EMS Compliance Manager

About The Position

Requirements

• Bachelor’s or advanced degree in the field of computer science, engineering, information systems and cyber security training, or significant prior experience in information security or information security compliance assurance / auditing required.
• Knowledge, understanding, and experience with NERC CIP Standards, SOX and cyber security audit evidence requirements and best practices required.
• Substantial knowledge and understanding of cyber security concepts and best practices required; CISSP, CISM, or CISA certification preferred.
• Understanding of technology in control systems in real time and near real time environments required.
• Knowledge and understanding of bulk power operations required.
• Knowledge and understanding of disaster recovery and business continuity for real and near real time systems required.
• Working knowledge and understanding of existing and emerging technologies and industry cyber security concepts and practices is required. Ability to determine their impact on cyber security compliance risk and their potential applications and compliance controls required.
• Demonstrated ability to provide direction, empower, motivate, and develop others required.
• Strong oral and written communications skills.
• Strong organizational and documentation skills.
• Strong facilitation & meeting management skills.
• Strong project management experience.
• Strong prioritization and reprioritization skills
• Flexibility, stress tolerance, and integrity
• Ability to communicate issues, policies, and changes clearly, concisely, and effectively at all levels.
• Ability to bring consensus and buy-in among people with different views and agendas and to manage productively in a fast-paced, constantly changing technical environment.
• Ability to manage and prioritize multiple projects and produce timely results.
• Ability to attract, hire, develop and manage a highly effective, diverse workforce of technical individuals highly skilled in required disciplines.
• Ability to establish and maintain excellent working relationships/partnerships with the management team throughout the organization, as well as external peers, strategic vendors and suppliers.
• Ability to present recommendations to executive management and system sponsors and influence outcomes that are beneficial for Southern Company’s Transmission organization.

Nice To Haves

• CISSP, CISM, or CISA certification preferred.
• Experience in developing and monitoring compliance assurance controls for the cyber security and protection of real time operational transmission systems preferred.

Responsibilities

• Provide consistent ongoing performance feedback, leadership and appropriate developmental opportunities for staff members.
• Manage activities in a manner to ensure success with audits, compliance reviews, and reporting for Sarbanes-Oxley, NERC CIP, and Internal Auditing.
• Lead the periodic review of all EMS policy and procedure documentation. Provide for training as needed for any new or updated policies.
• Ensure data retention/retrieval/access in compliance with FERC orders.
• Manage the organization as a business with emphasis on effective planning, budgeting and cost control that meets customer needs in a changing business environment.
• Review processes and procedures and documentation to identify and implement changes that enhance EMS’s ability to generate consistent Change Control and Configuration Management documentation as part of normal activities.
• Define and implement processes to ensure vendor releases are evaluated, tested and documented in appropriate time frames prior to deployment.
• Ensure coordination across multiple EMS Teams to execute appropriate testing.
• Review and coordinate the evaluation of products and tools which enhance the overall quality assurance and testing program.
• Ensure the design and implementation of long-term strategic goals and short-term tactical plans for EMS Compliance and QA.
• Ensure new products and technologies conform to EMS compliance policies, standards, and best practices.
• Provide leadership for the EMS SOX internal controls testing, external audits, periodic policy compliance reviews and compliance related information collection and dissemination.
• Develop, monitor, and maintain documentation associated with NERC CIP standards compliance to produce and archive consistent and accurate documentation in accordance with EMS and Southern Co policies.
• Provide leadership, research vision, strategic interpretation, and technology development to ensure that EMS Systems comply with existing and future NERC CIP requirements and/or other Federal regulations.
• Participate in applicable industry working groups to contribute and influence industry direction.
• Maintain knowledge of information security concepts, technologies and practices.

Benefits

• competitive base salary
• annual incentive awards for eligible employees
• health, welfare and retirement benefits designed to support physical, financial, and emotional/social well-being
• incentive program