Compliance Risk Analyst, Cyber Security

Description Position Overview:
The Cyber Security Analyst will function as a compliance risk expert in the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) area and will provide support in determining cyber security risk for CIP compliance issues and mitigation of these issues.  This position is also responsible for identifying improvements to risk analysis processes and other duties as assigned by the management team.Major Duties:

  • Measure cyber security and physical security risk, risk tolerance and overall program effectiveness in advancing reliability of the electrical grid.
  • Assess cyber security and physical security risk and controls of member organizations in preparation for scoping of compliance monitoring activities.
  • Assess risk of possible non-compliance and recommend enforcement actions appropriate to the assessed risk posed by the violation.
  • Identify and analyze CIP risks that have potential impact to the Bulk Electric System in conjunction with compliance assessments.
  • Review and analyze potential instances of non-compliance with CIP Standards.
  • Assess the adequacy of a member organization’s mitigation plan.
  • Review and verify completion of mitigation plans to confirm a return to compliance.
  • Following established guidelines, develop a compliance oversight plan for member organizations.
  • Following established guidelines, perform an inherent risk assessment of the member organization.
  • Participate in other assigned activities to benefit the WECC organization.
Requirements Minimum Qualifications:

  • Bachelor of Science Degree in Engineering, Computer Science, Information Systems, IT Security, Computer or Systems Engineering or equivalent combination of education and related industry experience resulting in demonstrated ability to perform major duties.
  • Background in regulatory or compliance activities in a related field.
  • Basic understanding of computer systems, servers, switches, firewalls, routers, etc.
  • General knowledge of Microsoft and/or UNIX systems.
  • Basic knowledge of communications technologies, including internet, private networks, virtual networks and others.
  • Ability to work with and analyze data-intensive and detailed information and to draw meaningful conclusions from that information.
  • Excellent organizational skills with an ability to work on multiple projects simultaneously.
  • Excellent written and verbal communication skills with strong technical writing skills.
  • Demonstrated experience in collaborating with teams and groups of technical specialists.
  • Ability to work independently on multiple tasks while maintaining deadlines.
  • Ability to manage projects with attention to detail for timely and accurate completion.

Preferred Qualifications:

  • 3 – 5 years’ experience in information technology disciplines such as cyber security, IT audit, IT risk management, or networking, OR 3 – 5 years’ experience in electric utility industry disciplines such as electric system operations, planning, modeling, or protection and control.
  • Graduate level degree, such as a master of computer science, master of Information Systems.
  • Experience with NERC/ NIST/ GLBA/ FFIEC/ SOX/ PCI compliance.
  • Experience in EMS/SCADA planning, modeling, cyber security, physical security, IT audit, or IT risk management.
  • Background in regulatory or compliance activities in information technology or electric utility disciplines.
  • Knowledge of communications technologies, including internet, private networks, and others used in the information technology or electric utility industries.
  • Knowledge and understanding of NERC CIP Reliability Standards.
  • General knowledge in the operations and planning of the Bulk Electric System and supporting technologies.
  • CRISC, CISA, CISSP, CISM, CRISC, CPP, PSP or related professional information systems certifications.

Salary and Benefits:
The salary will be competitive and commensurate with relevant experience as well as the responsibilities of the position. The position is eligible for an excellent benefits package, including medical, dental, vision, life insurance, short-term and long-term disability, 401(k) plan, and paid personal time.

For consideration, qualified candidates should submit a resume and cover letter including salary history on the WECC Careers page.

WECC is an Equal Opportunity Employer and as such does not discriminate against employees or applicants on any basis prohibited by law.  For additional information or questions regarding WECC’s policies, please contact WECC’s Human Resources Director.

Source:https://rew31.ultipro.com/WES1020/JobBoard/JobDetails.aspx?__ID=*873CA95A11329B91