Compliance Analyst SME

  • location: Charlotte, NC
  • type: Temp to Perm
  • salary: $52 - $62 per hour
easy apply

job description

Compliance Analyst SME

job summary:

The NERC CIP Program Management - Senior Cybersecurity Government & Risk Analyst is responsible for achieving team objectives for the enterprise North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Cybersecurity Compliance Program. This role works closely with multiple internal Business Areas to ensure effective, efficient and consistent adherence with the NERC CIP Standards and a strong compliance culture is achieved across the organization.

This role will involve work with developing and maintaining the Program Standards, Procedures, Processes and Tools and will also involve performing quality assurance (QA) and validation to ensure compliance is achieved.

location: Charlotte, North Carolina
job type: Contract
salary: $52 - 62 per hour
work hours: 9am to 5pm
education: Bachelors

- Perform quality assurance (QA) reviews and validation reviews of CIP-related implementations (processes, procedures, internal controls) and associated evidence to ensure compliance with the company's NERC CIP cybersecurity policy and with the NERC CIP Standards

- Develop interpretations of new CIP Standards using a variety of inputs such as regulatory guidance and industry benchmarking to produce unambiguous descriptions of compliance obligations for internal stakeholders to use as guidance for implementations

- Develop modifications to the NERC CIP cybersecurity policy that are triggered by: new and/or changing NERC Standards, newly published guidance from the regulators, and by internal requests for improvements

- Provide enterprise coordination, project oversight, reporting, and issue resolution for implementation of future versions of the NERC CIP Standards

- Prepare reports on the results of internal reviews of compliance evidence, including categorization of findings and recommendations to be addressed

- Support implementations of technologies to augment the company's NERC CIP Compliance Program to drive efficiency and sustainability in the pursuit of both compliance and operational goals

- Perform internal consulting with business area personnel to ensure that they understand, plan for, and implement compliance requirements

- Perform training, change management, and communication support for CIP implementations and ongoing compliance activities

- Influence new standard development through industry and regulator engagement

Working Requirements:

- Must pass a personnel risk assessment including seven (7) year background screening and annual cyber security training

- Demonstrated focus on safety

- Adhere to company policies and ensure necessary administrative procedures are followed

Basic/Required Qualifications:

- Bachelors' degree in a related field and five (5)+ years utility, cyber security, auditing, compliance, regulatory, NERC CIP or related experience OR nine (9) plus years of utility, cybersecurity, audit, compliance, regulatory, years experience in security operations center, firewall, network, military information security and/or system administration relevant work experience in IT, Cybersecurity and/or NERC CIP, without a degree

- Experience in Cybersecurity, preferably with risk identification and management, audit and compliance, policy development and maintenance, evaluation of control requirements, security and related industry regulatory issues

skills: Desired Qualifications:

- Bachelor or Master degree in Information Technology, Information Systems Security, or Electrical Engineering

- Four (4) or more years of experience working with the NERC CIP standards and requirements

- Experience with large programs and efforts, particularly with Agile method experience

- Understanding of basic principles of power system protection theory, practices, and application

- Certified Information Systems Security Professional (CISSP) certification

- Audit certifications such as: Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA), Certified

- Government Auditing Professional Certification (CGAP), NIST Cybersecurity Framework (CSF) Foundation, etc.

- Experience with implementing new enterprise processes and methods in environments with distinct departmental processes

- Experience working effectively in a matrixed organization

- Ability to communicate clearly, concisely and accurately with peers, customers, team members, and leadership verbally and in writing

- Ability to conduct challenging conversations in a tactful, professional manner

- Models behaviors that promote effective interactions between individuals in a work group and between work groups

- Ability to achieve consensus on decisions and communicate with impacted individuals or groups

- Ability to demonstrate a customer service-oriented attitude

- Ability to perform day-to-day tasks with minimal direction

- Ability to manage complex problems to resolution

Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.

easy apply

get jobs in your inbox.

sign up

related jobs

    Regulatory Compliance SME

  • location: Charlotte, NC
  • job type: Contract
  • salary: $60.04 - $71.02 per hour
  • date posted: 1/2/2020

    Data Analyst SME

  • location: Charlotte, NC
  • job type: Contract
  • salary: $48 - $58 per hour
  • date posted: 1/14/2020