Vacancy expired!
This role often leads teams in performing more complex
cyber compliance program governance or development of policies, procedures, and tools to maintain a strong cyber compliance posture. Specific duties include:•Maintains the cyber regulatory compliance program for processes, applications, and systems across business units.•Leverages cyber security and operational best practices and detailed understanding of cyber regulatory requirements to define guidance for how compliance is achieved and to provide governance and oversight to the compliance and operational program.•Will often provide technical guidance or evaluation of technical procedures towards achieving compliance; reduces or eliminates of audit findings; implements changes and ensures compliance with all regulatory requirements.•Often leads and participates in compliance-related projects requiring advanced knowledge of regulatory requirements as well as knowledge of appropriate security architecture, technology best practices and business area requirements, limitations, and unique system implementations.•Ensures effective compliance processes and procedures are implemented for systems and applications.•Evaluates processes for failure points and implements controls to mitigate those potential failures.•Completes compliance-related data requests, investigates failures or breakdowns in processes and develops of plans for remediation or prevention of future incidents.•Identifies opportunities for strengthening compliance controls proactively.•Raises awareness of current and upcoming policies, regulations, and requirements, and develops solutions for compliance.•Typically acts as the subject matter expert in one compliance standard or one or more major aspects of a compliance standard.•Formulates and/or defines system scope and objectives, based on user needs and/or stakeholder requirements.•Researches, investigates, devises and/or modifies procedures to solve complex problems, including but not limited to, systems architecture requirements and limitations, compliance solutions and mitigations, and other technical and non-technical requirements as necessitated by business needs.•Responsible for working with multiple business units, in multi-platform environments, on multi-project assignments.•Leads, guides, mentors and advises less experienced Systems Analysts.•Monitored on projects' progress and results. Required Knowledge, Skills, Abilities & Experience•Requires a minimum of 5 to 7 years of in IT Technology or Auditing, or Compliance, or a related field. Requires at least 2-years of experience as an enterprise network discovery, inventory, and audit programs as an administrator responsible for developing, implementing, testing, and utilizing the application to drive business needs. (Note: A Master's degree will count as one year of experience. A partial year of six months or more will be rounded up to one year).•Expertise as a system analyst developing and/or enhancing departmental and/or regulatory compliance procedures, processes, documentation, and training. Experience in a regulatory compliance environment pro-actively managing assets and evidence for protection against potential audits.•Experience supporting IT Compliance interactions with IT enterprise teams and ensuring that regulatory requirements are appropriately understood, and environmental impacts identified; particularly as it relates to problems and solutions.•Identifies opportunities for strengthening compliance controls proactively. Implements changes and ensures compliance with all regulatory requirements to reduce or eliminate audit findings•Undertakes compliance-related projects requiring advanced knowledge of regulatory requirements.•Completes compliance-related data/evidence requests and develops plans for remediation. Linux and Windows scripting for data mining, spreadsheets, various data sources.•Experience analyzing and implementing tools responsible for maintaining and managing baselines and patch management processes and ensuring the accurate collection of documentation and evidence supporting a compliance environment.•Applies standards such as NERC, NIST, FISMA, TSA, CFATS, SOX, PCI and the Company’s Code and Standards of Conduct. Such compliance and/or regulatory standards are currently federally, or state required standards, or mandated by the company to promote lawful conduct. The IT compliance team is responsible for ensuring that IT systems are in legal compliance required by required federal and/or state regulations or standards•Solid critical thinking skills, investigative root-cause analysis experience and proven analytical abilities. Strong technical writing skills.•Technical writing experience with procedure and policy development and the translation into operational steps.•Has the ability to manage confidential information with a high degree of integrity.•Background in regulatory compliance preferred (utility, financial, healthcare, IT, legal, or other regulatory).What are the top “must have” skill sets (technical/functional) which are required?1. -Requires a minimum of 5 to 7 years of in IT Technology or Auditing, or Compliance, or a related field and at least 2-years of experience as an enterprise network discovery, inventory, and audit programs as an administrator responsible for developing, implementing, testing, and utilizing the application to drive business needs.2. Root-Cause Analysis and Investigation3. Systems and Process Analysis What are the top “nice to have” skill sets?-Previous NERC CIP regulatory compliance background or similar cyber-security regulatory experience-Capability to understand and interpret advanced technical and regulatory requirements-Linux commands, SQL, and Scripting experience/knowledge