Job Description

Position Summary


Do you have Sarbanes-Oxley internal controls experience and an interest in applying those skills to IT and cybersecurity initiatives? Do you have utility or NERC experience applying IT controls or a desire to grow in that area? If you answered yes to one or both questions, please consider applying to this fully-remote position.

The compliance analyst is a detail-oriented individual who analyzes technical and business controls, contributes to the IT Cybersecurity Team and supports the strategy for cybersecurity compliance in the PPL organization.

This position is open for associate, intermediate, and senior levels, depending on experience; multiple positions available.

Primary Responsibilities

Analyze and solve complex problems, and make recommendations for how to advance PPLs cybersecurity profile with a team of motivated individuals.
Perform assessments and help the organization institute and monitor compliance with cybersecurity framework and regulatory requirements.
Balance security best practices and business drivers against framework requirements, business risk, and impact to make recommendations that minimize PPLs risk profile.

Candidate Qualifications

Candidates must meet the basic qualifications and pass all required tests or assessments to receive consideration.In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility form upon hire.

Basic Qualifications

Bachelor's degree OR 4 years of related work experience (Associate).
Bachelor's degree and 2 years of related work experience OR 6 years of related work experience (Intermediate).
Bachelor's degree and 5 years of related work experience OR 8 years of related work experience (Senior).
Experience with FERC, NERC, or SOX regulatory requirements, such as standards development or compliance
Experience with applying compliance frameworks, to successfully comply with security policies, standards, and guidelines
Understanding of requirements gathering, discovery, service mapping, problem management, asset management, project management, and service catalogs as they relate to regulatory compliance
Proven experience establishing, managing, and validating requirements with external parties
Experience creating and implementing internal processes to drive compliance, efficiency, and education
Additional Requirements

The company reserves the right to determine if this position will be assigned to work on-site, remotely, or a combination of both. Assigned work location may change. In the case of remote work, physical presence in the office/on-site may be required to engage in face-to-face interaction and coordination of work among direct reports and co-workers.

This position is a safety-sensitive role. Upon acceptance of a conditional offer, all individuals in safety-sensitive roles are obligated report the use of any medication that may impair their ability to perform the job in a safe manner.

Preferred Qualifications

Experience with creating policy and standards to secure CIP assets, configurations, manage and maintain server, network, and application infrastructure
Experience in developing and implementing IT Cybersecurity governance practices and processes
Experience with an industry recognized GRC Platform, such as RSA Archer or MetricStream
Experience representing or presenting externally at industry events and demonstrating a track record of internal influence for ongoing transformation in cybersecurity architectures and practices within the broader cybersecurity community
Master's degree in related technical discipline or MBA degree
Experience developing and managing third party and supply chain risk programs
Experience developing and managing insider threat programs
Experience integrating information security and IT risk management, and coordinating with internal and external audit workflows
Relevant technical and security certifications such as but not limited to CISM, CISA, CISSP, OSCP, CCSP
Equal Employment Opportunity

Our company is an equal opportunity, affirmative action employer dedicated to diversity and the strength it brings to the workplace. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, national origin, protected veteran status, sexual orientation, gender identify, genetic information, disability status, or any other protected characteristic.

Job Expires

11-Jan-2022