Third Party Cyber Analyst/Senior Third Party Cyber Analyst

About Ameren Services (B&CS)

Ameren Services provides administrative support and services to Ameren Corporation and its operating companies, subsidiaries and affiliates. Ameren Services includes a wide range of skill sets and roles, from finance and legal experts to digital and cyber specialists, plus those charged with ensuring environmental compliance and operational safety. Together, we help execute a strategy that enables Ameren to deliver superior long-term value to customers, shareholders and the environment.

Our benefits include:

• Medical coverage on date of hire

• 100% employer paid cash balance pension plan

• 401(k) with company match fully vested on date of hire

• Minimum of 15 days paid vacation and 12 paid holidays

• Paid parentalleave and family caregiver leave

Visit our Benefits & Perks Page for more information on benefits provided to regular full-time employees.

About The Position

The Third-Party Cybersecurity Analyst will build, develop, and maintain relationships with various stakeholders to support proper cybersecurity related contract negotiations for Ameren across the various segments. Must have knowledge of security areas such as auditing, policy, and risk analysis. It is also imperative this role anticipates methods and processes employed by both internal and external auditors/regulators to effectively assist, facilitate, and/or perform assessments across our Cybersecurity Third Party Risk Management (TPRM) Program.

This is a hybrid role located at our corporate headquarters in downtown St. Louis, MO.

Key responsibilities include:

• Must be able to establish and maintain business relationships with individual contributors as well as management.
• Support stakeholders during contract development and negotiation processes providing guidance on cybersecurity risk related questions and activities based on leading practices as illustrated by NIST CSF and other industry-accepted security control frameworks.
• Point of contact for stakeholders to assist with obtaining required Cybersecurity reviews and approvals as it relates to the contract intake process and workflows.
• Execute controls and maintain evidence of compliance with applicable regulatory standards (e.g., NERC CIP)
• Assist with the analysis, development, and implementation of processes, procedures, and tools to facilitate and enable proper evaluation and on-going monitoring of third-party supplier cybersecurity risk.
• Participate in the periodic recertification of third-party contract deliverables (e.g., SOC II, and/or III reports, Attack and Penetration assessments)
• Track and update key metrics through TPRM toolsets that indicate the current health of the Cybersecurity TPRM Program.
• Participate in the development and/or delivery of training to the various supply chain stakeholders and/or business on relative cybersecurity risks.
• Performs other duties as assigned to assess, mitigate, and monitor third-party supplier cybersecurity risk.

• Bachelor's Degree required, preferably in Cybersecurity, Computer Science, Management Information Systems, Engineering, or equivalent computer or applicable business-related field
• Two or more years relevant experience working in Cybersecurity, Enterprise Information Technology, or technical Advisory or Compliance role is required.
• Consideration will be given to candidates with four or more years of relevant experience in lieu of the degree requirement.
• Two or more years of experience working with or assessing third party supplier security risk and compliance with regulatory standards (e.g., NERC CIP) is preferred
• Professional certification preferred (e.g. CISA, CISM, CISSP).

• Bachelor's Degree required, preferably in Cybersecurity, Computer Science, Management Information Systems, Engineering, or equivalent computer or applicable business-related field
• 4+ years' relevant experience in a Cybersecurity, Enterprise Information Technology or Advisory team is required
• Consideration will be given to candidates with eight or more years of relevant experience in Cybersecurity and/or a technology field (e.g., Cybersecurity, IT or Advisory) in lieu of the degree requirement.
• Experience working with or assessing third party supplier security risk and compliance with regulatory standards (e.g., NERC CIP) is preferred
• Professional certification preferred (e.g., CISA, CISM or CISSP).
• The ability to travel an average of 10%-20% per year is required.

In addition to the above qualifications, the successful candidate will demonstrate:

• Ability to communicate clearly, effectively, persuasively and credibly with internal management and external senior level oversight entities.
• Effective organizational and prioritization skills.
• Knowledge of cybersecurity and supplier risk practices and techniques
• Knowledge of common cybersecurity frameworks (e.g., NIST Cybersecurity Framework).

Ameren's selection process includes a series of interviews and may include a leadership assessment process. Specific details will be provided to qualified candidates.

Hybrid employees are required to regularly come into their designated facility a minimum of 3 days per week.

#LI-Hybrid

Compensation Range:

* This pay range encompasses multiple levels of the role. Career level and compensation depends upon applicant's credentials.

At Ameren, base salary is one component of a competitive compensation package for employees. Our pay ranges are broad to allow for movement within our organization and to accommodate different skill sets and levels of expertise. We take into consideration a variety of factors including, but not limited to, skills, abilities, experience, education, credentials, and internal equity when determining the base salary offered. Roles are eligible for additional rewards including annual incentive payments based on individual and company performance.

If end date is listed, the posting will come down at 12:00 am on that date:

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, ethnicity, age, disability, genetic information, military service or status, pregnancy, marital status, sexual orientation, gender identity or expression, or any other class, trait, or status protected by law.