Job Description

Position Specific Description

This position will serve as a Senior Compliance & Risk Analyst. This position will assist in planning, developing and implementing a comprehensive security program. This position will support the compliance efforts to applicable federal and state laws, and regulations such as (but not limited to): North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Standards / Requirements, Maritime Transportation Security Act (MTSA), and Chemical Facility Anti-Terrorism Standards (CFATS).

Desired Qualifications:

* Bachelors degree in Engineering, Computer Science, Management of Information Systems, or any other related field of study and five (5+) or more years of experience in research, analysis, and intelligence.
* Excellent verbal, written, communication, and time management skills.
* Demonstrated skills leading and collaborating with others.
* Demonstrated critical thinking skills and out-of-the-box-thinking.
* Experience working in an environment that requires executing processes and procedures in place to ensure regulatory compliance
* Knowledge of common computer applications and operating systems programs including windows based software such as Power Point, Adobe Acrobat, Word, Excel, and SharePoint.
* Experience with NERC standards, auditing or risk management.
* Expereince with regulatory compliance standards / requirements (both cyber & physical).
* Experience with building / performing assessments of internal control frameworks.
* Knowledge of MTSA and CFATS regulatory requirements.
* Completion of the following certifications CISSP, CISA, CPP, PSP, or GAIC - GCIP.
* Works under very tight requirements and deadlines.
* High standard of integrity and reliability.

Core Duties and Responsibilities

* Assist in the performance of activities and collection of data to maintain corporate compliance with mandated cyber security regulations, particularly cyber / physical security regulations associated with NERC, MTSA, and CFATS.
* Review the implementation, documentation, testing, and monitoring of security solutions and associated security compliance regulations.
* Assist in the development, review, and update of appropriate policy, procedure, and standards to maintain corporate compliance with mandated cyber security regulations associated with NERC.
* Assist in the development of processes to identify, quantify, analyze, and report NERC CIP compliance status.
* Participate in internal auditing activities performed for NERC CIP compliance verification and develop a system of associated metrics for periodic reporting.
* Provide assistance to appropriate business units and stakeholders as it relates to NERC CIP, MTSA m and CFATS compliance activities and requirements for demonstrating compliance with mandated security regulations.
* Assist with training, including training material development and deployment to ensure that compliance becomes a sustainable business practice.
* Gather and prepare documentation to support audits, self-assessments, data requests, etc.
* Impart guidance and direction to personnel and ensure the accuracy, consistency and standardization of all work products.

Job Overview

This job supports teams facilitating internal solution development across business units, to align Cybersecurity risk, leading technology solutions, and user experience. This position is responsible for various aspects of achieving compliance of cybersecurity including developing, implementing and enforcing IT policies, standards, methodologies and awareness using a risk based approach. Employees in this role develop a deep understanding of NextEras technology footprint, technology strategy, threat landscape and risks, to establish a collective Cyberstrategy.

Job Duties & Responsibilities

* Builds processes and tools to provide the business visibility of cybersecurity risks and drive accountability
* Develops and maintains policies, standards, processes, and procedures to assess, monitor, report, escalate and remediate cyber risk while maintaining corporate compliance with mandated security regulations
* Assesses and reviews security and controls to ensure sustainable regulatory compliance
* Develops processes and monitoring to identify, quantify, analyze, and report risk and compliance status
* Coordinates cyber risk management efforts including identification, assessment, tracking and resolution of risk management activities across all levels of the organization
* Assists with training, including training material development and deployment to ensure that compliance and risk becomes a sustainable business practice
* Gathers and prepares documentation to support audits, self-assessments, data requests, etc.
* Performs other job-related duties as assigned

Required Qualifications

* High School Grad / GED
* Bachelors or Equivalent Experience
* Experience: 5+ years

Preferred Qualifications

* Bachelors Degree
* Certified Information Systems Aud (CISA) certification
* Project Management Professional (PMP)
* Six Sigma Green Belt Certified