Senior Cybersecurity Risk Analyst

Company Summary Statement

As one of the largest investor-owned utility companies in the United States, PPL Corporation (NYSE: PPL), is committed to creating long-term, sustainable value for our 3.5 million customers, our share owners and the communities we serve. Our high-performing regulated utilities — PPL Electric Utilities, Louisville Gas and Electric, Kentucky Utilities and Rhode Island Energy — provide an outstanding experience for our customers, consistently ranking among the best utilities in the nation.

PPL’s companies are also addressing challenges head-on by investing in new infrastructure and technology that is creating a smarter, more reliable and resilient energy grid. We are committed to doing our part to advance a cleaner energy future and drive innovation that enables us to achieve net‑zero carbon emissions by 2050 while maintaining energy reliability and affordability for the customers and communities we serve.

PPL is a positive force in the cities and towns where we do business, providing support for programs and organizations that empower the success of future generations by helping to build and maintain strong, diverse communities today.

NOTE:
This is a hybrid position requiring on-site presence three days per week at one of our local offices in Allentown, PA;
Louisville, KY or Providence, RI locations. LI-Hy #INDPPL

PPL is seeking a Senior Cybersecurity Risk Analyst to join its Enterprise Cybersecurity Governance, Risk, and Compliance team. This role is responsible for leading the execution of cybersecurity and IT risk assessments, identifying and analyzing risk exposures, and supporting the development of risk mitigation strategies across the enterprise. The analyst will work closely with cross-functional teams comprised of cybersecurity, IT and business stakeholders to continuously improve PPL’s risk posture.

• Collaborate with cybersecurity, IT and business stakeholders to identify, assess and mitigate risk exposure.
• Lead and conduct cybersecurity and IT risk assessments across systems, applications and business processes.
• Maintain and enhance risk register, dashboards and risk reporting mechanisms.
• Analyze risk trends and develop actionable insights to inform strategic enterprise decision-making.
• Develop and refine cybersecurity policies, standards and procedures in alignment with industry best practices.
• Monitor emerging threats, vulnerabilities and regulatory changes, and assess their impact on enterprise risk.
• Provide mentorship and guidance to junior analysts and contribute to team knowledge sharing.
• Participate in incident response and post‑incident risk analysis to identify root causes and recommend improvements.
• All other duties and projects as assigned.

• Education:
  
  Bachelor’s Degree in relevant field (e.g., Cybersecurity, Risk Management, Computer Science, Computer Information Systems).
• Experience:
  
  5+ years of progressive IT experience working within modern IT environments, including cloud-based platforms, enterprise infrastructure or cybersecurity.
• Knowledge of risk management frameworks, particularly NIST Cybersecurity Framework, NIST Risk Management Framework, and the FAIR model.
• Excellent communication and stakeholder engagement skills, including the ability to clearly and concisely translate complex technical details into business-relevant terms for non‑technical stakeholders and effectively communicate high‑risk issues for timely escalation and decision‑making.
• Licensure / Other
  
  Qualifications:
  
  Holds, or must be willing to obtain professional certification such as CRISC, CISA, or CISSP, within 12‑18 months of hire.

• 5+ years’ work experience in cybersecurity, risk management, audit or related field.
• Proficiency in risk analysis, documentation and reporting.
• Experience with industry recognized GRC platforms.
• Proficiency in one or more programming or scripting languages (e.g., Python, Power Shell) to automate risk analysis tasks, streamline reporting and integrate with APIs for data collection and system integration.
• Technical expertise in system architecture, virtualization and network security, with the ability to assess and mitigate risks across hybrid environments.

The company reserves the right to determine if this position will be assigned to work on-site, remotely, or a combination of both. Assigned work location may change. In the case of remote work, physical presence in the office/on‑site may be required to engage in face‑to‑face interaction and coordination of work among direct reports and co‑workers.

Our company is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, national origin, protected veteran status, sexual orientation, gender identity, genetic information, disability status or any other protected characteristic.