Associate Information Security Analyst - Compliance (Hybrid)
About The Position
Under the close supervision of the Manager, develops the skills, knowledge and ability to support the information security compliance program and ensure compliance with industry and company standards and objectives. Supports and participates in assessments of security risks related to vendors, new technology and new products. Learns from and assists subject matter experts (SMEs) in evaluating and improving internal controls. Supports team with compliance assessments for NERC CIP standards and ISO information security requirements. Administers and maintains the GRC tool, including creation of tasks, alignment with controls, and evidence collection. Learns to administer the compliance issue reporting process and supports issues through the process life cycle.
Requirements
- A Bachelor's degree (BA, BS) in Computer Science, Information Technology, Management of Information Systems, or related technical field required.
- This is an entry-level position, no experience required.
- Coursework or experience in any of the following areas is desirable: IT related fields, NERC CIP compliance, reviewing and preparing compliance related requests, information systems and network security administration, communications protocols, methodologies and standards related to information security, access control systems, or encryption.
- Strong interpersonal, communication, and writing skills required.
- Strong analytical skills are required, including the ability to effectively communicate complex technical materials and concepts in a non-technical manner.
- Must be able to handle a dynamic and changing work environment, and work independently.
- Strong computer skills in Microsoft Office Suite.
- Self-motivated, problem solving skills and the ability to influence others without direct authority.
Nice To Haves
- CISSP, CCNA, and/or Unix Certification helpful.
- Working knowledge of application systems, network architecture, multiple platforms including Unix and Windows OS, and knowledge of up-to-date information security technologies including firewalls, real-time intrusion detection and related applications is a plus.
- Knowledge or experience in the energy sector, with FERC, NERC, or CIP standards, or security practices, such as NIST and ISO is helpful.
Responsibilities
- Responsible for tracking and supporting mitigation efforts for non-CIP issues and provides reporting to management.
- Logs issues reported to the Information Security Compliance team and participates in the preliminary review for completeness of data.
- Assists with assignment of issues to appropriate team members, tracks issues in database, supports the collection of information and evidence from the liaison, and assists corporate compliance with closing the issue.
- Learns to administer and maintain the Centric GRC tool for the info sec compliance team, including how to create and assign tasks, collect evidence, manage reports and KPI.
- Provides support and assists liaisons with evidence collection and corporate compliance with pulling needed historical compliance information.
- Tracks and participates in reviewing evidence for annual self-certification and NERC, WECC or AAS audits.
- Learns the policies, procedures and standards the team is responsible for and assists the corporate policy team with maintaining and routing required compliance documents for review.
- Provides information to SMEs and technical teams on info sec compliance processes and procedures and refers to manager or senior team members as appropriate.
- Assists manager with tracking and assigning non-PMO projects to liaisons for assessment.
- Participates and supports SMEs with collecting additional details for their review and assessment.
- Collaborates as needed with IT architecture to incorporate feedback into assessments.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Entry Level
