Title: IT Compliance & Risk Advisor
Company: Tampa Electric Company
State and City: Florida (US-FL) - Ybor City
Shift: 8 Hr. X 5 Days
POSITION CONCEPT
Facilitates integration and implementation of relevant new compliance obligations and changes; monitors changes and partipicates from industry perpective. Leads and/or monitors compliance programs for specific rulesets as needed, such as regulatory NERC Critical Infrastructure Protection (CIP) cybersecurity reliability standards. Participates in development of roadmaps and workplans. Facilitates with stakeholders, especially technical SMEs – requiring a deep understanding of both the requirements and willingness to review/understand the current environment. Ensures audit readiness, compliance issue investigation, reporting, and correction, compliance information management, integration with business, and controls/monitoring, for multiple stakeholder sets. Advises to IT projects to ensure appropriate compliance posture.
Potential For Remote Work
DUTIES AND RESPONSIBILITIES
IT Compliance and Risk Advisor
- Governance: Lead or participate in the implementation and administration of relevant compliance programs. Lead incorporation of new regulatory requirements and other compliance obligations into the TECO (TSI, TEC, PGS, NMG) compliance management systems.
- Risk Management: Monitor external compliance obligations; research, analyze and communicate potential impact to TECO affiliates. Work directly with business units, corporate areas and management in the development of industry comments and voting recommendations for relevant compliance obligations as needed (e.g., NERC CIP standards) and participate in development of standards by attending virtual committee meetings to inform the design and implementation of new requlatory requirements. Provide input to IT Compliance and Risk Roadmap and associated workplan to ensure the TECO affiliates are in compliance with IT requlatory, contractual, Emera existing and new standards.
- Policies and Procedures: Ensure integration of IT compliance obligations into IT, corporate and business policies, standards, procedures, and processes, including flow diagrams. Rapidly research, develop and maintain deep understanding of compliance obligations as well as our current IT&T, corporate, and business environments and serve as consultant/liaison with affected IT&T, corporate areas and business units to advise on potential impact and facilitate the evaluation, design and implementation of effective methodologies, procedures and controls to comply with new and existing regulatory requirements and other compliance obligations. Collaborate with project manager(s) to identify relevant project tasks and associated pre-requisites/dependencies, timing, and associated automation to ensure departmental procedures are developed, implemented, and integrated.
- Training and Communications: Provides training, guidance, industry insight and business liaision for staff/contractors to ensure quality results. Coordinates with Information Security to communicate results across areas of the business. Recommend external education and future training.
- Controls & Monitoring: Identify and design methods of monitoring and sampling, including use of security tools. Able to meet project timeframes and communicate with all stakeholders to avoid problems.
- Reporting & Performance Management: Advise on and/or execute compliance concern investigations, performance analysis (e.g., metrics), and report on status of applicable compliance programs.
- Information Management: Investigates corporate readiness and designs plans for improving the cybersecurity baselines; work with cross-functional SMEs to design and implement methods to collect and/or automate compliance-related data.
(in addition to those of Compliance Analyst II listed below as needed)
- Responsible for one or more IT compliance programs (e.g., NERC CIP, PCI DSS, SOX, DFARS, Emera Cyber Security, DHS TSA Pipeline Security). This includes facilitation of and tracking of deliverables for root cause analysis, violation reporting, technical feasibility exceptions, mitigation plan development, evidence reviews, external audit preparations, and NERC Alerts responses. Support the development of flow diagrams or other illustrations showing key steps associated with a given process or sub-process affected by applicable regulations and/or contract terms. As needed, coordinates and facilitates technical feasibility exception audits, mitigation plan completion audits, and other audit spot checks with external auditors.
- Policies & Procedures: Liaise with IT&T areas such as IT Security, IT Project Management Office, IT Infrastructure, Telecom, Access Adaministration, and affected corporate areas and business units to facilitate the evaluation, design and implementation of effective methodologies, procedures and controls to comply with new and existing regulatory requirements.
