Careerlink Login
Back to Search New Search

Cyber Security Risk Analyst (GRC)

Omaha Public Power District Omaha, NE

Job Description



***OPPD is very aware of the potential risks of COVID-19 and are evaluating all necessary precautions. With that, we are limiting travel and face to face interviews until further notice, so please expect some delays in processing of your application of interest***

OPPD's Cybersecurity Risk Analyst position provides specialized enterprise-wide cybersecurity risk management to assist with maintaining an acceptable level of security and privacy risk while ensuring cybersecurity resilience of OPPD's Corporate systems, information, and network infrastructure. The Analyst, Cybersecurity Risk is responsible for assisting in the development and delivery of a comprehensive security and privacy risk management framework and the evaluation of defense-in-depth layering of security principles and controls to reduce and manage IT risks and ensure the protection of OPPD's people, processes, and technology. These efforts support OPPD's Cybersecurity team and other business units by providing analysis and advice regarding cyber related business risks across OPPD. This work demands initiative, analytical skills, and technical expertise while working to maintain and broaden their professional expertise through approved training, collaboration with peers, and attendance at professional meetings/conferences.

  1. Cybersecurity Risk Management:
    • Conduct formal risk assessments to identify, assess, and measure information security risks for systems, facilities, networks, projects.
    • Prepare risk assessment reports, to support management action, escalation and risk acceptance processes resulting from risk assessments.
    • Identify opportunities to improve risk posture, proposing solutions for remediating or mitigating risk and assessing the residual risk.
    • Manage relationships with security, technology, and business stakeholders to identify and communicate security risks and mitigation approaches.
  2. Cybersecurity Governance:
    • Develop and maintain cybersecurity policies and supporting documentation (i.e., standards, procedures, etc.) and ensure control requirements and policy guidance remains current and applicable.
    • Develop strategies to share and socialize cybersecurity policies and supporting documentation across the organization.
    • Assist with the development and implementation of technology and process solutions to remediate policy gaps.
    • Oversee the team's root cause analysis, corrective action plans, and investigative reports for privacy and cyber security incidents.
    • Conduct investigations, ensure proper documentation is maintained regarding privacy and information security incidents, and monitor key elements of the privacy and information program, including ensuring implementation of training programs.
  3. Third Party Security:
    • Review assessments to ensure the services, provided by key third party vendors, suppliers and business partners do not pose a risk of OPPD's business operations.
  4. Project Risk Management:
    • Participate as a business partner liaison and information security subject matter expert to help functional teams, internal project teams, business stakeholders, and external partners understand policies and control requirements effectively implement and manage their risk mitigation safeguards.
  5. Training and Awareness:
    • Assist in the continuous development, implementation, and ongoing maintenance of the security training and awareness education program. 
    • Support creation and delivery of security and data protection awareness training content to end users.




  • Bachelor's degree in a technical/engineering discipline; or equivalent experience required 
  • At least 2 years of relevant work experience in IT risk management, Information Security, internal audit, Information Technology, risk management, compliance or other relevant field.
  • Knowledge and experience with Information Assurance (IA) technology, NIST standards, or other security risk frameworks (Experience with ISO 27001, PCI DSS, SOC 1, SOC 2)


  • Third party, technology, and project risk assessment experience.
  • Experience with Governance, Risk, and Compliance tools
  • CISSP or related information security certification
  • Knowledge of security methodologies, policies, standards and industry practices
  • Knowledge of information technology systems, infrastructure and operations
  • Experience performing information security assessments and compliance audits in the global high-tech industry; demonstrable and deep understanding of common security controls, processes and technical solutions to safeguard network, system, application and data in on premise and cloud environments. 
  • Experience in developing information security policies, standards and other forms of information security program documentation. 

Closing Statement


Salary Grade: S4 

Minimum: $78,265 

Midpoint: $97,831

Org Marketing Statement


EOE: Protected Veterans/Disability

How To Apply


Apply online at on or before July 9, 2020.

Recruiter: Laura Fritson -

**PLEASE NOTE** - Your application has not been submitted unless you have applied for a specific requisition.  If you have not chosen a specific opening, your application will remain in DRAFT form and will not be viewed by our Human Capital staff.

***OPPD is very aware of the potential risks of COVID-19 and are evaluating all necessary precautions. With that, we are limiting travel and face to face interviews until further notice, so please expect some delays in processing of your application of interest***

Job Details

Date Posted June 26, 2020
Date Closes August 25, 2020
Requisition 296070
Located In Omaha, NE
SOC Category 00-0000.00