Analyst Physical Security GRC 3

We are engineers, high line workers, power plant managers, accountants, electricians, project coordinators, risk analysts, customer service operators, community representatives, safety and security specialists, communicators, human resources partners, information technology technicians and much, much more. We are 3,500 people committed to enhancing the lives of the communities we serve. Together, we are powering the growth and success of our community progress every day! Pay Grade 15* Deadline to Apply: October 31, 2025, at 11:59 p.m. CST The 12-month requirement has been waived for this position. • Qualifications may warrant placement at a different job level. Position Summary This position operates on a hybrid schedule, and applicants must reside within 120 miles of San Antonio, TX. Integrated Security is responsible for the overall security of the company's personnel, physical and IT assets, and facilities. Based on security risks, Integrated Security establishes and continuously improves security policies, procedures & standards, infrastructure, human and technical preventive measures, employee security awareness, alarm, and incident response capabilities, etc., to safeguard the company's business operations. This is an individual contributor position that develops and/or maintains security roles for access and compliance risk. business applications, analytic systems, third-party systems and responsible for managing application risk. The position also develops and/or maintains security operations and NERC-related processes, procedures and performs administrative tasks necessary to control several types of organizational risks, govern NERC requirements and security access authorizations. The position must also monitor and interpret the various regulatory statutes and protocols as well as coordinate and implement new initiatives related to governance, risk and compliance for internal and external audits. Tasks and Responsibilities • Internal physical access consultant for governance, risk, and compliance (GRC) activities. • Collaborate in the development and implementation of programs, processes, and procedures used to support governance, risk, and compliance efforts. • Responsible for analyzing and determining if a segregation of duties (SoD) conflict/risk exists within a group of transactions, and work with stakeholders to address risk. • Collaborate with security staff, cross-functional teams, and business owners to ensure appropriate role, authorization, and access controls are in place that support security governance. • Completes assigned compliance and operational risk testing activities in accordance with established timelines and high standards of quality. • Under minimal guidance, conducts appropriate, independent testing to ensure operational risks and compliance requirements are adhered to. • Understand, communicate and translate authorization concepts to business owners, and security staff. • Develop security deliverables for enhancements to production systems. • Utilize GRC tools to manage list of external authoritative sources, information technology controls, corporate policies and procedures, vendor management system, and risk management workflows. • Acts as consultant on various regulatory standards and requirements impacting CPS Energy and the security organization. • Collaborate with various business units to understand, resolve, or mitigate constraints impacting their operations and their risks associated with GRC controls. • Consults on security risk and vulnerability assessment to proactively secure the organization. • Acts as consultant on Physical Security Reviews. • Prepares internal and external audit evidence. • Ensures adherence of controls to maintain proficiency with applicable laws, regulations, and standards. • Performs other duties as assigned. Minimum Skills Minimum Knowledge and Abilities Solid knowledge of data governance and privacy. Solid knowledge of compliance related activities (NERC, PCI, HIPAA). Solid knowledge of risk management processes (e.g., methods for assessing and mitigating risk) Solid knowledge of laws, regulations, policies, and ethics as they relate to security and privacy Solid knowledge of analytical constructs and their use in assessing the operational environment Proficient with Microsoft Office suite, including word processing, spreadsheets, and presentation software. Proficient with Database administration to include (MS SQL Server and Oracle) Skill in assessing and/or estimating effects generated during and after operations Skill in defining and characterizing all pertinent aspects of the operational environments Skill in providing understanding of target through the identification and analysis of physical, functional, or behavioral relationships. Skill in utilizing feedback to improve processes, products, and services Strong ability to diagnose and troubleshoot moderately complex security issues (e.g.,: security authorizations, account provisioning/deprovisioning, compliance issues) Ability to speak in public as a consultant Strong ability to comprehend results from security assessment and analyze impacts of those assessments. Ability to provide after hours and/or on-call system support Ability to recommend approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists. Effectively handles moderately complex assignments collaboratively or independently, occasionally under time constraints Preferred Qualifications • Advanced knowledge of the Energy Sector (Gas and Electric) • Advanced knowledge of GRC practices • Security, GRC or audit related professional certifications • Experience of State, local, and Federal law enforcement • Excellent Presentation skills Competencies Demonstrating Initiative Communicates Effectively Coordinating Project Activities Creating and Maintaining Networks Delivering High Quality Work Driving Continuous Improvement Minimum Education Bachelor’s Degree in Busi Administration, Inform Systems, Information Technology, Information Technology Security, Computer Science, Mgmnt Information Systems, Security Operations, Criminal Justice, Accounting; or equivalent work experience. Required Certifications Working Environment The work environment includes extensive indoor work, computer usage, manual dexterity, talking on the phone and in-person, hearing, and performing repetitive motions. Must have the ability to travel to and from meetings, training sessions, and other business related events. Work responsibilities include being on-call as needed after the normal workday and/or on weekends. Physical Demands Exerting up to 10 pounds of force occasionally, and/or a negligible amount of force frequently or constantly to lift, carry, push, pull or otherwise move objects, including the human body. Sedentary work involves sitting most of the time. Jobs are sedentary if walking and standing are required only occasionally, and all other sedentary criteria are met. CPS Energy does not discriminate against applicants or employees. CPS Energy is committed to providing equal opportunity in all of its employment practices, including selection, hiring, promotion, transfers and compensation, to all qualified applicants and employees without regard to race, religion, color, sex, sexual orientation, gender identity, national origin, citizenship status, veteran status, pregnancy, age, disability, genetic information or any other protected status. CPS Energy will comply with all laws and regulations.