- Controls & Monitoring: Provide independent assessment and assurance of the effectiveness and efficiency of the IT control environment. Administers and monitors the execution of TEC compliance program by sampling compliance deliverables for acceptable content and assessing risk. Utilize security tools to further sample content. Participate in the implementation of technology-based tools (e.g. GRC) to support IT compliance and risk initiatives.
- Responsible for one or more other areas within department as assigned:
- Policies & Procedures: Act as ruleset liaison for assigned areas of compliance.
Education/Training
Required:
Four (4) year degree in computer science, information systems, or other related information technology field from a regionally accredited college.
Preferred: Master’s degree business administration, computer science, information systems, or other related information technology field from a regionally accredited college.
Licensing/Certification
Required:
Expected to obtain Information Technology Infrastructure Library (ITIL) Certification within 6 months of employment in this position.
Audit (Certified Information Systems Auditor [CISA]
OR
Security-related (e.g., Certified Information Systems Security Professional [CISSP], Certified Information Security Manager [CISM]) certification.
Preferred: Current ITIL Certification.
Experience
Required:
Minimum of 7 years experience in an information technology, audit, or utility business environment is required, with at least three years in an IT security, audit or other controls-based role.
Extensive NERC CIP experience is required. A solid technical and cyber security background, critical thinking, and broad and deep skillset needed.
Preferred:
5+ years IT security, audit or controls experience.
3+ years NERC CIP compliance program experience.
Knowledge/Skills/Abilities
Required:
Maintains an expert level knowledge of IT governance frameworks and compliance
standards including NERC CIP, SOX, PCI DSS, DFARS, COBIT, NIST Cyber Security Framework, DHS TSA Pipelines Security Guidelines.
Broad technical knowledge (e.g., infrastructure, security, change management, SDLC); capability to zero in on essential information.
Broad utility industry business understanding.
Must be able to complete highly complex duties involving a wide variety of situations requiring considerable analytical skills, judgment and interpersonal organizational relationships.
Ability to reconcile conflicting information and lead groups to consensus.
Ability to advise IT projects as they related to compliance.
Project management capabilities.
Ability to train large groups on IT regulatory requirements.
High tolerance for stress and managing competing priorities.
Preferred: Negotiation skills.
COMPETENCIES:
Builds Strong Collaborative Relationships
Cultivates Innovation and Embraces Change
Drives Operational Excellence for Customers
Takes Ownership and Acts with Integrity
Thinks Strategically and Exercises Sound Judgment
TECO offers a competitive Benefits package!!
Competitive Salary *401k Savings plan w/ company matching * Pension plan * Paid time off* Paid Holiday time * Medical, Prescription Drug, & Dental Coverage *Tuition Assistance Program * Employee Assistance Program * Wellness Programs * On-site Fitness Centers * Bonus Plan and more!
STORM DUTY REQUIREMENTS....Please make sure to read below!!! Responding to storms will be considered a condition of employment.
TECO Energy and its companies serve a role in providing critical services to our community during an emergency. Team members are required to participate in the response/recovery activities related to emergencies/disasters to maintain service to our TECO Energy customers. Team members are required to work in their normal job duties or other assigned activities. Proper compensation will be made in accordance with the company's rules and procedures.
TECO Energy is proud to be an Equal Opportunity Employer.
TECO Energy is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability status, veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by law, except where physical or mental abilities are a bona fide occupational requirement and the individual is unable to perform the essential functions of the position with reasonable accommodations.
In order to provide equal employment and advancement opportunities for all individuals, employment decisions at TECO Energy will be based on skills, knowledge, qualifications and abilities.
Pay Transparency Non-Discrimination Statement
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)
ADA policy
It is the policy of TECO Energy to provide reasonable accommodation for all qualified disabled individuals who are employees and applicants for employment, unless it would cause undue hardship. The corporation will adhere to applicable federal and state laws, regulations and guidelines, including, but not limited to the Americans with Disabilities Act (ADA) of 1990 and section 503 and 504 of the Rehabilitation Act of 1970s.
Application accommodations
Applicants may request reasonable accommodation in the application process five business days prior to the time accommodation is needed.
Pre-employment physical exams may be required for positions with bona fide job-related physical requirements regardless of disability.
