The IT Cyber Security Compliance Analyst will serve as liaison to the IT Compliance department to perform analysis and documentation on compliance requirements of NERC (North American Electric Reliability Corporation), FERC (Federal Energy Regulatory Commission ), NAESB (North American Energy Standards Board), SSAE16, and Midwest ISO business processes for the Cyber Security department.

He/She will assist and guide Cyber Security control owners with compliance efforts focusing on NERC CIP standards and established IT controls. 

Job Description:

• Analyze IT policies, procedures, practices and organizational structures to provide reasonable assurance of compliance with NERC, FERC & NAESB regulatory requirements and SSAE16controls

• Develop and maintain schedules, reports, and materials for compliance-related activities pertaining to Cyber Security and other control-related matters

• Use generally accepted IT security and control practices to benchmark the existing and planned IT environment

• Coordinate with and act as liaison to the IT Compliance organization to ensure consistent compliance with applicable requirements

• Assist Cyber Security control owners with identifying remedies to findings

• Create tracking tools and reports for compliance measures

• Prepare reports and briefs for management and external audiences explaining standards issues and compliance status

• Support and serve on internal committees, task forces, and compliance working groups

• Examine existing routine data within area of responsibility in which results are predictable

• Evaluate low risk problems to identify solutions or alternative outcomes

• Use basic analytical techniques like critical thinking to objectively analyze a situation, evaluate the pros, cons, and implications of a course of action

• Apply analysis of issues or situations to accomplish their daily work or to recommend courses of action in order for others to make decisions on matters that affect the team

• Compliance with all processes, procedures, and standards applicable to the position including (but not limited to): SSAE16 (Statement on Standards for Attestation Engagements No. 16), CIP (Critical Infrastructure Protection), Change Management, Tariff (Open Access Transmission, Energy and Operating Reserve Markets Tariff), FERC (Federal Energy Regulatory Commission), NERC (North American Electric Reliability Corporation), U.S. Department of Homeland Security, and NAESB (North American Energy Standards Board). 

• One year in internal and/or external IT audit
• Three years Cyber Security
• FERC, NERC and Sarbanes Oxley regulatory requirements and SAS 70 audits preferred
• Project Management preferred
• Energy industry preferred
• Knowledge of principles, practices, and administration of technical issues
• Knowledge of information systems, database, networking and logical security best practices
• Knowledge of industry computing platforms and architectures
• Compliance, risk management and security experience
• Knowledge of NERC CIP standards
• Proficiency in Microsoft Office Suite
• Commitment to customer service excellence and teamwork
• Excellent communication and listening skills
• Utilizing company policies appropriately
• Experience in process and procedure development, measurement and enhancement
• Analytical thinking
• Ability to apply and adapt practices and techniques to a variety of situations and projects
• Ability to present facts and recommendations effectively in oral and written form
• Ability to establish and maintain effective relationships with employees and the general public
• Ability to integrate both routine and new data from multiple sources
• Ability to perform detailed quantitative analysis.