IT Security Analyst

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Security, and/or a related field or an equivalent level of work related experience.
• 2 or more years of work experience in a compliance or audit focused position or equivalent (Intermediate)
• 5 or more years of work experience in a compliance or audit focused position or equivalent (Senior)
• Experience with NERC CIP regulatory requirements, such as standards development, controls framework development, or compliance.
• Experience with applying compliance frameworks, to successfully comply with security policies, standards, and guidelines.
• Experience in examining and evaluating internal controls based on regulatory requirements to ensure adherence to the requirements is performed.
• Proven experience establishing, managing, and validating compliance requirements with internal and external parties.
• Experience creating, implementing, and documenting internal processes and technology to enhance compliance, efficiency, and education.
• Understanding of requirements gathering, discovery, service mapping, problem management, asset management, project management, and service catalogs as they relate to regulatory compliance.
• Experience preparing and presenting complex topics to non-technical audiences, at various levels within the organization.
• Effective written, verbal, and interpersonal communication skills along with outstanding attention to detail with dedication to encouraging a culture of compliance and security.
• Critical thinking skills with the ability to identify and solve complex problems with limited managerial oversight.
• Demonstrated ability to lead projects and assignments and perform multiple activities concurrently.
• Working knowledge of security related frameworks and activities including, but not limited to, NIST Cybersecurity Framework, SOC 1, SOC 2, etc.
• Collaborative and effective in cross-functional team environments.
• Strong analytical skills to assess risks and vulnerabilities in complex systems.

Responsibilities

• Participates in compliance activities including providing consulting assistance with business areas and IT groups for cybersecurity compliance standards, policies, procedures, and measures.
• Performs assessments, helps the organization institute, and monitor compliance with cybersecurity framework and regulatory requirements.
• Supports teams in regulatory audits, spot-checks, and self-certifications including mock audits.
• Assists in preparing for compliance audits where responsibilities include developing Reliability Standard Audit Worksheets (RSAWs) and compiling supporting evidentiary documentation.
• Collaborates with relevant stakeholders in the development of audit responses and remediation plans for any identified findings.
• Coordinates event and root cause analysis to identify gaps in controls including advising and supporting management in defining appropriate remedial actions and tracking.
• Provides high level research on internal projects, recommending strategic directions and plans that address company-wide security issues. This includes projects related to CIP implementations.
• Maintains accurate and up-to-date documentation related to NERC CIP Compliance, and other compliance frameworks.
• Balances security best practices and business drivers against framework requirements, business risk, and impact to make recommendations that minimize PPL’s risk profile.
• Plays a role in complex problem analysis and makes recommendations for how to advance PPL’s cybersecurity compliance profile and culture with a team of motivated individuals.
• Contributes to developing, implementing, and evaluating project plans, goals, and timelines for the implementation of internal controls across all applicable standards.
• Effectively communicates with clients, peers and management in security matters in both verbal and written form.
• Identifies opportunities for continuous improvement in Cybersecurity’s compliance program.
• Performs other duties as assigned.