No C2C or Sponsorship
Senior IT Compliance & Risk Analyst
Our industry leading client is seeking a dialed in Senior IT Compliance & Risk Analyst. If you want to work for a company that truly makes a difference in the Energy world, have incredible soft skills, and enjoy working in a fast-growing type of organization - then we want to hear from you. We value diversity in the workplace and encourage women, minorities, and veterans to apply. Thank you!
Type: F/T Permanent
Location: Palm Beach Florida - Hybrid
Job Overview:
This job supports teams facilitating internal solution development across business units, to align Cybersecurity risk, leading technology solutions, and user experience. This position is responsible for various aspects of achieving compliance of cybersecurity including developing, implementing and enforcing IT policies, standards, methodologies and awareness using a risk based approach. Employees in this role develop a deep understanding of our technology footprint, technology strategy, threat landscape and risks, to establish a collective cyber-strategy.
Qualifications & Responsibilities:
- Builds processes and tools to provide the business visibility of cybersecurity risks and drive accountability 4+ years
- Develops and maintains policies, standards, processes, and procedures to assess, monitor, report, escalate and remediate cyber risk while maintaining corporate compliance with mandated security regulations
- Assesses and reviews security and controls to ensure sustainable regulatory compliance
- Develops processes and monitoring to identify, quantify, analyze, and report risk and compliance status
- Coordinates cyber risk management efforts including identification, assessment, tracking and resolution of risk management activities across all levels of the organization
- Assists with training, including training material development and deployment to ensure that compliance and risk becomes a sustainable business practice
- Gathers and prepares documentation to support audits, self-assessments, data requests, etc.
- Performs other job-related duties as assigned
The ideal candidate will have:
- Strong understanding of NERC Critical Infrastructure Protection (CIP) regulations
- Familiarity with risk management and internal controls
- Familiarity with vulnerability management best practices
Duties:
- Develops internal controls to ensure sustainable compliance cyber security regulations
- Develops and maintains processes and procedures to assess, monitor and report compliance with mandatory security regulations
- Builds processes and tools to provide the business visibility of cyber security compliance activities and drive accountability
- Participates in cyber security assessment efforts including identification, assessment, tracking and resolution of findings
- Assists with training, including training material development and deployment to ensure that compliance becomes a sustainable business practice
- Prepares documentation in support of audits and maintains compliance with relevant regulations and company polices and standards
- Gathers and prepares documentation to support regulatory audits, self-assessments, data requests, etc.
- Participate, when assigned, in compliance-based investigations and/or audits in which evidence is requested to be gathered
- Performs other job-related duties as assigned
Preferred Qualifications:
- Bachelor’s Degree
- NIST CSF experience/knowledge is helpful
- Certified Information Systems Aud (CISA) certification
- Project Management Professional (PMP)
- Six Sigma Green Belt Certified
