Cyber Information Assurance Analyst II / III

Summary

Cyber Information Assurance Analyst II / III

At APS, we’re powering a cleaner, smarter energy future—and protecting our data and systems is at the heart of that mission. As a Cyber Information Assurance Analyst, you’ll play a key role in safeguarding information across applications, software, databases, and procedures. You’ll design and implement security controls, analyze risks, and ensure compliance with U.S. Export laws—making you a trusted advisor and guardian of critical information.

This is more than just a technical role—it’s a chance to influence security strategy, partner with experts across the business, and help us innovate while keeping our data secure. If you’re passionate about both technology and compliance, this is your opportunity to make an impact.

What your day would be like:

You are responsible for:

• Designing and implementing data security and information assurance measures across applications, software, databases, and files.
• Assessing and mitigating data security threats and risks throughout the full data life cycle.
• Analyzing and validating data security requirements to ensure reliability, resilience, and compliance.
• Leading the Export Compliance program to ensure adherence to U.S. export laws related to Technical Controlled Data (TCD) and Non-U.S. Person onsite visitations.
• Collaborating with IT, security, and business stakeholders to embed security best practices into daily operations.
• Staying ahead of emerging risks, technologies, and compliance regulations to strengthen APS’s overall security posture.

Minimum Requirements

Cyber Information Assurance Analyst II

• Bachelors' degree in computer science, business administration, finance, accounting, or related field 
• PLUS two (2) years prior relevant experience or equivalent combination of education and directly related experience.
• Requires working technical knowledge gained through experience within a job area or system

Cyber Information Assurance Analyst III

• Bachelors' degree in computer science, business administration, finance, accounting or related field
• PLUS five (5) years of prior relevant experience or equivalent combination of education and directly related experience.
• Risk management and information security framework experience.
• Requires advanced level knowledge gained through experience within a job area or system.

Preferred Special Skills, Knowledge or Qualifications:

• Risk management and information security experience and a familiarity with the National Institute of Standards and Technology (NIST), Critical Infrastructure Protection (CIP) or Generally Accepted Privacy Principles (GAPP).
• Knowledge of information assurance regulations and standards, cybersecurity requirements and control designs, and/or Information Assurance Vulnerability Management (IAVM) program.
• Experience in or an ability to maintain and mature a compliance program which specializes in data protection and compliance with U.S. export control regulations.

Major Accountabilities

1) Perform risk management tasks to identify cybersecurity risks, measure the implementation of controls to achieve data protection requirements, and create processes to address gaps or concerns.

2) Follow information security and data protection frameworks to ensure adequate protection procedures exist around APS' sensitive information, with in-depth knowledge on technical controlled information.

3) Provides analysis, design, development, implementation and security assessments to ensure compliance and support vulnerability management activities.

4) Initiate improvements of processes, system(s), or products to enhance performance of the technical area.

5) Maintain and regularly reconcile the inventory of applications and databases containing Technical Controlled Data to ensure compliance with export control laws and regulations.

6) Assist data owners and IT in identifying technology and technical information that falls under U.S. export laws.

7) Verify Non-US Person resources (contractors and employees) hiring/onboarding qualification by confirming with leadership whether access to Export Controlled technical data is required.

8) In-take Non-US Persons’ visitation requests and approve their access to APS facilities.

9) Coordinate with internal and external legal counsel to determine appropriate paths forward when sharing Export Controlled technical data with Non-US Persons.

10) Provide comments/feedback in contract negotiation process for export compliance-related terms and conditions.

11) Create and provide regulatory-required reporting to the U.S. Department of Energy.

12) Participate in vendor risk management processes to assess vendors who will be in possession of APS sensitive information.

13) Assist in cybersecurity and data protection awareness efforts to educate APS workforce on safe data use and handling.

14) Utilize systems that help prevent inadvertent over-sharing of data classified as confidential and above, operating as the subject matter expert concerning Technical Controlled Data.
15) May help train and assist entry level employees.

Export Compliance / EEO Statement

This position may require access to and/or use of information subject to control under the Department of Energy's Part 810 Regulations (10 CFR Part 810), the Export Administration Regulations (EAR) (15 CFR Parts 730 through 774), or the International Traffic in Arms Regulations (ITAR) (22 CFR Chapter I, Subchapter M Part 120) (collectively, 'U.S. Export Control Laws'). Therefore, some positions may require applicants to be a U.S. person, which is defined as a U.S. Citizen, a U.S. Lawful Permanent Resident (i.e. 'Green Card Holder'), a Political Asylee, or a Refugee under the U.S. Export Control Laws. All applicants will be required to confirm their U.S. person or non-US person status. All information collected in this regard will only be used to ensure compliance with U.S. Export Control Laws, and will be used in full compliance with all applicable laws prohibiting discrimination on the basis of national origin and other factors. For positions at Palo Verde Nuclear Generating Stations (PVNGS) all openings will require applicants to be a U.S. person.

Pinnacle West Capital Corporation and its subsidiaries and affiliates ('Pinnacle West') maintain a continuing policy of nondiscrimination in employment. It is our policy to provide equal opportunity in all phases of the employment process and in compliance with applicable federal, state, and local laws and regulations. This policy of nondiscrimination shall include, but not be limited to, recruiting, hiring, promoting, compensating, reassigning, demoting, transferring, laying off, recalling, terminating employment, and training for all positions without regard to race, color, religion, disability, age, national origin, gender, gender identity, sexual orientation, marital status, protected veteran status, or any other classification or characteristic protected by law.

For more information on applicable equal employment regulations, please refer to EEO is the Law poster. Federal law requires all employers to verify the identity and employment eligibility of every person hired to work in the United States, refer to E-Verify poster. View the employee rights and responsibilities under the Family and Medical Leave Act (FMLA).

Arizona Public Service is a smoke free workplace.