DIRECTOR or SENIOR DIRECTOR OF COMPLIANCE

About The Position

Requirements

• Bachelor’s degree in accounting, business, engineering, management or related field required.
• a minimum of ten (10) years progressively responsible experience in records and data governance/management, risk management, compliance, accounting, or finance with at least five (5) years in regulatory compliance, specific subject matter experience required.
• Supervisory experience is required.
• Knowledge of regulatory framework governing records and data governance.
• Knowledge of records management workflow and content management.
• Knowledge of data privacy regulations (e.g., HIPAA).
• Must have knowledge of NERC Reliability Standards and be familiar with the NERC Rules of Procedure associated with Reliability Standards development, compliance, and enforcement.
• Must remain current with all NERC, FERC, and FRCC compliance requirements.
• Must acquire and maintain knowledge with the technical terminology used in reliability standards.
• Knowledge of Governance, Risk, and Compliance (GRC) solutions and common control frameworks for data regulations.
• Technical knowledge is required (but not developer level skills).
• Adaptable, Collaborative, Conscientious, Critical-Thinking, Outcome-Driven, and Professional
• Knowledge of internal controls
• Project management software
• Records retention requirements/regulations
• Policies and procedures
• Contracts
• Corporate training to include Legal, ethical and compliance programs and training
• Budgeting
• Filing and retention guidelines
• NERC/FERC, CEII, CUI, PII, PHI, and other protected information
• Applicable federal, state and local laws and regulations.
• Data privacy and HIPAA compliance
• NERC CIP Reliability Standards
• Auditing procedures and risk management
• Change management, incident reporting and response planning
• Business continuity processes and disaster recovery
• Basic enterprise cyber security principles
• Proficiency with Microsoft Office applications
• Effective verbal/nonverbal, listening, and written communications
• Effective supervision, performance management and talent development
• Ability to multitask and reprioritize in a dynamic environment
• Presentation
• Deadline oriented
• Attention to detail
• Planning and organizing
• Innovative
• Creativity
• Focus on quality
• Self-motivated
• Analysis
• Leadership
• Conflict Management
• Must be able to follow established protective measures including wearing required personal protective equipment (PPE).
• Must possess a valid driver’s license and acceptable Motor Vehicle Report.
• Must be able to lift twenty-five (25) pounds if needed.

Nice To Haves

• MBA, law, or advanced degree desired
• Electric utility experience is desirable.

