Security Analyst III
This operational compliance position undertakes comprehensive ownership of activities, processes, procedures, documentation, and evidence procurement as required by the Duke Energy IT503 Cybersecurity Program and NERC CIP Reliability Standards to ensure various teams and assets within IT Security satisfy compliance requirements.
• Performs operational activities required to fulfill IT503 & NERC CIP standards.
• Performs ongoing comprehensive maintenance of existing documentation, processes, procedures and activities.
• Identifies areas of concern and works with leadership team to address.
• Key role in all audit preparation activities
• Ensures time sensitive compliance activities and dates are met.
• Trains teams on key aspects and implications of compliance requirements.
• Represents Cyber Security organization professionally with other IT groups, compliance organizations, leadership team, and internal business partners.
• Executes activities that support and fulfill compliance program requirements.
• Forecasts and documents compliance activity time requirements.
• Works with IT503/NERC CIP subject matter experts (SME) when providing input on future requirements and develops compliance roadmap.
• Works with IT503/NERC CIP subject matter experts (SME) when providing recommendations and documentation when working on projects with NERC CIP impact.
• Works with subject matter experts (SME) for relevant IT503 & NERC CIP standards interpretation.
• Acts as the compliance monitor for configuration changes related to in-scope NERC CIP assets.
Basic Desired Qualifications
1 or more years of operational experience in Information Technology
1 year cyber security experience OR a valid CompTIA Security+, CEH, GSEC certification in lieu of experience
• Technical aptitude related to IP based devices and systems.
• 2 years cyber security experience
• Proven ability to speak and write about compliance requirements.
• Demonstrated commitment to personal and team success.
• Ability to perform self-directed work.
• Ability to carry out work responsibilities with minimal supervision.
• Ability to manage multiple tasks and assignments.
• Excellent interpersonal skills with the ability and willingness to share information knowledge transfer to others.
• Increased availability as required especially during audit prep activities and audits.
• Firewall management experience.
• Experience with Microsoft SharePoint
• 1-year experience with NERC CIP compliance requirements
• Robust IT change management experience
• Robust IT503 change management experience
Brooksource provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, national origin, age, sex, citizenship, disability, genetic information, gender, sexual orientation, gender identity, marital status, amnesty or status as a covered veteran in accordance with applicable federal, state, and local laws.