Requisition: 82464
PSEG Company: PSEG Long Island
Salary Range: $ 93,600 - $ 148,200
Work Location Category: Hybrid Fixed
Job SummaryThis position supports the organization's cybersecurity governance, risk, and compliance program through governance oversight, policy lifecycle management, standards alignment, risk and control assessments, audit coordination, compliance validation, issue remediation tracking, third-party risk review, and executive reporting and documentation.
The Cybersecurity GRC Analyst works closely with IT, Internal Audit, Compliance, Procurement, and business stakeholders to help ensure cybersecurity requirements are defined, documented, assessed, and monitored across the enterprise. This role is responsible for supporting the maintenance of cybersecurity policies and standards, conducting and documenting risk assessments, evaluating control effectiveness, coordinating audit and compliance activities, tracking remediation efforts, and preparing clear reporting for management and leadership.
Job Responsibilities- Support governance oversight activities for the cybersecurity program across the enterprise.
- Maintain and support policy lifecycle management, including the review, update, and communication of cybersecurity policies, standards, procedures, and related documentation.
- Assist with standards alignment to applicable requirements, contractual obligations, and recognized cybersecurity frameworks.
- Perform and document risk and control assessments for systems, applications, vendors, projects, and business processes.
- Identify control gaps, document findings, and support risk treatment planning with business and technical stakeholders.
- Assist with control documentation and control testing to evaluate design and operating effectiveness.
- Provide audit coordination support for internal audits, external audits, and regulatory assessments, including evidence gathering, response tracking, and issue follow-up.
- Support compliance validation activities to confirm required controls, processes, and documentation are in place and operating as intended.
- Support third-party risk review activities, including security questionnaires, documentation review, assessment follow-up, and findings management.
- Maintain risk registers, issue logs, exception records, remediation plans, and supporting documentation.
- Perform issue remediation tracking and follow up with stakeholders to support timely closure of findings, gaps, and action items.
- Prepare executive reporting and documentation related to risk posture, compliance status, audit results, remediation progress, control maturity, and key metrics.
- Support governance committees, risk discussions, and management reporting through accurate and organized documentation.
- Contribute to continuous improvement of GRC processes, templates, reporting, and governance practices.
Job Specific Qualifications- Bachelors degree in Cybersecurity, Information Systems, Computer Science, Business, Risk Management or related discipline.
- With four (4) or more years of experience in cybersecurity governance, risk, compliance, IT audit, internal controls, or related field.
- Candidates without a degree who have 8 years of experience in cyber security governance risk and compliance will be considered.
- Proficiency with Cyber GRC technologies (such as ServiceNow, Archer, RSAM, etc.)
- Background supporting governance oversight, policy lifecycle management, and standards alignment activities.
- Track record performing risk and control assessments and documenting findings, recommendations, and remediation actions.
- History of supporting control testing, audit coordination, and compliance validation activities.
- Direct involvement with third-party risk review, vendor assessment support, or related due diligence functions.
- Familiarity with issue remediation tracking, exception management, and reporting processes.
- Advanced analytical, organizational, reporting, and documentation skills.
- Excellent written and verbal communication skills with the ability to work effectively with technical and non-technical stakeholders.
- Ability to manage multiple priorities, maintain detailed records, and work independently with limited supervision.
Desired:- Working knowledge of cybersecurity frameworks and control standards such as NIST CSF, NIST SP 800-53, ISO 27001, and CIS Controls.
- Cybersecurity certification such as Security+, CISSP, CISA
Please Note the Following:
- This position falls under the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) and requires NERC CIP background investigation prior to start.
Some positions at PSEG require access to information covered by the Department of Energy's regulation 10 CFR 810 (Part 810). If applicable, the successful applicant must prove they are: (1) a citizen or national of the USA; OR (2) a lawful permanent resident of the United States (Non-Conditional Permanent I-551 / Green Card / Permanent Resident Card holder); OR (3) a citizen, national, or permanent resident of a "Generally Authorized" destination on the attached list and not also a citizen, national, permanent resident of any country not listed; OR (4) a "Protected Individual" under the Immigration and Naturalization Act (8 U.S.C 1324b(a)(3)).
As an employee of PSEG Long Island, you should be aware that during storm/outage restoration efforts, you may be required to perform functions different from normal operations and work extended hours beyond your regular work schedule. You may also be required to work on premise or in an alternate location as directed by the company.
For all roles, PSEGLI's drug and alcohol testing program includes pre-employment testing, testing for cause, and post-incident/accident testing.
Employees who are hired or transfer into a federally regulated role (including positions covered by USDOT, PHMSA, or NRC regulations) are subject to random drug and alcohol testing, inclusive of marijuana. Although numerous states throughout the country have legalized marijuana/cannabis products recreationally and medically, the use of these products are prohibited for employees in federally regulated roles. Please note that the use of CBD products may result in a positive drug test for THC/Marijuana and such use is not a legitimate medical explanation for a positive result.
If you are a current PSEG employee and offered an opportunity with PSEG Long Island, you will be treated as a new hire. Please note that as a new hire to the Long Island subsidiary, your benefits will change and generally will be consistent with other similarly situated PSEG Long Island new hires. Similarly, for PSEG Long Island employees who accept job opportunities with PSEG or any of its subsidiaries (other than PSEG Long Island), their benefits will change and generally be consistent with other similarly situated new hires of that company.