Responsibilities

• Coordinates daily activities related to information governance, corporate training and reliability standards compliance, including supervision of information governance and compliance teams.
• Provides a safe and productive work environment for team members congruent with Seminole’s desired culture and in full support of Seminole’s purpose, core values, core competencies and organizational goals.
• Monitors industry best practices and identifies changes that affect information governance, corporate training and regulatory compliance.
• Prepares and presents department capital and operating budget.
• Performs other duties as applicable to the position or as assigned.
• Communicates with the NERC Compliance internal team, subject matter experts and outside consultants regarding NERC Reliability Standards.
• Coordinates and submits mandatory filings for federal, state, and local regulatory agencies.
• Coordinates established balloting process for new and revised NERC Reliability Standards.
• Coordinates regulatory audit preparation activities to include preparation, critique, and validation of relevant reliability standard audit worksheets (RSAW's) and periodic updates.
• Coordinates the storage of required NERC compliance documentation and evidence to ensure the material is available and follows BES Cyber System Information requirements.
• Develops and maintains Seminole’s Vulnerability Risk Assessments (VRA) and Emergency Recovery Plan (ERP) as required by the Rural Utilities Service (RUS).
• Develops effective action plans and coordinates multiple activities in a timely and efficient manner.
• Develops internal processes and controls to achieve and sustain compliance with applicable NERC Reliability Standards (CIP-004 and CIP-011).
• Maintains knowledge of current and future regulatory requirements and assesses their impact on Seminole.
• Interprets new and existing regulations in consultation with legal and other subject matter experts to determine applicability
• Leads a centralized Reliability Standards Compliance monitoring and reporting program to assure Seminole's auditable compliance with FERC, NERC & FRCC standards as well as FERC Standards of Conduct.
• Manages complex compliance assessments, documents compliance status, and makes recommendations on corrective action required to achieve compliance with NERC Reliability Standards.
• Manages corporate activities during all NERC reliability standards compliance monitoring functions including on-site audits, spot checks, and self-certifications.
• Participates in industry forums and committees to improve overall compliance with NERC and FERC requirements
• Ensures Seminole is complying with all compliance guidelines and regulations set forth by regulatory agencies.
• Advises various departments on records retention issues related to federal, state, and local laws and regulations.
• Archives historical data/records or ensures their destruction, as necessary.
• Assists in the development and maintenance of relevant training materials for the Internal Compliance Program.
• Assists with the evaluation & preparation of procedural documentation, ongoing monitoring, testing, and remediation.
• Coordinates with management to address potential areas of non-compliance and anticipate future compliance requirements.
• Develops, enhances, and operationalizes enterprise-level privacy policies, processes and controls to mitigate risk and comply with applicable laws and regulations.
• Drafts information governance and compliance related plans, procedures, policies, and practices.
• Ensures compliance with financial, legal or administrative requirements and regulations.
• Ensures data integrity by performing data analysis and identification of anomalies.
• Ensures the regulatory training of all employees and contractors (including HIPAA training).
• Establishes and maintains effective relationships with local industry, regional entities, and internal stakeholders to allow for effective achievement of business goals and compliance with program requirements.
• Evaluates & prepares procedural documentation, ongoing monitoring, testing, and remediation related to compliance
• Implements and monitors access controls, security controls for records management, and ensures data controls for confidential or protected information (including information protected by CAs/NDAs).
• Implements systematic continuous improvements of compliance policies, procedures, training materials, and asset lists.
• Leads the design, development, implementation, and maintenance of the information governance program.
• Leads the development and ongoing management of privacy programs across the company to ensure compliance with data privacy requirements.
• Organizes, classifies and indexes records so that records are easily accessible when needed.
• Oversees migration and onboarding of paper to electronic record-keeping.
• Oversees the review, update, and approval of corporate procedures.
• Participates in addressing requests with regional regulatory agencies and internal departments to ensure that compliance issues are addressed in a timely manner.
• Participates in compliance monitoring activities such as audits, spot checks, compliance self- assessments and self-certification.
• Participates in coordination of mandatory filings for federal, state, and local regulatory agencies.
• Participates in meetings with senior staff and management to identify and address potential areas of non-compliance and anticipate future compliance requirements.
• Participates in the coordination of daily activities in the compliance department, including addressing incoming calls and requests for information
• Participates in the coordination of requests with regional regulatory agencies and internal departments to ensure compliance issues are addressed in a timely manner.
• Participates with team of personnel in the performance of audits, surveillances, and assessments.
• Provides corporate governance for Shady Hills Combined Cycle Facility (SHCCF) including delegations of authority, required documentation, and storage locations.
• Provides leadership and direction in the planning, development, organization, coordination, implementation, and review of corporate Internal Compliance Program.
• Provides litigation support for legal holds and discovery production pursuant to direction from counsel.
• Provides training to staff who require access or have responsibility for maintaining records.
• Represents organization at external meetings at the regional and federal level.
• Upgrades and implements new methods, procedures, and equipment to assure maximum user satisfaction for records management.
• NERC Compliance: Performs NERC Compliance Program roles if/as designated in Seminole's Standard Ownership Matrix (SOM) including ongoing evidence retention in "audit-ready" form. You should also be familiar with Seminole's Enterprise Internal Compliance Program (ENT-GCD-RGC-EP-054) to further your understanding of Seminole's compliance program and your duties and responsibilities in the SOM.