Telecom Compliance Analyst - CIP Field Assets

Embark on a thrilling career journey with one of the Top US energy providers as a Telecom Compliance Analyst, supporting regulatory quality assurance on CIP Assets. Join our innovative team and be the guardian of resilience, ensuring the security of the Organizations critical infrastructure in an ever-evolving technological landscape.

 

Responsibilities

·        Conduct fieldwork tasks and responsibilities at High/Medium/Low-Impact energy substation and control centers for periodic assessments and ongoing compliance at locations to include but not limited to NC, SC, Florida, Kentucky, Indiana, Ohio

·         Inventory routers, switches, firewalls and other telecom devices which require some knowledge of networking

·         Responsible for creating and maintaining documents and diagrams for BES cyber asset classification and inventory reviews

·         Perform site-level vulnerability assessments and contribute to the enterprise program

·         Serve as an interface between internal team members,  Compliance Managers, Security Compliance (SECO), Business Areas, support groups, contractors, and vendors to facilitate appropriate communication and problem resolution

·         Participates in periodic audit reviews facilitated by either external auditing organizations or regional electric reliability entities

·         Identifies, resolves, and appropriately escalates complex project or walkdown issues and demonstrates effective communication skills when presenting regulatory evidence

·         Proactively engages in training and development programs to improve and maintain job performance and promote professional growth and development

·         Motivates program and project participants to work as a cohesive team within their work unit, department, and company to meet the needs and expectations of corporate compliance program and processes

·         Responds well to supervisors, easily coachable and exhibits confidence and a proper level of assertiveness when needed

 

Required/Basic Qualifications

·         Bachelor's degree in cybersecurity or other related degree

·         In addition to bachelor's degree, five (5) years minimum of related work experience

·         In lieu of bachelor's degree AND five (5) years minimum of related work experience listed above, high school diploma/GED AND nine (9) years minimum of related work experience

Desired Qualifications

·         Must possess or develop a strong understanding of NERC CIP reliability standards and the  IT503 Cybersecurity program to ensure CIP compliance processes are followed, activities are properly performed and documented, and evidence is prepared appropriately to validate proper compliance. The individual is expected to be knowledgeable in the use of compliance concepts and procedures, demonstrate critical thinking skills to identify potential issues, develop solutions, and take actions to resolve issues.

·         Demonstrates working knowledge of NERC CIP compliance controls, regulatory matters, and business applications

·         Knowledgeable and proficient use of tools and procedures for the NERC CIP Program

·         Experience with audit skills, controls, security, and related industry regulatory issues

·         Two or more years in information technology showing a demonstrated competency in delivering efficient and effective solutions supporting diverse and complex data networking systems

·         Excellent interpersonal skills with the ability and willingness to share information and transfer knowledge to others

·         Strong team player with the ability to effectively manage multiple tasks and assignments

·         5+ years utility, cyber security, auditing, compliance, regulatory or related experience.

·         Experience with at least three (3) years of NERC CIP Compliance

·         IT or Cybersecurity certifications, such as those issued by GIAC, ISACA, or (ISC)2

·         Knowledge of cybersecurity frameworks such as NIST or ISO

·         Experience working in a regulated environment such as NERC CIP, SOX or HIPPA

·         General knowledge of the core business, including SCADA and Energy Management Systems (EMS)

·         Able to work effectively with broadly defined direction requiring a great degree of judgement, recognizes appropriate times to raise issues and provide status updates, and demonstrates ability to work independently with little direct supervision

·         Knowledge of risk management processes (e.g., methods for assessing and mitigating risk) laws, regulations, policies, and ethics as they relate to cybersecurity and privacy

·         Demonstrates good listening skills and puts forth the effort to understand other points of view

 

Working Conditions

·         Onsite Mobility Classification – Work performed primarily at field locations and in the office

·         Ability to work extended and/or non-business hours as required to meet regulatory compliance demands

·         Work in the field is very physical in nature and may require that the individual is standing for long periods of time; requires bending and reaching to access devices

·         Must pass a personnel risk assessment including 7-year background screening and annual cyber security training

·         Travel 75-85%