TOC Cybersecurity Governance & Risk Analyst
About The Position
The Telecom Operations Compliance (TOC) team provides delivery, validation, and business area support throughout the lifecycle of commissioned Telecom cyber assets to support the NERC CIP and TSA compliance programs. The successful candidate will support the NERC Refresh Project and must possess or develop a strong understanding of North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) reliability standards, the Duke Energy IT503 Cybersecurity Program, and generate evidence required to demonstrate compliance with both. Keen attention to detail, coupled with a continuous questioning attitude is essential. The individual is expected to be competent in the use of compliance concepts and procedures, and demonstrate critical thinking skills to identify problems, develop solutions, and take actions to carry out processes.
Requirements
- Bachelor's degree in a related discipline
- In addition to required degree, two (2) years minimum of related work experience
- In lieu of Bachelor's degree AND two (2) years minimum of related work experience listed above, High School/GED AND six (6) years minimum related work experience
- 2+ years utility, cyber security, auditing, compliance, regulatory or related experience.
Nice To Haves
- Previous Duke Energy experience
- Excellent organization, communication, and interpersonal skills
- Strong team player with the ability to effectively manage multiple tasks and assignments
- Understanding of NERC Standards
- Knowledge of risk management processes (e.g., methods for assessing and mitigating risk)
- Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy
- Demonstrates good listening skills and puts forth the effort to understand other points of view
- Has the ability to manage confidential information with a high degree of integrity
Responsibilities
- Demonstrates working knowledge of IT and Compliance policy, standards, processes, controls and functional areas
- Ability to recognize a possible compliance violation and take appropriate action to report the incident as required
- Support device cutover activities for the Telecom NERC Refresh Project
- Generate, review, and store the required compliance evidence
- Engage with project team to understand potential NERC CIP impacts and provide guidance to ensure compliance
- Effectively uses skills and experience to identify and improve processes to meet regulatory compliance requirements
- Ability to develop Ansible playbooks
- Demonstrates effective communication skills when presenting evidence to either internal or external audit teams
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Entry Level
