Cyber GRC Analyst II

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Technology, or related field preferred
• 3-5+ years of related experience
• Security Certification required (CISA, CRISC, applicable SANS certification, or equivalent/higher certification) or obtainment within one year of assuming position
• Step progression levels based on skill proficiency and scope of job.
• Strong business acumen pertaining to the Utility industry
• Strong knowledge of leading GRC practices
• Strong planning and project management skills
• General understanding for IT profit and loss targets and operating budget.
• Willingness and ability to learn new technologies on the job
• Proficient at functioning effectively within a team environment, present ideas and opinions in a respective and collegial manner
• Progression to this level is strictly restricted based on critical individual capabilities and business requirements; must be supported by market survey data.
• BEHAVIORAL
• Balances stakeholders
• Builds effective teams
• Business insight
• Communicates effectively
• Courage
• Demonstrates self-awareness
• Drives Results
• Drives vision and purpose
• Ensures Accountability
• Instills trust
• Nimble learning
• Plans and Aligns
• Safety
• Strategic mindset
• TECHNICAL
• Analytical skills
• Compliance
• Computer Skills
• Business Partnering
• Application Development
• Architecture
• Business Requirements Analysis
• Database Administration
• Hardware Management
• IT Data Management
• IT Implementation and integration
• IT Support
• IT Testing
• Network/IT Security

Responsibilities

• Champions a corporate culture that emphasizes transparency, integrity, safety, environmental responsibility, employee development, diversity and inclusion, customer service, and operational excellence.
• Provides technical execution of defined activities to support the delivery of project initiatives required to achieve efficiency, effectiveness, and innovation objectives.
• Achieves results by autonomously owning and executing ITGC activities as defined by manager.
• Supports agile projects through application of defined ITGC approaches.
• Utilizes ITGC standards, procedures, and processes, providing recommendations for process improvements, as necessary.
• Supports the escalation of any risk to delivery for ITGC, to help ensure business objectives are executed and met across responsible project areas.
• Escalate issues to management, as necessary.
• Assess IT compliance with Cleco’s policies and standards and take action to remediate non-compliance.
• Ensure that Cleco’s practices satisfy the requirements of the Sarbanes-Oxley Act.
• Ensure that Cleco is properly evaluating security risks through a risk assessment framework that assesses the potential impact of threats to the business and Cleco’s vulnerability to these threats and recommended controls to reduce risks to levels that align with the organization's risk tolerances and appetite.
• Work collaboratively with all Cleco departments to ensure that local practices are consistent with corporate information security policies and standards.
• Identify compliance objectives and mapped program deliverables to the requirements.
• Participate in Cleco’s business continuity planning and disaster recovery planning programs as well as periodic exercises and tests.
• Collect information for generating and communicating responses to customer due diligence requests and questionnaires.
• Assist in Cleco’s vendor management / third party service provider oversight program and conduct initial vendor due diligence as well as ongoing vendor reviews.
• Conduct and document an annual enterprise risk assessment as well as ad hoc project risk assessments
• Assist entry-level staff within assigned project teams, leveraging technical experience to help to onboard them and in support of meeting project milestones.
• Provide communication to management to provide status updates on project activities, and identify risks in delivery or resourcing needs