Dice is the leading career destination for tech experts at every stage of their careers. Our client, Brooksource, is seeking the following. Apply via Dice today!
Location: Tampa, FL
Hybrid: (4 days/week in office)
Standard work hours: (8AM 5PM, Monday-Friday)
6-12 Month Contract to hire
Pay: $26-$30/hr.
Brooksource is searching for an IT Risk & Compliance Analyst to join our enterprise Electric/Utility client in Tampa, FL. In this role, you will carry out procedures to ensure all information systems products and services meet IT&T (Information Technology & Telecommunications) organization standards and compliance obligations, including regulatory requirements, contractual requirements, and Emera requirements. You will be primarily responsible for the maintenance, training, assurance, monitoring and reporting of all IT standards and procedures, as well as IT&T related regulatory requirements for the TSI IT&T Department and individual business units as applicable.
RESPONSIBILITIES:
- Responsible for one or more IT compliance programs (e.g., NERC CIP, PCI DSS, SOX, DFARS, Emera Cyber Security, DHS TSA Pipeline Security). This includes facilitation of and tracking of deliverables for root cause analysis, violation reporting, technical feasibility exceptions, mitigation plan development, evidence reviews, external audit preparations, and NERC Alerts responses. Support the development of flow diagrams or other illustrations showing key steps associated with a given process or sub-process affected by applicable regulations and/or contract terms. As needed, coordinates and facilitates technical feasibility exception audits, mitigation plan completion audits, and other audit spot checks with external auditors. [30%]
- Policies & Procedures: Liaise with IT&T areas such as IT Security, IT Project Management Office, IT Infrastructure, Telecom, Access Adaministration, and affected corporate areas and business units to facilitate the evaluation, design and implementation of effective methodologies, procedures and controls to comply with new and existing regulatory requirements. [25%]
- Controls & Monitoring: Provide independent assessment and assurance of the effectiveness and efficiency of the IT control environment. Administers and monitors the execution of TEC compliance program by sampling compliance deliverables for acceptable content and assessing risk. Utilize security tools to further sample content. Participate in the implementation of technology-based tools (e.g. GRC) to support IT compliance and risk initiatives. [20%]
- Miscellaneous: Responsible for one or more other areas within department as assigned [25%]:
- As needed, provides updates to Business Strategy related to cybersecurity and impact of new legislation/regulatory requirements on TEC business operations.
- Risk Management: Work with technology teams and business stakeholders in the design, implementation, and optimization of IT risk assessment practices.
- Policies & Procedures:
- Act as ruleset liaison for assigned areas of compliance.
- Act as ruleset Subject Matter Expert (SME) for
- Information Protection Program and assigned CIP compliance related to BES Cyber System Information.
- NERC CIP Awareness Program.
- NERC CIP Training Program.
- NERC CIP Security Management Controls.
- Training & Communication:
- Ensure mandatory training is conducted, tracked, and recorded.
- Develop and facilitate compliance training for subject matter experts.
- Develops and/or provides input into IT Security awareness program.
- Performance Management: Develops and coordinates the assessment of cybersecurity awareness via phishing campaigns utilizing tool.
Eight Eleven Group provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, national origin, age, sex, citizenship, disability, genetic information, gender, sexual orientation, gender identity, marital status, amnesty or status as a covered veteran in accordance with applicable federal, state, and local laws.
