Manager Cybersecurity Compliance

PPL Corporation•Louisville, KY

3h•Hybrid

About The Position

As one of the largest investor-owned utility companies in the United States, PPL Corporation (NYSE: PPL), is committed to creating long-term, sustainable value for our 3.5 million customers, our shareowners and the communities we serve. Our high-performing regulated utilities — PPL Electric Utilities, Louisville Gas and Electric, Kentucky Utilities and Rhode Island Energy — provide an outstanding experience for our customers, consistently ranking among the best utilities in the nation. PPL’s companies are also addressing challenges head-on by investing in new infrastructure and technology that is creating a smarter, more reliable and resilient energy grid. We are committed to doing our part to advance a cleaner energy future and drive innovation that enables us to achieve net-zero carbon emissions by 2050 while maintaining energy reliability and affordability for the customers and communities we serve. PPL is a positive force in the cities and towns where we do business, providing support for programs and organizations that empower the success of future generations by helping to build and maintain strong, diverse communities today. Overview PLEASE NOTE: this is a Hybrid role - on premise three times a week to one of our local offices in Louisville, KY; Allentown, PA or Providence, RI. The Cybersecurity organization advances the overall state of security at PPL through critical initiatives and coordination of large security and customer-focused projects. The organization builds and procures technologies, tools, and processes to better enable teams at PPL to develop secure platforms and protect data and systems with appropriate security controls. IT Cybersecurity also develops systems to monitor and respond to attacks against our systems, provides educational awareness on security best practices, and ensures data sharing relationships with third parties securely protect PPL information. The Manager-Cybersecurity Compliance leads a motivated cybersecurity team responsible for developing and implementing policies, procedures, technologies, and programs to maintain, demonstrate and improve IT security compliance. Working closely with the business and IT organization, implement and maintain compliance programs for IT NERC Critical Infrastructure Protection (CIP) Reliability Standards, Sarbanes-Oxley (SOX) Controls & Regulatory Compliance for the IT department, the Transportation Security Administration (TSA) security directive for natural gas pipeline security, and other cybersecurity compliance regulations, directives, and frameworks. This position is a manager level, requiring a senior compliance person with experience in negotiation, policy creation and advocacy. #INDPPL LI-Hy

Requirements

Bachelor's degree.
8 or more years of experience in IT Audit, Compliance, Cybersecurity or related field.
Two or more years of formal leadership experience.
Experience with NERC CIP or SOX regulatory requirements, such as standards development, controls framework development, or compliance.
Experience with applying compliance frameworks, to successfully comply with security policies, standards, and guidelines.
Proven experience establishing, managing, and validating compliance requirements with internal and external parties.
Experience creating, implementing, and documenting internal processes and technology to drive compliance, efficiency, and education.
Experience in examining and evaluating internal controls based on regulatory requirements to ensure adherence to the requirements is performed.
Effective written, verbal, and interpersonal communication skills along with outstanding attention to detail with dedication to encouraging a culture of compliance and security.
Critical thinking skills with the ability to identify and solve complex problems.
Working knowledge of security related frameworks and activities including, but not limited to, NIST Cybersecurity Framework, SOC 1, SOC 2, etc.

Nice To Haves

Experience in developing and implementing NERC CIP or SOX compliance practices and processes.
Related work experience leading, building, and supporting compliance programs as a technical resource and owner that champions the vision for process improvements.
Experience in developing and implementing IT Cybersecurity governance practices and processes.
Knowledge and experience with Information Technology (IT) and Operational Technology (OT) equipment and infrastructure.
Master's degree in related technical discipline or MBA degree.
Relevant technical and security certifications such as CISSP, CISM, CISA, CCSP.

Responsibilities

Drives the creation and implementation of the compliance strategic direction, including the development and maintenance of the IT Cybersecurity compliance programs for NERC CIP, SOX and TSA to mitigate the company’s cybersecurity related regulatory compliance risks.
Provides advice and counsel to other business and operations organizations in cybersecurity regulatory compliance requirements, including standards, policies, procedures and controls.
Drives complex problem analysis and makes recommendations for how to advance PPL’s cybersecurity compliance profile and culture with a team of motivated individuals.
Leads or assists team members in the identification, investigation and resolution of non-compliance incidents.
Provides oversight in developing, implementing, and evaluating project plans, goals, and timelines for the implementation of internal controls across all applicable standards.
Balances security best practices and business drivers against framework requirements, business risk, and impact to make recommendations that minimize PPL’s risk profile.
Leads teams in regulatory audits, spot-checks, and self-certifications including mock audits.
Assists in preparing for compliance audits where responsibilities include developing Reliability Standard Audit Worksheets (RSAWs) and compiling supporting evidentiary documentation.
Oversees and coordinates event and root cause analysis to identify gaps in controls including advising and supporting management in defining appropriate remedial actions and tracking.
Collaborates with applicable business areas and with IT groups to identify and implement technologies to automate or streamline compliance monitoring, reporting processes, or workflow automations.
Remains vigilant to new compliance concerns and partners with others, as necessary, to assist with events as they arise.
Develops and updates IT policies and procedures to provide oversight and guidance in regard to compliance responsibilities.
Prepares and delivers metrics, briefings, and training to represent the cybersecurity compliance program.
Tracks developments and participates with general and industry groups, monitors evolving cybersecurity regulatory landscape, may participate in industry cybersecurity standards development.