Responsible for leading the Release & Control departments activity in support of operational compliance with North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) regulations and SSAE16 SOC 1 (Statement on Standards for Attestation Engagements No. 16, Service Organization Controls 1). This includes the continual development, implementation, coordination, maintenance, and reporting on related compliance activities for the organizations change and configuration management function.
Essential Job Duties
Operational compliance management enhance the teams operational framework, procedures, metrics, internal controls review and testing, and self-audit strategy to ensure all changes are processed in alignment with controls established for the regulatory standards; perform and/or coordinate the Change & Configuration compliance processes in alignment with regular defined cadence; serve as a liaison to in-line management, IT Compliance and other IT business areas, Corporate Compliance, and Security; recognizes, identifies and escalates compliance or process related risks to enable appropriate action to be taken;
Data and evidence management enhance the teams reporting and analysis capabilities to provide proactive analysis and evidence management in support of the controls established for CIPv5 and SOC1 standards; determine data needs, coordinate and provide data and/or evidence in response to requests for information from auditors; leverages data for ongoing monitoring of adherence to all applicable regulatory requirements, policies, procedures
Patch management facilitate the Patching Review Board for IT and Security in alignment with the charter
Working knowledge of NERC CIPv5 regulations and experience in supporting a NERC audit
Working knowledge of SSAE16 SOC1 standards
Working knowledge of Continuous Quality Improvement processes, tools and techniques (i.e. flow charts, root cause analysis, team management and project management)
Strong functional knowledge of process improvement and compliance assurance methodologies
Strong communication skills (oral, written, and discernment)
Capable of reviewing regulatory requirements, data, and evidence, and creating reports, with strong attention to detail
Capable of leading without authority and self-motivated
Proficient with the use of personal computers including spreadsheet, database, word processing, and presentation applications
Working knowledge of Atlassian JIRA (preferred)
Bachelors degree in Business, Computer Science, Information Systems or related field or six years applicable experience is required.
5 years of IT experience with responsibilities in IT audit or compliance
Preference may be given to candidates with the following:
Experience creating / following NERC-CIP compliance procedures and processes
Enter your details to join Resume-Library and apply for this role
This email already exists
Enter your password to login and apply
Forgotten your password?