Energy
We are engineers, high line workers, power plant managers, accountants, electricians, project coordinators, risk analysts, customer service operators, community representatives, safety and security specialists, communicators, human resources partners, information technology technicians and much, much more. We are 3,300 people committed to enhancing the lives of the communities we serve. Together, we are powering the growth and success of our community progress every day!
Position Summary
This position is responsible for the distribution of security releases (patches, updates, upgrades) to company owned assets, to include server infrastructure, (physical and virtual) supporting business operations and operational technology such as server operating systems of corporate and SCADA systems, and related third party software. Responsible for reviewing the systems vulnerability assessments for risk mitigation and reporting the status of distribution and compliance levels to management. Perform oversight of the assessment and change processes of critical security releases considered for incorporation in the previous 35-day period or as scheduled. Coordinate with business areas to develop mitigation plans for NERC systems or non-critical releases to be tested and implemented based on patch management strategies. Perform activities required to support CPS Energy internal control and NERC regulatory audits. Assist business areas with the submission of mitigation plans.
GRADE: 15
DEADLINE TO APPLY: Open Until Filled
Tasks and Responsibilities
- Schedule and conduct patch management meetings every two weeks.
- Coordinate with SME’s of Bulk Electric Systems (BES) Cyber Systems and associated Cyber Assets to determine if there were any security releases.
- Ensure monthly service tickets and Requests for Change (RFC) are completed accurately and closed in a timely manner.
- Document service ticket and RFC ticket numbers with dates as evidence of check for release, evaluation and implementation.
- Condense, as necessary, the list of security releases to be reviewed at each meeting to save evaluation time.
- Coordinate with the support staff and application owners, to evaluate security releases and schedule for implementation or mitigation.
- Track and record the dates that security releases were received, assessed and implemented or mitigated.
- Track mitigations to ensure security releases are implemented timely, or the mitigation plan is extended or updated in accordance with company policies and processes.
- Ensure that patch management processes are documented accurately and actions taken are compliant with CPSE policies.
- Utilize automated software tools to evaluate applicable releases and report status.
- Work with SME’s to apply security releases to applicable devices consistent with procedures.
- Ensure patch management activities are tracked and approved within the configuration management and change control process.
- Ensure operational constraints are respected when conducting change activities.
- Escalate to IT Management and/or the CIP Senior Manager when security releases are in danger of missing the implementation deadline or mitigations need to be extended.
- Serve as the subject matter expert for patch management assessments and audits.
- Plans, performs, and implements process improvement initiatives to include process modeling and flowcharts.
- Assists with the collection of information related to system outages to identify root cause of problems, and measures performance against process requirements.
- Serves as an author of knowledge management solutions, and other technical documentation as needed
- Assist in the development and application of production readiness checklist for new cyber assets
- Resolve or escalate issues, assisting business areas with gap analysis
- Internal Audit liaison – monitor/action items, track RFI’s, working with the Enterprise Information Technology areas, ensuring that all actions are closed timely
- Assist with special reports and projects
- Attend regional Critical Infrastructure Protection Working Group (CIPWG) meetings, Texas Reliability Entity workshops and other related training to stay abreast of changes to regulatory requirements ensuring CPSE compliance.
Minimum Skills
Minimum Knowledge and Abilities
Preferred Qualifications
- Experience in North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) regulatory environment.
- IT auditing and/or security background
- Certified Information Systems Auditor or Manager (CISA/CISM), Certified Information Systems Security Professional (CISSP) or other security certification(s).
- Cyber vulnerability management experience.
Competencies
Minimum Education
Required Certifications
Working Environment
Physical Demands
CPS Energy does not discriminate against applicants or employees. CPS Energy is committed to providing equal opportunity in all of its employment practices, including selection, hiring, promotion, transfers and compensation, to all qualified applicants and employees without regard to race, religion, color, sex, sexual orientation, gender identity, national origin, citizenship status, veteran status, pregnancy, age, disability, genetic information or any other protected status. CPS Energy will comply with all laws and regulations.
Nearest Major Market: San Antonio
Job Segment:
Information Systems, Power Plant Operator, Business Process, Computer Science, Power Plant, Technology, Energy, Management